FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8edeb3c1-bfe7-11ed-96f5-3497f65b111b	Apache httpd -- Multiple vulnerabilities The Apache httpd project reports: CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (cve.mitre.org). HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. CVE-2023-25690: HTTP request splitting with mod_rewrite and mod_proxy (cve.mitre.org). Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. Discovery 2023-03-08 Entry 2023-03-11 apache24 < 2.4.56 CVE-2023-25690 CVE-2023-27522 https://downloads.apache.org/httpd/CHANGES_2.4.56
00919005-96a3-11ed-86e9-d4c9ef517024	Apache httpd -- Multiple vulnerabilities The Apache httpd project reports: mod_dav out of bounds read, or write of zero byte (CVE-2006-20001) (moderate) mod_proxy_ajp Possible request smuggling (CVE-2022-36760) (moderate) mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting (CVE-2022-37436) (moderate) Discovery 2023-01-17 Entry 2023-01-17 apache24 < 2.4.55 CVE-2022-37436 CVE-2022-36760 CVE-2006-20001 https://downloads.apache.org/httpd/CHANGES_2.4.55
f923205f-6e66-11ee-85eb-84a93843eb75	Apache httpd -- Multiple vulnerabilities The Apache httpd project reports: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 CVE-2023-31122: mod_macro buffer over-read Discovery 2023-10-19 Entry 2023-10-19 apache24 < 2.4.58 CVE-2023-45802 CVE-2023-43622 CVE-2023-31122 https://dlcdn.apache.org/httpd/CHANGES_2.4.58

VuXML ID

Description

8edeb3c1-bfe7-11ed-96f5-3497f65b111b

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports:

CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (cve.mitre.org). HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

CVE-2023-25690: HTTP request splitting with mod_rewrite and mod_proxy (cve.mitre.org). Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.

Discovery 2023-03-08
Entry 2023-03-11
apache24

< 2.4.56

CVE-2023-25690
CVE-2023-27522
https://downloads.apache.org/httpd/CHANGES_2.4.56

00919005-96a3-11ed-86e9-d4c9ef517024

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports:

mod_dav out of bounds read, or write of zero byte (CVE-2006-20001) (moderate)

mod_proxy_ajp Possible request smuggling (CVE-2022-36760) (moderate)

mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting (CVE-2022-37436) (moderate)

Discovery 2023-01-17
Entry 2023-01-17
apache24

< 2.4.55

CVE-2022-37436
CVE-2022-36760
CVE-2006-20001
https://downloads.apache.org/httpd/CHANGES_2.4.55

f923205f-6e66-11ee-85eb-84a93843eb75

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports:

CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

CVE-2023-31122: mod_macro buffer over-read

Discovery 2023-10-19
Entry 2023-10-19
apache24

< 2.4.58

CVE-2023-45802
CVE-2023-43622
CVE-2023-31122
https://dlcdn.apache.org/httpd/CHANGES_2.4.58