FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d8c901ff-0f0f-11e1-902b-20cf30e32f6dApache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. There is no patch against this issue!


Discovery 2011-10-05
Entry 2011-11-14
apache
< 1.3.43

apache+ssl
< 1.3.43.1.59_2

apache+ipv6
< 1.3.43

apache+mod_perl
< 1.3.43

apache+mod_ssl
< 1.3.41+2.8.31_4

apache+mod_ssl+ipv6
< 1.3.41+2.8.31_4

ru-apache-1.3
< 1.3.43+30.23_1

ru-apache+mod_ssl
< 1.3.43+30.23_1

CVE-2011-3368
http://httpd.apache.org/security/vulnerabilities_13.html
http://seclists.org/fulldisclosure/2011/Oct/232
de2bc01f-dc44-11e1-9f4d-002354ed89bcApache -- Insecure LD_LIBRARY_PATH handling

Apache reports:

Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.


Discovery 2012-03-02
Entry 2012-08-01
apache
le 2.2.22_5

apache-event
le 2.2.22_5

apache-itk
le 2.2.22_5

apache-peruser
le 2.2.22_5

apache-worker
le 2.2.22_5

CVE-2012-0883
http://httpd.apache.org/security/vulnerabilities_24.html
http://www.apache.org/dist/httpd/CHANGES_2.4.2
cae01d7b-110d-11df-955a-00219b0fc4d8apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)

Apache ChangeLog reports:

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.


Discovery 2009-06-30
Entry 2010-02-03
Modified 2010-02-03
apache
< 1.3.42

apache+mod_perl
< 1.3.42

apache+ipv6
< 1.3.42

apache_fp
ge 0

ru-apache
< 1.3.42+30.23

ru-apache+mod_ssl
< 1.3.42

apache+ssl
< 1.3.42.1.57_2

apache+mod_ssl
apache+mod_ssl+ipv6
apache+mod_ssl+mod_accel
apache+mod_ssl+mod_accel+ipv6
apache+mod_ssl+mod_accel+mod_deflate
apache+mod_ssl+mod_accel+mod_deflate+ipv6
apache+mod_ssl+mod_deflate
apache+mod_ssl+mod_deflate+ipv6
apache+mod_ssl+mod_snmp
apache+mod_ssl+mod_snmp+mod_accel
apache+mod_ssl+mod_snmp+mod_accel+ipv6
apache+mod_ssl+mod_snmp+mod_deflate
apache+mod_ssl+mod_snmp+mod_deflate+ipv6
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6
< 1.3.41+2.8.27_2

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010
http://www.security-database.com/detail.php?alert=CVE-2010-0010
http://security-tracker.debian.org/tracker/CVE-2010-0010
http://www.vupen.com/english/Reference-CVE-2010-0010.php