FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
76700d2f-d959-11ea-b53c-d4c9ef517024Apache httpd -- Multiple vulnerabilities

The Apache httpd projec reports:

  • mod_http2: Important: Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-9490)

    A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards.
  • mod_proxy_uwsgi: Moderate: mod_proxy_uwsgi buffer overflow (CVE-2020-11984)

    info disclosure and possible RCE
  • mod_http2: Moderate: Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-11993)

    When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.

Discovery 2020-08-07
Entry 2020-08-08
Modified 2020-08-08
apache24
< 2.4.46

mod_http2
< 1.15.14

https://downloads.apache.org/httpd/CHANGES_2.4.46
https://httpd.apache.org/security/vulnerabilities_24.html
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993