Essentials
Download!
Documentation
Get Involved
Subprojects
Miscellaneous
|
Apache httpd 2.2 vulnerabilities
|
This page lists all security vulnerabilities fixed in released
versions of Apache httpd 2.2. Each
vulnerability is given a security impact rating by the Apache
security team - please note that this rating may well vary from
platform to platform. We also list the versions of Apache httpd the
flaw is known to affect, and where a flaw has not been verified list
the version with a question mark.
This page is created from a database of vulnerabilities originally
populated by Apache Week. Please send comments or corrections for
these vulnerabilities to the Security
Team.
|
Fixed in Apache httpd 2.2.14
|
-
low:
mod_proxy_ftp DoS
CVE-2009-3094
A NULL pointer dereference flaw was found in the mod_proxy_ftp
module. A malicious FTP server to which requests are being proxied
could use this flaw to crash an httpd child process via a malformed
reply to the EPSV or PASV commands, resulting in a limited denial of
service.
-
Update Released: 5th October 2009
-
Affects:
2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
low:
mod_proxy_ftp FTP command injection
CVE-2009-3095
A flaw was found in the mod_proxy_ftp module. In a reverse proxy
configuration, a remote attacker could use this flaw to bypass
intended access restrictions by creating a carefully-crafted HTTP
Authorization header, allowing the attacker to send arbitrary commands
to the FTP server.
-
Update Released: 5th October 2009
-
Affects:
2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
Solaris pollset DoS
CVE-2009-2699
Faulty error handling was found affecting Solaris pollset support
(Event Port backend) caused by a bug in APR. A remote attacker
could trigger this issue on Solaris servers which used prefork or
event MPMs, resulting in a denial of service.
-
Update Released: 5th October 2009
-
Affects:
2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
|
Fixed in Apache httpd 2.2.13
|
-
low:
APR apr_palloc heap overflow
CVE-2009-2412
A flaw in apr_palloc() in the bundled copy of APR could
cause heap overflows in programs that try to apr_palloc() a user
controlled size. The Apache HTTP Server itself does not pass
unsanitized user-provided sizes to this function, so it could only
be triggered through some other application which uses apr_palloc()
in a vulnerable way.
-
Update Released: 9th August 2009
-
Affects:
2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
|
Fixed in Apache httpd 2.2.12
|
-
important:
mod_proxy reverse proxy DoS
CVE-2009-1890
A denial of service flaw was found in the mod_proxy module when it was
used as a reverse proxy. A remote attacker could use this flaw to
force a proxy process to consume large amounts of CPU time.
-
Update Released: 27th July 2009
-
Affects:
2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
important:
mod_proxy_ajp information disclosure
CVE-2009-1191
An information disclosure flaw was found in mod_proxy_ajp in version
2.2.11 only. In certain
situations, if a user sent a carefully crafted HTTP request, the server
could return a response intended for another user.
-
Update Released: 27th July 2009
-
Affects:
2.2.11
-
low:
mod_deflate DoS
CVE-2009-1891
A denial of service flaw was found in the mod_deflate module. This
module continued to compress large files until compression was
complete, even if the network connection that requested the content
was closed before compression completed. This would cause mod_deflate
to consume large amounts of CPU if mod_deflate was enabled for a large
file.
-
Update Released: 27th July 2009
-
Affects:
2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
low:
AllowOverride Options handling bypass
CVE-2009-1195
A flaw was found in the handling of the "Options" and "AllowOverride"
directives. In configurations using the "AllowOverride" directive
with certain "Options=" arguments, local users were not restricted
from executing commands from a Server-Side-Include script as intended.
-
Update Released: 27th July 2009
-
Affects:
2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
APR-util off-by-one overflow
CVE-2009-1956
An off-by-one overflow flaw was found in the way the bundled copy of
the APR-util library processed a variable list of arguments. An
attacker could provide a specially-crafted string as input for the
formatted output conversion routine, which could, on big-endian
platforms, potentially lead to the disclosure of sensitive information
or a denial of service.
-
Update Released: 72th 2009
-
Affects:
2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
APR-util XML DoS
CVE-2009-1955
A denial of service flaw was found in the bundled copy of the APR-util
library Extensible Markup Language (XML) parser. A remote attacker
could create a specially-crafted XML document that would cause
excessive memory consumption when processed by the XML decoding
engine.
-
Update Released: 27th July 2009
-
Affects:
2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
APR-util heap underwrite
CVE-2009-0023
A heap-based underwrite flaw was found in the way the bundled copy of
the APR-util library created compiled forms of particular search
patterns. An attacker could formulate a specially-crafted search
keyword, that would overwrite arbitrary heap memory locations when
processed by the pattern preparation engine.
