FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7f6108d2-cea8-11e0-9d58-0800279895eaapache -- Range header DoS vulnerability

Apache HTTP server project reports:

A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by Apache HTTPD server.


Discovery 2011-08-24
Entry 2011-08-30
Modified 2011-09-01
apache
apache-event
apache-itk
apache-peruser
apache-worker
gt 2.* lt 2.2.20

CVE-2011-3192
https://people.apache.org/~dirkx/CVE-2011-3192.txt
https://svn.apache.org/viewvc?view=revision&revision=1161534
https://svn.apache.org/viewvc?view=revision&revision=1162874
e936d612-253f-11da-bc01-000e0c2e438aapache -- Certificate Revocation List (CRL) off-by-one vulnerability

Marc Stern reports an off-by-one vulnerability in within mod_ssl. The vulnerability lies in mod_ssl's Certificate Revocation List (CRL). If Apache is configured to use a CRL this could allow an attacker to crash a child process causing a Denial of Service.


Discovery 2005-07-12
Entry 2005-09-17
apache
gt 2.* lt 2.0.54_1

14366
CVE-2005-1268
4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0apache -- multiple vulnerabilities

CVE MITRE reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker.

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

An additional exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker.

A flaw was found in mod_log_config. If the '%{cookiename}C' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM.

A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly.

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified.


Discovery 2011-10-05
Entry 2012-01-31
apache
gt 2.* lt 2.2.22

CVE-2011-3368
CVE-2011-3607
CVE-2011-4317
CVE-2012-0021
CVE-2012-0031
CVE-2012-0053
651996e0-fe07-11d9-8329-000e0c2e438aapache -- http request smuggling

A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this vulnerability requires multiple carefully crafted HTTP requests, taking advantage of an caching server, proxy server, web application firewall etc. This only affects installations where Apache is used as HTTP proxy in combination with the following web servers:

  • IIS/6.0 and 5.0
  • Apache 2.0.45 (as web server)
  • apache 1.3.29
  • WebSphere 5.1 and 5.0
  • WebLogic 8.1 SP1
  • Oracle9iAS web server 9.0.2
  • SunONE web server 6.1 SP4

Discovery 2005-07-25
Entry 2005-07-26
Modified 2009-01-23
apache
< 1.3.33_2

gt 2.* lt 2.0.54_1

gt 2.1.0 lt 2.1.6_1

apache+ssl
< 1.3.33.1.55_1

apache+mod_perl
< 1.3.33_3

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6
< 1.3.33+2.8.22_1

apache_fp
gt 0

apache+ipv6
< 1.3.37

ru-apache
< 1.3.34+30.22

ru-apache+mod_ssl
< 1.3.34+30.22+2.8.25

14106
CVE-2005-2088
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
7b81fc47-239f-11d9-814e-0001020eed82apache2 -- SSL remote DoS

The Apache HTTP Server 2.0.51 release notes report that the following issues have been fixed:

A segfault in mod_ssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured. [CAN-2004-0751]

A potential infinite loop in mod_ssl which could be triggered given particular timing of a connection abort. [CAN-2004-0748]


Discovery 2004-07-07
Entry 2004-10-21
apache
gt 2.0 lt 2.0.51

11094
11154
CVE-2004-0748
CVE-2004-0751
http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134
762d1c6d-0722-11d9-b45d-000c41e2cdadapache -- apr_uri_parse IPv6 address handling vulnerability

The Apache Software Foundation Security Team discovered a programming error in the apr-util library function apr_uri_parse. When parsing IPv6 literal addresses, it is possible that a length is incorrectly calculated to be negative, and this value is passed to memcpy. This may result in an exploitable vulnerability on some platforms, including FreeBSD.


Discovery 2004-09-15
Entry 2004-09-15
apache
ge 2.0 lt 2.0.50_3

CVE-2004-0786
http://httpd.apache.org
f1892066-0e74-11de-92de-000bcdc1757aapache -- Cross-site scripting vulnerability

CVE Mitre reports:

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.


Discovery 2008-07-25
Entry 2009-03-11
apache
gt 2.2.0 lt 2.2.9_2

gt 2.0.0 lt 2.0.63_2

CVE-2008-2939
http://www.rapid7.com/advisories/R7-0033.jsp
282dfea0-3378-11d9-b404-000c6e8f12efapache2 multiple space header denial-of-service vulnerability

It is possible for remote attackers to cause a denial-of-service scenario on Apache 2.0.52 and earlier by sending an HTTP GET request with a MIME header containing multiple lines full of whitespaces.


Discovery 2004-11-01
Entry 2004-11-10
Modified 2004-11-11
apache
gt 2.* le 2.0.52_2

CVE-2004-0942
http://marc.theaimsgroup.com/?l=full-disclosure&m=109930632317208
4d49f4ba-071f-11d9-b45d-000c41e2cdadapache -- ap_resolve_env buffer overflow

SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files (the main `httpd.conf' and `.htaccess' files). According to a SITIC advisory:

The buffer overflow occurs when expanding ${ENVVAR} constructs in .htaccess or httpd.conf files. The function ap_resolve_env() in server/util.c copies data from environment variables to the character array tmp with strcat(3), leading to a buffer overflow.


