FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d8c901ff-0f0f-11e1-902b-20cf30e32f6d	Apache 1.3 -- mod_proxy reverse proxy exposure Apache HTTP server project reports: An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue! Discovery 2011-10-05 Entry 2011-11-14 apache < 1.3.43 apache+ssl < 1.3.43.1.59_2 apache+ipv6 < 1.3.43 apache+mod_perl < 1.3.43 apache+mod_ssl < 1.3.41+2.8.31_4 apache+mod_ssl+ipv6 < 1.3.41+2.8.31_4 ru-apache-1.3 < 1.3.43+30.23_1 ru-apache+mod_ssl < 1.3.43+30.23_1 CVE-2011-3368 http://httpd.apache.org/security/vulnerabilities_13.html http://seclists.org/fulldisclosure/2011/Oct/232
de2bc01f-dc44-11e1-9f4d-002354ed89bc	Apache -- Insecure LD_LIBRARY_PATH handling Apache reports: Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory. Discovery 2012-03-02 Entry 2012-08-01 apache <= 2.2.22_5 apache-event <= 2.2.22_5 apache-itk <= 2.2.22_5 apache-peruser <= 2.2.22_5 apache-worker <= 2.2.22_5 CVE-2012-0883 http://httpd.apache.org/security/vulnerabilities_24.html http://www.apache.org/dist/httpd/CHANGES_2.4.2

VuXML ID

Description

d8c901ff-0f0f-11e1-902b-20cf30e32f6d

Apache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue!

Discovery 2011-10-05
Entry 2011-11-14
apache

< 1.3.43

apache+ssl

< 1.3.43.1.59_2

apache+ipv6

< 1.3.43

apache+mod_perl

< 1.3.43

apache+mod_ssl

< 1.3.41+2.8.31_4

apache+mod_ssl+ipv6

< 1.3.41+2.8.31_4

ru-apache-1.3

< 1.3.43+30.23_1

ru-apache+mod_ssl

< 1.3.43+30.23_1

CVE-2011-3368
http://httpd.apache.org/security/vulnerabilities_13.html
http://seclists.org/fulldisclosure/2011/Oct/232

de2bc01f-dc44-11e1-9f4d-002354ed89bc

Apache -- Insecure LD_LIBRARY_PATH handling

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.

Discovery 2012-03-02
Entry 2012-08-01
apache

<= 2.2.22_5

apache-event

<= 2.2.22_5

apache-itk

<= 2.2.22_5

apache-peruser

<= 2.2.22_5

apache-worker

<= 2.2.22_5

CVE-2012-0883
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.2