VuXML ID | Description |
eb9212f7-526b-11de-bbf2-001b77d09812 | apr -- multiple vulnerabilities
Secunia reports:
Some vulnerabilities have been reported in APR-util, which
can be exploited by malicious users and malicious people to
cause a DoS (Denial of Service).
A vulnerability is caused due to an error in the processing
of XML files and can be exploited to exhaust all available
memory via a specially crafted XML file containing a
predefined entity inside an entity definition.
A vulnerability is caused due to an error within the
"apr_strmatch_precompile()" function in
strmatch/apr_strmatch.c, which can be exploited to crash an
application using the library.
RedHat reports:
A single NULL byte buffer overflow flaw was found in
apr-util's apr_brigade_vprintf() function.
Discovery 2009-06-05 Entry 2009-06-08 apr
< 1.3.5.1.3.7
apache
ge 2.2.0 lt 2.2.11_5
ge 2.0.0 lt 2.0.63_3
35221
CVE-2009-1955
CVE-2009-1956
CVE-2009-0023
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://secunia.com/advisories/35284/
https://bugzilla.redhat.com/show_bug.cgi?id=3D504390
|
dc8c08c7-1e7c-11db-88cf-000c6ec775d9 | apache -- mod_rewrite buffer overflow vulnerability
The Apache Software Foundation and The Apache HTTP Server
Project reports:
An off-by-one flaw exists in the Rewrite module,
mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0
since 2.0.46, and 2.2 since 2.2.0.
Depending on the manner in which Apache HTTP Server was
compiled, this software defect may result in a
vulnerability which, in combination with certain types of
Rewrite rules in the web server configuration files, could
be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of
web server processes) or potentially allow arbitrary code
execution. This issue has been rated as having important
security impact by the Apache HTTP Server Security Team.
This flaw does not affect a default installation of
Apache HTTP Server. Users who do not use, or have not
enabled, the Rewrite module mod_rewrite are not affected
by this issue. This issue only affects installations using
a Rewrite rule with the following characteristics:
- The RewriteRule allows the attacker to control the
initial part of the rewritten URL (for example if the
substitution URL starts with $1)
- The RewriteRule flags do NOT include any of the
following flags: Forbidden (F), Gone (G), or NoEscape
(NE).
Please note that ability to exploit this issue is
dependent on the stack layout for a particular compiled
version of mod_rewrite. If the compiler used to compile
Apache HTTP Server has added padding to the stack
immediately after the buffer being overwritten, it will
not be possible to exploit this issue, and Apache HTTP
Server will continue operating normally.
The Apache HTTP Server project thanks Mark Dowd of McAfee
Avert Labs for the responsible reporting of this
vulnerability.
Discovery 2006-07-27 Entry 2006-07-28 Modified 2006-11-01 apache
ge 1.3.28 lt 1.3.36_1
ge 2.0.46 lt 2.0.58_2
ge 2.2.0 lt 2.2.2_1
apache+mod_perl
ge 1.3.28 lt 1.3.36_1
apache+ipv6
ge 1.3.28 lt 1.3.37
apache_fp
ge 0
ru-apache
ge 1.3.28 lt 1.3.37+30.23
ru-apache+mod_ssl
ge 1.3.28 lt 1.3.34.1.57_2
apache+ssl
ge 1.3.28 lt 1.3.34.1.57_2
apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6
ge 1.3.28 lt 1.3.36+2.8.27_1
395412
CVE-2006-3747
http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955
|
c115271d-602b-11dc-898c-001921ab2fa4 | apache -- multiple vulnerabilities
Apache HTTP server project reports:
The following potential security flaws are addressed:
- CVE-2007-3847: mod_proxy: Prevent reading past the end of a
buffer when parsing date-related headers.
- CVE-2007-1863: mod_cache: Prevent a segmentation fault if
attributes are listed in a Cache-Control header without any
value.
- CVE-2007-3304: prefork, worker, event MPMs: Ensure that the
parent process cannot be forced to kill processes outside its
process group.
