FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
09d418db-70fd-11d8-873f-0020ed76ef5aApache 1.3 IP address access control failure on some 64-bit platforms

Henning Brauer discovered a programming error in Apache 1.3's mod_access that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a `deny from' IP address access control rule including a netmask to fail.


Discovery 2004-03-07
Entry 2004-03-08
Modified 2004-03-12
apache
< 1.3.29_2

apache+mod_ssl
< 1.3.29+2.8.16_1

apache+ssl
< 1.3.29.1.53_1

ru-apache
< 1.3.29+30.19_1

ru-apache+mod_ssl
< 1.3.29+30.19+2.8.16_1

CVE-2003-0993
http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47
http://www.apacheweek.com/features/security-13
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850
http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722
9829
dc8c08c7-1e7c-11db-88cf-000c6ec775d9apache -- mod_rewrite buffer overflow vulnerability

The Apache Software Foundation and The Apache HTTP Server Project reports:

An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.

Depending on the manner in which Apache HTTP Server was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. This issue has been rated as having important security impact by the Apache HTTP Server Security Team.

This flaw does not affect a default installation of Apache HTTP Server. Users who do not use, or have not enabled, the Rewrite module mod_rewrite are not affected by this issue. This issue only affects installations using a Rewrite rule with the following characteristics:

  • The RewriteRule allows the attacker to control the initial part of the rewritten URL (for example if the substitution URL starts with $1)
  • The RewriteRule flags do NOT include any of the following flags: Forbidden (F), Gone (G), or NoEscape (NE).

Please note that ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler used to compile Apache HTTP Server has added padding to the stack immediately after the buffer being overwritten, it will not be possible to exploit this issue, and Apache HTTP Server will continue operating normally.

The Apache HTTP Server project thanks Mark Dowd of McAfee Avert Labs for the responsible reporting of this vulnerability.


Discovery 2006-07-27
Entry 2006-07-28
Modified 2006-11-01
apache
ge 1.3.28 lt 1.3.36_1

ge 2.0.46 lt 2.0.58_2

ge 2.2.0 lt 2.2.2_1

apache+mod_perl
ge 1.3.28 lt 1.3.36_1

apache+ipv6
ge 1.3.28 lt 1.3.37

apache_fp
ge 0

ru-apache
ge 1.3.28 lt 1.3.37+30.23

ru-apache+mod_ssl
ge 1.3.28 lt 1.3.34.1.57_2

apache+ssl
ge 1.3.28 lt 1.3.34.1.57_2

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6
ge 1.3.28 lt 1.3.36+2.8.27_1

395412
CVE-2006-3747
http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955
ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93apache -- heap overflow in mod_proxy

A buffer overflow exists in mod_proxy which may allow an attacker to launch local DoS attacks and possibly execute arbitrary code.


Discovery 2004-06-10
Entry 2004-09-19
Modified 2004-10-05
apache
< 1.3.31_1

apache13-ssl
le 1.3.29.1.53_2

apache13-modssl
< 1.3.31+2.8.18_4

apache13+ipv6
le 1.3.29_2

apache13-modperl
le 1.3.31

CVE-2004-0492
http://www.guninski.com/modproxy1.html
d8c901ff-0f0f-11e1-902b-20cf30e32f6dApache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue!


Discovery 2011-10-05
Entry 2011-11-14
apache
< 1.3.43

apache+ssl
< 1.3.43.1.59_2

apache+ipv6
< 1.3.43

apache+mod_perl
< 1.3.43

apache+mod_ssl
< 1.3.41+2.8.31_4

apache+mod_ssl+ipv6
< 1.3.41+2.8.31_4

ru-apache-1.3
< 1.3.43+30.23_1

ru-apache+mod_ssl
< 1.3.43+30.23_1

CVE-2011-3368
http://httpd.apache.org/security/vulnerabilities_13.html
http://seclists.org/fulldisclosure/2011/Oct/232
6e6a6b8a-2fde-11d9-b3a2-0050fc56d258apache mod_include buffer overflow vulnerability

There is a buffer overflow in a function used by mod_include that may enable a local user to gain privileges of a httpd child. Only users that are able to create SSI documents can take advantage of that vulnerability.


