This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
013fa252-0724-11d9-b45d-000c41e2cdad | mod_dav -- lock related denial-of-service A malicious user with DAV write privileges can trigger a null pointer dereference in the Apache mod_dav module. This could cause the server to become unavailable. Discovery 2004-09-15 Entry 2004-09-15 apache ge 2.0 lt 2.0.50_3 mod_dav le 1.0.3_1 CVE-2004-0809 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183 |
09d418db-70fd-11d8-873f-0020ed76ef5a | Apache 1.3 IP address access control failure on some 64-bit platforms Henning Brauer discovered a programming error in Apache 1.3's mod_access that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a `deny from' IP address access control rule including a netmask to fail. Discovery 2004-03-07 Entry 2004-03-08 Modified 2004-03-12 apache < 1.3.29_2 apache+mod_ssl < 1.3.29+2.8.16_1 apache+ssl < 1.3.29.1.53_1 ru-apache < 1.3.29+30.19_1 ru-apache+mod_ssl < 1.3.29+30.19+2.8.16_1 CVE-2003-0993 http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47 http://www.apacheweek.com/features/security-13 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850 http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722 9829 |
282dfea0-3378-11d9-b404-000c6e8f12ef | apache2 multiple space header denial-of-service vulnerability It is possible for remote attackers to cause a denial-of-service scenario on Apache 2.0.52 and earlier by sending an HTTP GET request with a MIME header containing multiple lines full of whitespaces. Discovery 2004-11-01 Entry 2004-11-10 Modified 2004-11-11 apache gt 2.* le 2.0.52_2 CVE-2004-0942 http://marc.theaimsgroup.com/?l=full-disclosure&m=109930632317208 |
28a7310f-9855-11df-8d36-001aa0166822 | apache -- Remote DoS bug in mod_cache and mod_dav Apache ChangeLog reports:
Discovery 2010-07-21 Entry 2010-07-26 apache ge 2.2.0 lt 2.2.16 CVE-2010-1452 http://www.apache.org/dist/httpd/CHANGES_2.2.16 https://issues.apache.org/bugzilla/show_bug.cgi?id=49246 http://svn.apache.org/viewvc?view=revision&revision=966349 |
492f8896-70fa-11d8-873f-0020ed76ef5a | Apache 2 mod_ssl denial-of-service Joe Orton reports a memory leak in Apache 2's mod_ssl. A remote attacker may issue HTTP requests on an HTTPS port, causing an error. Due to a bug in processing this condition, memory associated with the connection is not freed. Repeated requests can result in consuming all available memory resources, probably resulting in termination of the Apache process. Discovery 2004-02-20 Entry 2004-03-08 Modified 2004-05-19 apache ge 2.0 le 2.0.48_3 CVE-2004-0113 http://www.apacheweek.com/features/security-20 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.100.2.11&r2=1.100.2.12 http://marc.theaimsgroup.com/?l=apache-cvs&m=107869699329638 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27106 9826 |
4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0 | apache -- multiple vulnerabilities CVE MITRE reports:
Discovery 2011-10-05 Entry 2012-01-31 apache gt 2.* lt 2.2.22 CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 |
4d49f4ba-071f-11d9-b45d-000c41e2cdad | apache -- ap_resolve_env buffer overflow SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files (the main `httpd.conf' and `.htaccess' files). According to a SITIC advisory:
Discovery 2004-09-15 Entry 2004-09-15 apache ge 2.0 lt 2.0.50_3 CVE-2004-0747 http://lists.netsys.com/pipermail/full-disclosure/2004-September/026463.html |
651996e0-fe07-11d9-8329-000e0c2e438a | apache -- http request smuggling A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this vulnerability requires multiple carefully crafted HTTP requests, taking advantage of an caching server, proxy server, web application firewall etc. This only affects installations where Apache is used as HTTP proxy in combination with the following web servers:
