FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2070c79a-8e1e-11e2-b34d-000c2957946c	ModSecurity -- XML External Entity Processing Vulnerability Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial Of Serice). The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g. disclose local files or cause excessive memory and CPU consumption. . Discovery 2013-04-02 Entry 2013-04-16 mod_security gt 2.* lt 2.7.3 CVE-2013-1915 https://secunia.com/advisories/52847/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1915 https://bugs.gentoo.org/show_bug.cgi?id=464188
9dfb63b8-8f36-11e2-b34d-000c2957946c	www/mod_security -- NULL pointer dereference DoS SecurityFocus reports: When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable". Discovery 2013-05-27 Entry 2013-06-03 mod_security < 2.7.3 CVE-2013-2765 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2765
c2e10368-77ab-11d8-b9e8-00e04ccb0a62	ModSecurity for Apache 2.x remote off-by-one overflow When the directive "SecFilterScanPost" is enabled, the Apache 2.x version of ModSecurity is vulnerable to an off-by-one overflow Discovery 2004-02-09 Entry 2004-03-17 Modified 2004-06-27 mod_security < 1.7.5 http://www.s-quadra.com/advisories/Adv-20040315.txt 9885 http://secunia.com/advisories/11138 779438

VuXML ID

Description

2070c79a-8e1e-11e2-b34d-000c2957946c

ModSecurity -- XML External Entity Processing Vulnerability

Positive Technologies has reported a vulnerability in ModSecurity, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial Of Serice).

The vulnerability is caused due to an error when parsing external XML entities and can be exploited to e.g. disclose local files or cause excessive memory and CPU consumption.

.

Discovery 2013-04-02
Entry 2013-04-16
mod_security

gt 2.* lt 2.7.3

CVE-2013-1915
https://secunia.com/advisories/52847/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1915
https://bugs.gentoo.org/show_bug.cgi?id=464188

9dfb63b8-8f36-11e2-b34d-000c2957946c

www/mod_security -- NULL pointer dereference DoS

SecurityFocus reports:

When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable".

Discovery 2013-05-27
Entry 2013-06-03
mod_security

< 2.7.3

CVE-2013-2765
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2765

c2e10368-77ab-11d8-b9e8-00e04ccb0a62

ModSecurity for Apache 2.x remote off-by-one overflow

When the directive "SecFilterScanPost" is enabled, the Apache 2.x version of ModSecurity is vulnerable to an off-by-one overflow

Discovery 2004-02-09
Entry 2004-03-17
Modified 2004-06-27
mod_security

< 1.7.5

http://www.s-quadra.com/advisories/Adv-20040315.txt
9885
http://secunia.com/advisories/11138
779438