Discovery 2004-10-22
Entry 2004-11-06
apache
< 1.3.33

apache+mod_ssl
< 1.3.32+2.8.21_1

apache+mod_ssl+ipv6
< 1.3.32+2.8.21_1

apache+mod_perl
le 1.3.31

apache+ipv6
< 1.3.33

apache+ssl
le 1.3.29.1.55

ru-apache
< 1.3.33+30.21

ru-apache+mod_ssl
< 1.3.33+30.21+2.8.22

CVE-2004-0940
http://www.securitylab.ru/48807.html
651996e0-fe07-11d9-8329-000e0c2e438aapache -- http request smuggling

A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this vulnerability requires multiple carefully crafted HTTP requests, taking advantage of an caching server, proxy server, web application firewall etc. This only affects installations where Apache is used as HTTP proxy in combination with the following web servers:

  • IIS/6.0 and 5.0
  • Apache 2.0.45 (as web server)
  • apache 1.3.29
  • WebSphere 5.1 and 5.0
  • WebLogic 8.1 SP1
  • Oracle9iAS web server 9.0.2
  • SunONE web server 6.1 SP4

Discovery 2005-07-25
Entry 2005-07-26
Modified 2009-01-23
apache
< 1.3.33_2

gt 2.* lt 2.0.54_1

gt 2.1.0 lt 2.1.6_1

apache+ssl
< 1.3.33.1.55_1

apache+mod_perl
< 1.3.33_3

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6
< 1.3.33+2.8.22_1

apache_fp
gt 0

apache+ipv6
< 1.3.37

ru-apache
< 1.3.34+30.22

ru-apache+mod_ssl
< 1.3.34+30.22+2.8.25

14106
CVE-2005-2088
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
de2bc01f-dc44-11e1-9f4d-002354ed89bcApache -- Insecure LD_LIBRARY_PATH handling

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.


Discovery 2012-03-02
Entry 2012-08-01
apache
le 2.2.22_5

apache-event
le 2.2.22_5

apache-itk
le 2.2.22_5

apache-peruser
le 2.2.22_5

apache-worker
le 2.2.22_5

CVE-2012-0883
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.2
cae01d7b-110d-11df-955a-00219b0fc4d8apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)

Apache ChangeLog reports:

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.


Discovery 2009-06-30
Entry 2010-02-03
Modified 2010-02-03
apache
< 1.3.42

apache+mod_perl
< 1.3.42

apache+ipv6
< 1.3.42

apache_fp
ge 0

ru-apache
< 1.3.42+30.23

ru-apache+mod_ssl
< 1.3.42

apache+ssl
< 1.3.42.1.57_2

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6
< 1.3.41+2.8.27_2

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010
http://www.security-database.com/detail.php?alert=CVE-2010-0010
http://security-tracker.debian.org/tracker/CVE-2010-0010
http://www.vupen.com/english/Reference-CVE-2010-0010.php
9fff8dc8-7aa7-11da-bf72-00123f589060apache -- mod_imap cross-site scripting flaw

The Apache HTTP Server Project reports:

A flaw in mod_imap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers.


Discovery 2005-11-01
Entry 2006-01-01
Modified 2009-01-23
apache
ge 1.3 lt 1.3.34_3

ge 2.0.35 lt 2.0.55_2

ge 2.1 lt 2.1.9_3

ge 2.2 lt 2.2.0_3

apache+mod_perl
< 1.3.34_1

apache_fp
ge 0

apache+ipv6
< 1.3.37

ru-apache
< 1.3.34+30.22_1

ru-apache+mod_ssl
< 1.3.34+30.22+2.8.25_1

apache+ssl
ge 1.3.0 lt 1.3.33.1.55_2

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6
< 1.3.34+2.8.25_1

CVE-2005-3352
15834
http://www.apacheweek.com/features/security-13
http://www.apacheweek.com/features/security-20