Discovery 2005-07-25 Entry 2005-07-26 Modified 2009-01-23 apache < 1.3.33_2 gt 2.* lt 2.0.54_1 gt 2.1.0 lt 2.1.6_1 apache+ssl < 1.3.33.1.55_1 apache+mod_perl < 1.3.33_3 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.33+2.8.22_1 apache_fp gt 0 apache+ipv6 < 1.3.37 ru-apache < 1.3.34+30.22 ru-apache+mod_ssl < 1.3.34+30.22+2.8.25 14106 CVE-2005-2088 http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf |
6e6a6b8a-2fde-11d9-b3a2-0050fc56d258 | apache mod_include buffer overflow vulnerability There is a buffer overflow in a function used by mod_include that may enable a local user to gain privileges of a httpd child. Only users that are able to create SSI documents can take advantage of that vulnerability. Discovery 2004-10-22 Entry 2004-11-06 apache < 1.3.33 apache+mod_ssl < 1.3.32+2.8.21_1 apache+mod_ssl+ipv6 < 1.3.32+2.8.21_1 apache+mod_perl le 1.3.31 apache+ipv6 < 1.3.33 apache+ssl le 1.3.29.1.55 ru-apache < 1.3.33+30.21 ru-apache+mod_ssl < 1.3.33+30.21+2.8.22 CVE-2004-0940 http://www.securitylab.ru/48807.html |
762d1c6d-0722-11d9-b45d-000c41e2cdad | apache -- apr_uri_parse IPv6 address handling vulnerability The Apache Software Foundation Security Team discovered a programming error in the apr-util library function apr_uri_parse. When parsing IPv6 literal addresses, it is possible that a length is incorrectly calculated to be negative, and this value is passed to memcpy. This may result in an exploitable vulnerability on some platforms, including FreeBSD. Discovery 2004-09-15 Entry 2004-09-15 apache ge 2.0 lt 2.0.50_3 CVE-2004-0786 http://httpd.apache.org |
7b81fc47-239f-11d9-814e-0001020eed82 | apache2 -- SSL remote DoS The Apache HTTP Server 2.0.51 release notes report that the following issues have been fixed:
Discovery 2004-07-07 Entry 2004-10-21 apache gt 2.0 lt 2.0.51 11094 11154 CVE-2004-0748 CVE-2004-0751 http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134 |
7f6108d2-cea8-11e0-9d58-0800279895ea | apache -- Range header DoS vulnerability Apache HTTP server project reports:
Discovery 2011-08-24 Entry 2011-08-30 Modified 2011-09-01 apache apache-event apache-itk apache-peruser apache-worker gt 2.* lt 2.2.20 CVE-2011-3192 https://people.apache.org/~dirkx/CVE-2011-3192.txt https://svn.apache.org/viewvc?view=revision&revision=1161534 https://svn.apache.org/viewvc?view=revision&revision=1162874 |
9fff8dc8-7aa7-11da-bf72-00123f589060 | apache -- mod_imap cross-site scripting flaw The Apache HTTP Server Project reports:
Discovery 2005-11-01 Entry 2006-01-01 Modified 2009-01-23 apache ge 1.3 lt 1.3.34_3 ge 2.0.35 lt 2.0.55_2 ge 2.1 lt 2.1.9_3 ge 2.2 lt 2.2.0_3 apache+mod_perl < 1.3.34_1 apache_fp ge 0 apache+ipv6 < 1.3.37 ru-apache < 1.3.34+30.22_1 ru-apache+mod_ssl < 1.3.34+30.22+2.8.25_1 apache+ssl ge 1.3.0 lt 1.3.33.1.55_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.34+2.8.25_1 CVE-2005-3352 15834 http://www.apacheweek.com/features/security-13 http://www.apacheweek.com/features/security-20 |
c115271d-602b-11dc-898c-001921ab2fa4 | apache -- multiple vulnerabilities Apache HTTP server project reports:
Discovery 2007-09-07 Entry 2007-09-11 apache gt 2.2.0 lt 2.2.6 gt 2.0.0 lt 2.0.61 CVE-2007-3847 CVE-2007-1863 CVE-2006-5752 CVE-2007-3304 |
c84dc9ad-41f7-11dd-a4f9-00163e000016 | apache -- multiple vulnerabilities Apache HTTP server project reports:
Discovery 2008-06-14 Entry 2008-06-24 apache gt 2.2.0 lt 2.2.9 CVE-2007-6420 CVE-2008-2364 http://www.apache.org/dist/httpd/Announcement2.2.html |
ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93 | apache -- heap overflow in mod_proxy A buffer overflow exists in mod_proxy which may allow an attacker to launch local DoS attacks and possibly execute arbitrary code. Discovery 2004-06-10 Entry 2004-09-19 Modified 2004-10-05 apache < 1.3.31_1 apache13-ssl le 1.3.29.1.53_2 apache13-modssl < 1.3.31+2.8.18_4 apache13+ipv6 le 1.3.29_2 apache13-modperl le 1.3.31 CVE-2004-0492 http://www.guninski.com/modproxy1.html |