Discovery 2004-09-15
Entry 2004-09-15
apache
ge 2.0 lt 2.0.50_3

CVE-2004-0747
http://lists.netsys.com/pipermail/full-disclosure/2004-September/026463.html
9fff8dc8-7aa7-11da-bf72-00123f589060apache -- mod_imap cross-site scripting flaw

The Apache HTTP Server Project reports:

A flaw in mod_imap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers.


Discovery 2005-11-01
Entry 2006-01-01
Modified 2009-01-23
apache
ge 1.3 lt 1.3.34_3

ge 2.0.35 lt 2.0.55_2

ge 2.1 lt 2.1.9_3

ge 2.2 lt 2.2.0_3

apache+mod_perl
< 1.3.34_1

apache_fp
ge 0

apache+ipv6
< 1.3.37

ru-apache
< 1.3.34+30.22_1

ru-apache+mod_ssl
< 1.3.34+30.22+2.8.25_1

apache+ssl
ge 1.3.0 lt 1.3.33.1.55_2

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6
< 1.3.34+2.8.25_1

CVE-2005-3352
15834
http://www.apacheweek.com/features/security-13
http://www.apacheweek.com/features/security-20
de2bc01f-dc44-11e1-9f4d-002354ed89bcApache -- Insecure LD_LIBRARY_PATH handling

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.


Discovery 2012-03-02
Entry 2012-08-01
apache
le 2.2.22_5

apache-event
le 2.2.22_5

apache-itk
le 2.2.22_5

apache-peruser
le 2.2.22_5

apache-worker
le 2.2.22_5

CVE-2012-0883
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.2
013fa252-0724-11d9-b45d-000c41e2cdadmod_dav -- lock related denial-of-service

A malicious user with DAV write privileges can trigger a null pointer dereference in the Apache mod_dav module. This could cause the server to become unavailable.


Discovery 2004-09-15
Entry 2004-09-15
apache
ge 2.0 lt 2.0.50_3

mod_dav
le 1.0.3_1

CVE-2004-0809
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183
eb9212f7-526b-11de-bbf2-001b77d09812apr -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in APR-util, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).

A vulnerability is caused due to an error in the processing of XML files and can be exploited to exhaust all available memory via a specially crafted XML file containing a predefined entity inside an entity definition.

A vulnerability is caused due to an error within the "apr_strmatch_precompile()" function in strmatch/apr_strmatch.c, which can be exploited to crash an application using the library.

RedHat reports:

A single NULL byte buffer overflow flaw was found in apr-util's apr_brigade_vprintf() function.


Discovery 2009-06-05
Entry 2009-06-08
apr
< 1.3.5.1.3.7

apache
ge 2.2.0 lt 2.2.11_5

ge 2.0.0 lt 2.0.63_3

35221
CVE-2009-1955
CVE-2009-1956
CVE-2009-0023
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://secunia.com/advisories/35284/
https://bugzilla.redhat.com/show_bug.cgi?id=3D504390
c115271d-602b-11dc-898c-001921ab2fa4apache -- multiple vulnerabilities

Apache HTTP server project reports:

The following potential security flaws are addressed:

  • CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers.
  • CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value.
  • CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group.
  • CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser.
  • CVE-2006-1862: mod_mem_cache: Copy headers into longer lived storage; header names and values could previously point to cleaned up storage.

Discovery 2007-09-07
Entry 2007-09-11
apache
gt 2.2.0 lt 2.2.6

gt 2.0.0 lt 2.0.61

CVE-2007-3847
CVE-2007-1863
CVE-2006-5752
CVE-2007-3304
dc8c08c7-1e7c-11db-88cf-000c6ec775d9apache -- mod_rewrite buffer overflow vulnerability

The Apache Software Foundation and The Apache HTTP Server Project reports:

An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.

Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team.

This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics:

  • The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1)
  • The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE).

Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally.

The Apache HTTP Server project thanks Mark Dowd of McAfee Avert Labs for the responsible reporting of this vulnerability.


Discovery 2006-07-27
Entry 2006-07-28
Modified 2006-11-01
apache
ge 1.3.28 lt 1.3.36_1

ge 2.0.46 lt 2.0.58_2

ge 2.2.0 lt 2.2.2_1

apache+mod_perl
ge 1.3.28 lt 1.3.36_1

apache+ipv6
ge 1.3.28 lt 1.3.37

apache_fp
ge 0

ru-apache
ge 1.3.28 lt 1.3.37+30.23

ru-apache+mod_ssl
ge 1.3.28 lt 1.3.34.1.57_2

apache+ssl
ge 1.3.28 lt 1.3.34.1.57_2

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6
ge 1.3.28 lt 1.3.36+2.8.27_1

395412
CVE-2006-3747
http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955