FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f3d24aee-e5ad-11e2-b183-20cf30e32f6dapache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

The mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.


Discovery 2013-06-21
Entry 2013-07-05
Modified 2013-07-10
apache22
gt 2.2.0 lt 2.2.25

apache22-event-mpm
gt 2.2.0 lt 2.2.25

apache22-itk-mpm
gt 2.2.0 lt 2.2.25

apache22-peruser-mpm
gt 2.2.0 lt 2.2.25

apache22-worker-mpm
gt 2.2.0 lt 2.2.25

CVE-2013-1862
CVE-2013-1896
65539c54-2517-11e2-b9d6-20cf30e32f6dapache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

low: XSS in mod_negotiation when untrusted uploads are supported CVE-2012-2687

Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled.

low: insecure LD_LIBRARY_PATH handling CVE-2012-0883

This issue was already fixed in port version 2.2.22_5


Discovery 2012-09-13
Entry 2012-11-02
apache22
gt 2.2.0 lt 2.2.23

apache22-event-mpm
gt 2.2.0 lt 2.2.23

apache22-itk-mpm
gt 2.2.0 lt 2.2.23

apache22-peruser-mpm
gt 2.2.0 lt 2.2.23

apache22-worker-mpm
gt 2.2.0 lt 2.2.23

CVE-2012-2687
CVE-2012-0833
f927e06c-1109-11e4-b090-20cf30e32f6dapache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of service via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst.

mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. By default, the client I/O timeout (Timeout directive) now applies to communication with scripts. The CGIDScriptTimeout directive can be used to set a different timeout for communication with scripts.

Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow.

core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior.


Discovery 2014-07-19
Entry 2014-07-24
Modified 2014-09-03
apache22
gt 2.2.0 lt 2.2.29

apache22-event-mpm
gt 2.2.0 lt 2.2.29

apache22-itk-mpm
gt 2.2.0 lt 2.2.29

apache22-peruser-mpm
gt 2.2.0 lt 2.2.29

apache22-worker-mpm
gt 2.2.0 lt 2.2.29

CVE-2014-0118
CVE-2014-0231
CVE-2014-0226
CVE-2013-5704
29083f8e-2ca8-11e5-86ff-14dae9d210b8apache22 -- chunk header parsing defect

Apache Foundation reports:

CVE-2015-3183 core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters.


Discovery 2015-06-24
Entry 2015-07-17
apache22
apache22-event-mpm
apache22-itk-mpm
apache22-peruser-mpm
apache22-worker-mpm
le 2.2.29_5

http://www.apache.org/dist/httpd/Announcement2.2.html
https://github.com/apache/httpd/commit/29779fd08c18b18efc5e640d74cbe297c7ec007e
CVE-2015-3183
9c88d8a8-8372-11e2-a010-20cf30e32f6dapache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

low: XSS due to unescaped hostnames CVE-2012-3499

Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.

moderate: XSS in mod_proxy_balancer CVE-2012-4558

A XSS flaw affected the mod_proxy_balancer manager interface.


Discovery 2012-10-07
Entry 2013-03-02
apache22
gt 2.2.0 lt 2.2.24

apache22-event-mpm
gt 2.2.0 lt 2.2.24

apache22-itk-mpm
gt 2.2.0 lt 2.2.24

apache22-peruser-mpm
gt 2.2.0 lt 2.2.24

apache22-worker-mpm
gt 2.2.0 lt 2.2.24

CVE-2012-3499
CVE-2012-4558
91ecb546-b1e6-11e3-980f-20cf30e32f6dapache -- several vulnerabilities

Apache HTTP SERVER PROJECT reports:

Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies.

mod_dav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential denial of service from specifically crafted DAV WRITE requests.


Discovery 2014-02-25
Entry 2014-03-22
apache24
gt 2.4.0 lt 2.4.9

apache22
gt 2.2.0 lt 2.2.27

apache22-event-mpm
gt 2.2.0 lt 2.2.27

apache22-itk-mpm
gt 2.2.0 lt 2.2.27

apache22-peruser-mpm
gt 2.2.0 lt 2.2.27

apache22-worker-mpm
gt 2.2.0 lt 2.2.27

CVE-2014-0098
CVE-2013-6438