FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 06:51:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d8c901ff-0f0f-11e1-902b-20cf30e32f6d	Apache 1.3 -- mod_proxy reverse proxy exposure Apache HTTP server project reports: An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue! Discovery 2011-10-05 Entry 2011-11-14 apache < 1.3.43 apache+ssl < 1.3.43.1.59_2 apache+ipv6 < 1.3.43 apache+mod_perl < 1.3.43 apache+mod_ssl < 1.3.41+2.8.31_4 apache+mod_ssl+ipv6 < 1.3.41+2.8.31_4 ru-apache-1.3 < 1.3.43+30.23_1 ru-apache+mod_ssl < 1.3.43+30.23_1 CVE-2011-3368 http://httpd.apache.org/security/vulnerabilities_13.html http://seclists.org/fulldisclosure/2011/Oct/232
cae01d7b-110d-11df-955a-00219b0fc4d8	apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long) Apache ChangeLog reports: Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. Discovery 2009-06-30 Entry 2010-02-03 Modified 2010-02-03 apache < 1.3.42 apache+mod_perl < 1.3.42 apache+ipv6 < 1.3.42 apache_fp ge 0 ru-apache < 1.3.42+30.23 ru-apache+mod_ssl < 1.3.42 apache+ssl < 1.3.42.1.57_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.41+2.8.27_2 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010 http://www.security-database.com/detail.php?alert=CVE-2010-0010 http://security-tracker.debian.org/tracker/CVE-2010-0010 http://www.vupen.com/english/Reference-CVE-2010-0010.php
9fff8dc8-7aa7-11da-bf72-00123f589060	apache -- mod_imap cross-site scripting flaw The Apache HTTP Server Project reports: A flaw in mod_imap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. Discovery 2005-11-01 Entry 2006-01-01 Modified 2009-01-23 apache ge 1.3 lt 1.3.34_3 ge 2.0.35 lt 2.0.55_2 ge 2.1 lt 2.1.9_3 ge 2.2 lt 2.2.0_3 apache+mod_perl < 1.3.34_1 apache_fp ge 0 apache+ipv6 < 1.3.37 ru-apache < 1.3.34+30.22_1 ru-apache+mod_ssl < 1.3.34+30.22+2.8.25_1 apache+ssl ge 1.3.0 lt 1.3.33.1.55_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.34+2.8.25_1 CVE-2005-3352 15834 http://www.apacheweek.com/features/security-13 http://www.apacheweek.com/features/security-20
6e6a6b8a-2fde-11d9-b3a2-0050fc56d258	apache mod_include buffer overflow vulnerability There is a buffer overflow in a function used by mod_include that may enable a local user to gain privileges of a httpd child. Only users that are able to create SSI documents can take advantage of that vulnerability. Discovery 2004-10-22 Entry 2004-11-06 apache < 1.3.33 apache+mod_ssl < 1.3.32+2.8.21_1 apache+mod_ssl+ipv6 < 1.3.32+2.8.21_1 apache+mod_perl le 1.3.31 apache+ipv6 < 1.3.33 apache+ssl le 1.3.29.1.55 ru-apache < 1.3.33+30.21 ru-apache+mod_ssl < 1.3.33+30.21+2.8.22 CVE-2004-0940 http://www.securitylab.ru/48807.html
651996e0-fe07-11d9-8329-000e0c2e438a	apache -- http request smuggling A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this vulnerability requires multiple carefully crafted HTTP requests, taking advantage of an caching server, proxy server, web application firewall etc. This only affects installations where Apache is used as HTTP proxy in combination with the following web servers: IIS/6.0 and 5.0 Apache 2.0.45 (as web server) apache 1.3.29 WebSphere 5.1 and 5.0 WebLogic 8.1 SP1 Oracle9iAS web server 9.0.2 SunONE web server 6.1 SP4 Discovery 2005-07-25 Entry 2005-07-26 Modified 2009-01-23 apache < 1.3.33_2 gt 2.* lt 2.0.54_1 gt 2.1.0 lt 2.1.6_1 apache+ssl < 1.3.33.1.55_1 apache+mod_perl < 1.3.33_3 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.33+2.8.22_1 apache_fp gt 0 apache+ipv6 < 1.3.37 ru-apache < 1.3.34+30.22 ru-apache+mod_ssl < 1.3.34+30.22+2.8.25 14106 CVE-2005-2088 http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf