Date: Wed, 1 Feb 2012 09:58:58 -0800 From: Jason Helfman <jgh@FreeBSD.org> To: rene@freebsd.org Cc: crees@freebsd.org, apache@freebsd.org Subject: documentation for apache vulnerability, over for approval Message-ID: <20120201175858.GB46116@dormouse.experts-exchange.com>
next in thread | raw e-mail | index | archive | help
--aVD9QWMuhilNxW9f Content-Type: multipart/mixed; boundary="k1lZvvs/B4yU6o8G" Content-Disposition: inline --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Over for approval. -jgh Thanks, Jason --=20 Jason Helfman | FreeBSD Committer jgh@FreeBSD.org | http://people.freebsd.org/~jgh --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="vuln.xml.patch.txt" Content-Transfer-Encoding: quoted-printable ? vuln.xml.patch.txt ? files/test Index: vuln.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2585 diff -u -r1.2585 vuln.xml --- vuln.xml 31 Jan 2012 13:34:00 -0000 1.2585 +++ vuln.xml 1 Feb 2012 00:53:25 -0000 @@ -46,6 +46,60 @@ Note: Please add new entries to the beginning of this file. =20 --> + <vuln vid=3D"4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0"> + <topic>apache -- multiple vulnerabilities</topic> + <affects> + <package> + <name>apache</name> + <range><gt>2.*</gt><lt>2.2.21</lt></range> + </package> + </affects> + <description> + <body xmlns=3D"http://www.w3.org/1999/xhtml">; + <p>CVE Mitre reports:</p> + <blockquote cite=3D"http://httpd.apache.org/security/vulnerabilities_22.h= tml"> + <p>Integer overflow in the ap_pregsub function in server/util.c in the + Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, whe= n the + mod_setenvif module is enabled, allows local users to gain privileges= via a + .htaccess file with a crafted SetEnvIf directive, in conjunction with= a + crafted HTTP request header, leading to a heap-based buffer overflow.= </p> + <p>A flaw was found in mod_log_config. If the '%{cookiename}C' log form= at + string is in use, a remote attacker could send a specific cookie caus= ing a + crash. This crash would only be a denial of service if using a thread= ed + MPM.</p> + <p>A flaw was found in the handling of the scoreboard. An unprivileged + child process could cause the parent process to crash at shutdown rat= her + than terminate cleanly.</p> + <p>An additional exposure was found when using mod_proxy in reverse pro= xy + mode. In certain configurations using RewriteRule with proxy flag or + ProxyPassMatch, a remote attacker could cause the reverse proxy to co= nnect + to an arbitrary server, possibly disclosing sensitive information from + internal web servers not directly accessible to attacker.</p> + <p>A flaw was found in the default error response for status code 400. = This + flaw could be used by an attacker to expose "httpOnly" cookies when no + custom ErrorDocument is specified.</p> + <p>An exposure was found when using mod_proxy in reverse proxy mode. In + certain configurations using RewriteRule with proxy flag or ProxyPass= Match, + a remote attacker could cause the reverse proxy to connect to an arbi= trary + server, possibly disclosing sensitive information from internal web s= ervers + not directly accessible to attacker.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-3607</cvename> + <cvename>CVE-2012-0021</cvename> + <cvename>CVE-2012-0031</cvename> + <cvename>CVE-2011-4317</cvename> + <cvename>CVE-2012-0053</cvename> + <cvename>CVE-2011-3368</cvename> + </references> + <dates> + <discovery>2011-10-05</discovery> + <entry>2012-01-31</entry> + </dates> + </vuln> + <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">; <vuln vid=3D"7c920bb7-4b5f-11e1-9f47-00e0815b8da8"> <topic>sudo -- format string vulnerability</topic> --k1lZvvs/B4yU6o8G-- --aVD9QWMuhilNxW9f Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBAgAGBQJPKX1iAAoJECBZmmNBUNPcmCwH/3e5pQYU443tSdnN9vasgH54 TDusH3iUkfWsBcUqAQ98ELgBjX/HO8oHwt2wDEDy91qBvSNQtJsE7T2qNZf0Erbs 51gOyrNyoKwcqiqUsUQ0mSrbLvCSMsGGtE0EbO5EcEQv43KpqQfiITIHpo13yspY 7imY/9A5gLkzJ2KEw5DAH03Kxp006NpFN2Y3RQJWidtygi1eMsxx5jzQej8TM/qI b+7b8XHwXGEgwV383Wl1w0A2DMKbOQStsxuwnsdG5xiJrwhRPnvyOBayRZBXyRif JY7f+O4VSxnUxuym7+sDKcjXreorrI1WupjAQMiQMRth1TuljBNHhr43kjtSBX8= =IE0b -----END PGP SIGNATURE----- --aVD9QWMuhilNxW9f--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120201175858.GB46116>