cae01d7b-110d-11df-955a-00219b0fc4d8 | apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long) Apache ChangeLog reports:
Discovery 2009-06-30 Entry 2010-02-03 Modified 2010-02-03 apache < 1.3.42 apache+mod_perl < 1.3.42 apache+ipv6 < 1.3.42 apache_fp ge 0 ru-apache < 1.3.42+30.23 ru-apache+mod_ssl < 1.3.42 apache+ssl < 1.3.42.1.57_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.41+2.8.27_2 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010 http://www.security-database.com/detail.php?alert=CVE-2010-0010 http://security-tracker.debian.org/tracker/CVE-2010-0010 http://www.vupen.com/english/Reference-CVE-2010-0010.php |
d8c901ff-0f0f-11e1-902b-20cf30e32f6d | Apache 1.3 -- mod_proxy reverse proxy exposure Apache HTTP server project reports:
Discovery 2011-10-05 Entry 2011-11-14 apache < 1.3.43 apache+ssl < 1.3.43.1.59_2 apache+ipv6 < 1.3.43 apache+mod_perl < 1.3.43 apache+mod_ssl < 1.3.41+2.8.31_4 apache+mod_ssl+ipv6 < 1.3.41+2.8.31_4 ru-apache-1.3 < 1.3.43+30.23_1 ru-apache+mod_ssl < 1.3.43+30.23_1 CVE-2011-3368 http://httpd.apache.org/security/vulnerabilities_13.html http://seclists.org/fulldisclosure/2011/Oct/232 |
dc8c08c7-1e7c-11db-88cf-000c6ec775d9 | apache -- mod_rewrite buffer overflow vulnerability The Apache Software Foundation and The Apache HTTP Server Project reports:
Discovery 2006-07-27 Entry 2006-07-28 Modified 2006-11-01 apache ge 1.3.28 lt 1.3.36_1 ge 2.0.46 lt 2.0.58_2 ge 2.2.0 lt 2.2.2_1 apache+mod_perl ge 1.3.28 lt 1.3.36_1 apache+ipv6 ge 1.3.28 lt 1.3.37 apache_fp ge 0 ru-apache ge 1.3.28 lt 1.3.37+30.23 ru-apache+mod_ssl ge 1.3.28 lt 1.3.34.1.57_2 apache+ssl ge 1.3.28 lt 1.3.34.1.57_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 ge 1.3.28 lt 1.3.36+2.8.27_1 395412 CVE-2006-3747 http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955 |
de2bc01f-dc44-11e1-9f4d-002354ed89bc | Apache -- Insecure LD_LIBRARY_PATH handling Apache reports:
Discovery 2012-03-02 Entry 2012-08-01 apache le 2.2.22_5 apache-event le 2.2.22_5 apache-itk le 2.2.22_5 apache-peruser le 2.2.22_5 apache-worker le 2.2.22_5 CVE-2012-0883 http://httpd.apache.org/security/vulnerabilities_24.html http://www.apache.org/dist/httpd/CHANGES_2.4.2 |
e15f2356-9139-11de-8f42-001aa0166822 | apache22 -- several vulnerabilities Apache ChangeLog reports:
Discovery 2009-07-28 Entry 2009-08-25 apache gt 2.2.0 lt 2.2.12 CVE-2009-1891 CVE-2009-1195 CVE-2009-1890 CVE-2009-1191 CVE-2009-0023 CVE-2009-1955 CVE-2009-1956 |
e936d612-253f-11da-bc01-000e0c2e438a | apache -- Certificate Revocation List (CRL) off-by-one vulnerability Marc Stern reports an off-by-one vulnerability in within mod_ssl. The vulnerability lies in mod_ssl's Certificate Revocation List (CRL). If Apache is configured to use a CRL this could allow an attacker to crash a child process causing a Denial of Service. Discovery 2005-07-12 Entry 2005-09-17 apache gt 2.* lt 2.0.54_1 14366 CVE-2005-1268 |
eb9212f7-526b-11de-bbf2-001b77d09812 | apr -- multiple vulnerabilities Secunia reports:
RedHat reports:
Discovery 2009-06-05 Entry 2009-06-08 apr < 1.3.5.1.3.7 apache ge 2.2.0 lt 2.2.11_5 ge 2.0.0 lt 2.0.63_3 35221 CVE-2009-1955 CVE-2009-1956 CVE-2009-0023 http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 http://secunia.com/advisories/35284/ https://bugzilla.redhat.com/show_bug.cgi?id=3D504390 |
f1892066-0e74-11de-92de-000bcdc1757a | apache -- Cross-site scripting vulnerability CVE Mitre reports:
Discovery 2008-07-25 Entry 2009-03-11 apache gt 2.2.0 lt 2.2.9_2 gt 2.0.0 lt 2.0.63_2 CVE-2008-2939 http://www.rapid7.com/advisories/R7-0033.jsp |