FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-08 09:03:38 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f38187e7-2f6e-11e8-8f07-b499baebfeaf	apache -- multiple vulnerabilities The Apache httpd reports: Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled (CVE-2017-15710) mod_session: CGI-like applications that intend to read from mod_session's 'SessionEnv ON' could be fooled into reading user-supplied data instead. (CVE-2018-1283) mod_cache_socache: Fix request headers parsing to avoid a possible crash with specially crafted input data. (CVE-2018-1303) core: Possible crash with excessively long HTTP request headers. Impractical to exploit with a production build and production LogLevel. (CVE-2018-1301) core: Configure the regular expression engine to match '$' to the end of the input string only, excluding matching the end of any embedded newline characters. Behavior can be changed with new directive 'RegexDefaultOptions'. (CVE-2017-15715) mod_auth_digest: Fix generation of nonce values to prevent replay attacks across servers using a common Digest domain. This change may cause problems if used with round robin load balancers. (CVE-2018-1312) mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302) Discovery 2018-03-23 Entry 2018-03-24 Modified 2018-03-27 apache24 < 2.4.30 apache22 < 2.2.34_5 https://www.apache.org/dist/httpd/CHANGES_2.4.33 CVE-2017-15710 CVE-2018-1283 CVE-2018-1303 CVE-2018-1301 CVE-2017-15715 CVE-2018-1312 CVE-2018-1302

VuXML ID

Description

f38187e7-2f6e-11e8-8f07-b499baebfeaf

apache -- multiple vulnerabilities

The Apache httpd reports:

Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled (CVE-2017-15710)

mod_session: CGI-like applications that intend to read from mod_session's 'SessionEnv ON' could be fooled into reading user-supplied data instead. (CVE-2018-1283)

mod_cache_socache: Fix request headers parsing to avoid a possible crash with specially crafted input data. (CVE-2018-1303)

core: Possible crash with excessively long HTTP request headers. Impractical to exploit with a production build and production LogLevel. (CVE-2018-1301)

core: Configure the regular expression engine to match '$' to the end of the input string only, excluding matching the end of any embedded newline characters. Behavior can be changed with new directive 'RegexDefaultOptions'. (CVE-2017-15715)

mod_auth_digest: Fix generation of nonce values to prevent replay attacks across servers using a common Digest domain. This change may cause problems if used with round robin load balancers. (CVE-2018-1312)

mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)

Discovery 2018-03-23
Entry 2018-03-24
Modified 2018-03-27
apache24

< 2.4.30

apache22

< 2.2.34_5

https://www.apache.org/dist/httpd/CHANGES_2.4.33
CVE-2017-15710
CVE-2018-1283
CVE-2018-1303
CVE-2018-1301
CVE-2017-15715
CVE-2018-1312
CVE-2018-1302