FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-27 06:34:59 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d8c901ff-0f0f-11e1-902b-20cf30e32f6d	Apache 1.3 -- mod_proxy reverse proxy exposure Apache HTTP server project reports: An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue! Discovery 2011-10-05 Entry 2011-11-14 apache < 1.3.43 apache+ssl < 1.3.43.1.59_2 apache+ipv6 < 1.3.43 apache+mod_perl < 1.3.43 apache+mod_ssl < 1.3.41+2.8.31_4 apache+mod_ssl+ipv6 < 1.3.41+2.8.31_4 ru-apache-1.3 < 1.3.43+30.23_1 ru-apache+mod_ssl < 1.3.43+30.23_1 CVE-2011-3368 http://httpd.apache.org/security/vulnerabilities_13.html http://seclists.org/fulldisclosure/2011/Oct/232
cae01d7b-110d-11df-955a-00219b0fc4d8	apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long) Apache ChangeLog reports: Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. Discovery 2009-06-30 Entry 2010-02-03 Modified 2010-02-03 apache < 1.3.42 apache+mod_perl < 1.3.42 apache+ipv6 < 1.3.42 apache_fp >= 0 ru-apache < 1.3.42+30.23 ru-apache+mod_ssl < 1.3.42 apache+ssl < 1.3.42.1.57_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.41+2.8.27_2 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010 http://www.security-database.com/detail.php?alert=CVE-2010-0010 http://security-tracker.debian.org/tracker/CVE-2010-0010 http://www.vupen.com/english/Reference-CVE-2010-0010.php

VuXML ID

Description

d8c901ff-0f0f-11e1-902b-20cf30e32f6d

Apache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue!

Discovery 2011-10-05
Entry 2011-11-14
apache

< 1.3.43

apache+ssl

< 1.3.43.1.59_2

apache+ipv6

< 1.3.43

apache+mod_perl

< 1.3.43

apache+mod_ssl

< 1.3.41+2.8.31_4

apache+mod_ssl+ipv6

< 1.3.41+2.8.31_4

ru-apache-1.3

< 1.3.43+30.23_1

ru-apache+mod_ssl

< 1.3.43+30.23_1

CVE-2011-3368
http://httpd.apache.org/security/vulnerabilities_13.html
http://seclists.org/fulldisclosure/2011/Oct/232

cae01d7b-110d-11df-955a-00219b0fc4d8

apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)

Apache ChangeLog reports:

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

Discovery 2009-06-30
Entry 2010-02-03
Modified 2010-02-03
apache

< 1.3.42

apache+mod_perl

< 1.3.42

apache+ipv6

< 1.3.42

apache_fp

>= 0

ru-apache

< 1.3.42+30.23

ru-apache+mod_ssl

< 1.3.42

apache+ssl

< 1.3.42.1.57_2

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6

< 1.3.41+2.8.27_2

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010
http://www.security-database.com/detail.php?alert=CVE-2010-0010
http://security-tracker.debian.org/tracker/CVE-2010-0010
http://www.vupen.com/english/Reference-CVE-2010-0010.php