-
Update Released: 27th July 2009
-
Affects:
2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
|
Fixed in Apache httpd 2.2.10
|
-
low:
mod_proxy_ftp globbing XSS
CVE-2008-2939
A flaw was found in the handling of wildcards in the path of a FTP
URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support
FTP-over-HTTP, requests containing globbing characters could lead
to cross-site scripting (XSS) attacks.
-
Update Released: 31st October 2008
-
Affects:
2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
|
Fixed in Apache httpd 2.2.9
|
-
low:
mod_proxy_balancer CSRF
CVE-2007-6420
The mod_proxy_balancer provided an administrative interface that could be
vulnerable to cross-site request forgery (CSRF) attacks.
-
Update Released: 14th June 2008
-
Affects:
2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
mod_proxy_http DoS
CVE-2008-2364
A flaw was found in the handling of excessive interim responses
from an origin server when using mod_proxy_http. A remote attacker
could cause a denial of service or high memory usage.
-
Update Released: 14th June 2008
-
Affects:
2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
|
Fixed in Apache httpd 2.2.8
|
-
low:
mod_proxy_ftp UTF-7 XSS
CVE-2008-0005
A workaround was added in the mod_proxy_ftp module. On sites where
mod_proxy_ftp is enabled and a forward proxy is configured, a
cross-site scripting attack is possible against Web browsers which do
not correctly derive the response character set following the rules in
RFC 2616.
-
Update Released: 19th January 2008
-
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
low:
mod_proxy_balancer DoS
CVE-2007-6422
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer is enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module.
-
Update Released: 19th January 2008
-
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
low:
mod_proxy_balancer XSS
CVE-2007-6421
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer is enabled, a cross-site scripting attack against an
authorized user is possible.
-
Update Released: 19th January 2008
-
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
mod_status XSS
CVE-2007-6388
A flaw was found in the mod_status module. On sites where mod_status is
enabled and the status pages were publicly accessible, a cross-site
scripting attack is possible.
Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.
-
Update Released: 19th January 2008
-
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
mod_imagemap XSS
CVE-2007-5000
A flaw was found in the mod_imagemap module. On sites where
mod_imagemap is enabled and an imagemap file is publicly available, a
cross-site scripting attack is possible.
-
Update Released: 19th January 2008
-
Affects:
2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
|
Fixed in Apache httpd 2.2.6
|
-
moderate:
mod_proxy crash
CVE-2007-3847
A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
a reverse proxy is configured, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. On sites where a forward proxy is configured, an attacker
could cause a similar crash if a user could be persuaded to visit a
malicious site using the proxy. This could lead to a denial of service if
using a threaded Multi-Processing Module.
-
Update Released: 7th September 2007
-
Affects:
2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
mod_status cross-site scripting
CVE-2006-5752
A flaw was found in the mod_status module. On sites where the
server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack.
Note that the server-status
page is not enabled by default and it is best practice to not make
this publicly available.
-
Update Released: 7th September 2007
-
Affects:
2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
Signals to arbitrary processes
CVE-2007-3304
The Apache HTTP server did not verify that a process
was an Apache child process before sending it signals. A local
attacker with the ability to run scripts on the HTTP server could
manipulate the scoreboard and cause arbitrary processes to be
terminated which could lead to a denial of service.
-
Update Released: 7th September 2007
-
Affects:
2.2.4, 2.2.3, 2.2.2, 2.2.0
-
moderate:
mod_cache information leak
CVE-2007-1862
The recall_headers function in mod_mem_cache in Apache 2.2.4 did not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously used data, which could be
used by remote attackers to obtain potentially sensitive information.
-
Update Released: 7th September 2007
-
Affects:
2.2.4
-
moderate:
mod_cache proxy DoS
CVE-2007-1863
A bug was found in the mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module.
-
Update Released: 7th September 2007
-
Affects:
2.2.4, 2.2.3, 2.2.2, 2.2.0
|
Fixed in Apache httpd 2.2.3
|
-
important:
mod_rewrite off-by-one error
CVE-2006-3747
An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
-
Update Released: 27th July 2006
-
Affects:
2.2.2, 2.2.0
|
Fixed in Apache httpd 2.2.2
|
-
low:
mod_ssl access control DoS
CVE-2005-3357
A NULL pointer dereference flaw in mod_ssl was discovered affecting server
configurations where an SSL virtual host is configured with access control
and a custom 400 error document. A remote attacker could send a carefully
crafted request to trigger this issue which would lead to a crash. This
crash would only be a denial of service if using the worker MPM.
-
Update Released: 1st May 2006
-
Affects:
2.2.0
-
moderate:
mod_imap Referer Cross-Site Scripting
CVE-2005-3352
A flaw in mod_imap when using the Referer directive with image maps.
In certain site configurations a remote attacker could perform a cross-site
scripting attack if a victim can be forced to visit a malicious
URL using certain web browsers.
-
Update Released: 1st May 2006
-
Affects:
2.2.0
|
|