- CVE-2006-5752: mod_status: Fix a possible XSS attack against
a site with a public server-status page and ExtendedStatus
enabled, for browsers which perform charset "detection".
Reported by Stefan Esser.
- CVE-2006-1862: mod_mem_cache: Copy headers into longer lived
storage; header names and values could previously point to
cleaned up storage.
Discovery 2007-09-07 Entry 2007-09-11 apache
gt 2.2.0 lt 2.2.6
gt 2.0.0 lt 2.0.61
CVE-2007-3847
CVE-2007-1863
CVE-2006-5752
CVE-2007-3304
|
7f6108d2-cea8-11e0-9d58-0800279895ea | apache -- Range header DoS vulnerability
Apache HTTP server project reports:
A denial of service vulnerability has been found in the way
the multiple overlapping ranges are handled by Apache HTTPD
server.
Discovery 2011-08-24 Entry 2011-08-30 Modified 2011-09-01 apache
apache-event
apache-itk
apache-peruser
apache-worker
gt 2.* lt 2.2.20
CVE-2011-3192
https://people.apache.org/~dirkx/CVE-2011-3192.txt
https://svn.apache.org/viewvc?view=revision&revision=1161534
https://svn.apache.org/viewvc?view=revision&revision=1162874
|
4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0 | apache -- multiple vulnerabilities
CVE MITRE reports:
An exposure was found when using mod_proxy in reverse proxy
mode. In certain configurations using RewriteRule with proxy
flag or ProxyPassMatch, a remote attacker could cause the reverse
proxy to connect to an arbitrary server, possibly disclosing
sensitive information from internal web servers not directly
accessible to attacker.
Integer overflow in the ap_pregsub function in server/util.c in
the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through
2.2.21, when the mod_setenvif module is enabled, allows local
users to gain privileges via a .htaccess file with a crafted
SetEnvIf directive, in conjunction with a crafted HTTP request
header, leading to a heap-based buffer overflow.
An additional exposure was found when using mod_proxy in
reverse proxy mode. In certain configurations using RewriteRule
with proxy flag or ProxyPassMatch, a remote attacker could cause
the reverse proxy to connect to an arbitrary server, possibly
disclosing sensitive information from internal web servers
not directly accessible to attacker.
A flaw was found in mod_log_config. If the '%{cookiename}C' log
format string is in use, a remote attacker could send a specific
cookie causing a crash. This crash would only be a denial of
service if using a threaded MPM.
A flaw was found in the handling of the scoreboard. An
unprivileged child process could cause the parent process to
crash at shutdown rather than terminate cleanly.
A flaw was found in the default error response for status code
400. This flaw could be used by an attacker to expose
"httpOnly" cookies when no custom ErrorDocument is specified.
Discovery 2011-10-05 Entry 2012-01-31 apache
gt 2.* lt 2.2.22
CVE-2011-3368
CVE-2011-3607
CVE-2011-4317
CVE-2012-0021
CVE-2012-0031
CVE-2012-0053
|
de2bc01f-dc44-11e1-9f4d-002354ed89bc | Apache -- Insecure LD_LIBRARY_PATH handling
Apache reports:
Insecure handling of LD_LIBRARY_PATH was found that could lead to
the current working directory to be searched for DSOs. This could
allow a local user to execute code as root if an administrator runs
apachectl from an untrusted directory.
Discovery 2012-03-02 Entry 2012-08-01 apache
le 2.2.22_5
apache-event
le 2.2.22_5
apache-itk
le 2.2.22_5
apache-peruser
le 2.2.22_5
apache-worker
le 2.2.22_5
CVE-2012-0883
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.2
|
f1892066-0e74-11de-92de-000bcdc1757a | apache -- Cross-site scripting vulnerability
CVE Mitre reports:
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c
in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,
allows remote attackers to inject arbitrary web script or HTML via a
wildcard in the last directory component in the pathname in an FTP
URI.
Discovery 2008-07-25 Entry 2009-03-11 apache
gt 2.2.0 lt 2.2.9_2
gt 2.0.0 lt 2.0.63_2
CVE-2008-2939
http://www.rapid7.com/advisories/R7-0033.jsp
|