FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-31 06:42:53 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
dc8c08c7-1e7c-11db-88cf-000c6ec775d9	apache -- mod_rewrite buffer overflow vulnerability The Apache Software Foundation and The Apache HTTP Server Project reports: An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team. This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics: The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1) The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE). Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally. The Apache HTTP Server project thanks Mark Dowd of McAfee Avert Labs for the responsible reporting of this vulnerability. Discovery 2006-07-27 Entry 2006-07-28 Modified 2006-11-01 apache >= 1.3.28 lt 1.3.36_1 >= 2.0.46 lt 2.0.58_2 >= 2.2.0 lt 2.2.2_1 apache+mod_perl >= 1.3.28 lt 1.3.36_1 apache+ipv6 >= 1.3.28 lt 1.3.37 apache_fp >= 0 ru-apache >= 1.3.28 lt 1.3.37+30.23 ru-apache+mod_ssl >= 1.3.28 lt 1.3.34.1.57_2 apache+ssl >= 1.3.28 lt 1.3.34.1.57_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 >= 1.3.28 lt 1.3.36+2.8.27_1 395412 CVE-2006-3747 http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955
cae01d7b-110d-11df-955a-00219b0fc4d8	apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long) Apache ChangeLog reports: Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. Discovery 2009-06-30 Entry 2010-02-03 Modified 2010-02-03 apache < 1.3.42 apache+mod_perl < 1.3.42 apache+ipv6 < 1.3.42 apache_fp >= 0 ru-apache < 1.3.42+30.23 ru-apache+mod_ssl < 1.3.42 apache+ssl < 1.3.42.1.57_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.41+2.8.27_2 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010 http://www.security-database.com/detail.php?alert=CVE-2010-0010 http://security-tracker.debian.org/tracker/CVE-2010-0010 http://www.vupen.com/english/Reference-CVE-2010-0010.php

VuXML ID

Description

dc8c08c7-1e7c-11db-88cf-000c6ec775d9

apache -- mod_rewrite buffer overflow vulnerability

The Apache Software Foundation and The Apache HTTP Server Project reports:

An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.

Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team.

This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics:

The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1)

The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE).

Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally.

The Apache HTTP Server project thanks Mark Dowd of McAfee Avert Labs for the responsible reporting of this vulnerability.

Discovery 2006-07-27
Entry 2006-07-28
Modified 2006-11-01
apache

>= 1.3.28 lt 1.3.36_1

>= 2.0.46 lt 2.0.58_2

>= 2.2.0 lt 2.2.2_1

apache+mod_perl

>= 1.3.28 lt 1.3.36_1

apache+ipv6

>= 1.3.28 lt 1.3.37

apache_fp

>= 0

ru-apache

>= 1.3.28 lt 1.3.37+30.23

ru-apache+mod_ssl

>= 1.3.28 lt 1.3.34.1.57_2

apache+ssl

>= 1.3.28 lt 1.3.34.1.57_2

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6

>= 1.3.28 lt 1.3.36+2.8.27_1

395412
CVE-2006-3747
http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955

cae01d7b-110d-11df-955a-00219b0fc4d8

apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)

Apache ChangeLog reports:

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

Discovery 2009-06-30
Entry 2010-02-03
Modified 2010-02-03
apache

< 1.3.42

apache+mod_perl

< 1.3.42

apache+ipv6

< 1.3.42

apache_fp

>= 0

ru-apache

< 1.3.42+30.23

ru-apache+mod_ssl

< 1.3.42

apache+ssl

< 1.3.42.1.57_2

< 1.3.41+2.8.27_2

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010
http://www.security-database.com/detail.php?alert=CVE-2010-0010
http://security-tracker.debian.org/tracker/CVE-2010-0010
http://www.vupen.com/english/Reference-CVE-2010-0010.php