Debian Apache2 vulnerabilities

CVE-2007-3847 [MEDIUM] CVE-2007-3847: apache2 - The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0... The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. Scope: local bookworm: resolved (fixed in 2.2.6-1) bullseye: resolved (fixed in 2.2.6-1) forky: resolved

CVE-2007-1862 [MEDIUM] CVE-2007-1862: apache2 - The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly c... The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: reso

CVE-2007-1743 [MEDIUM] CVE-2007-1743: apache2 - suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user ... suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insec

CVE-2007-6423 [HIGH] CVE-2007-6423: apache2 - Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x bef... Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2007-6420 [MEDIUM] CVE-2007-6420: apache2 - Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_p... Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.2.9-1) bullseye: resolved (fixed in 2.2.9-1) forky: resolved (fixed in 2.2.9-1) sid: resolved (fixed in 2.2.9-1) trixie: resolved (fi

CVE-2007-6422 [MEDIUM] CVE-2007-6422: apache2 - The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.... The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. Scope: local bookworm: resolved (fixed in 2.2.8-1) bullseye: resolved (fixed in 2.2.8-1) forky: resolved (f

CVE-2007-1741 [MEDIUM] CVE-2007-1741: apache2 - Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between d... Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an

CVE-2007-6388 [MEDIUM] CVE-2007-6388: apache2 - Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server... Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.2.8-1) bullseye: resolved (fixed in 2.2.8-1)

CVE-2007-3304 [MEDIUM] CVE-2007-3304: apache2 - Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local... Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." Scope: local bookworm: resolved (fixed in 2.2.4-2) bullseye: resolved (fixed in 2

CVE-2007-5000 [MEDIUM] CVE-2007-5000: apache2 - Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apach... Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.2.8-1) bullseye:

CVE-2007-3303 [MEDIUM] CVE-2007-3303: apache2 - Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users t... Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker

CVE-2007-1863 [MEDIUM] CVE-2007-1863: apache2 - cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching... cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. Scope: local bo

CVE-2007-1742 [LOW] CVE-2007-1742: apache2 - suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifyi... suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the ven

CVE-2006-20001 [HIGH] CVE-2006-20001: apache2 - A carefully crafted If: request header can cause a memory read, or write of a si... A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. Scope: local bookworm: resolved (fixed in 2.4.55-1) bullseye: resolved (fixed in 2.4.56-1~deb11u1) forky: resolv

CVE-2006-3747 [HIGH] CVE-2006-3747: apache2 - Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite)... Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rul

CVE-2006-5752 [MEDIUM] CVE-2006-5752: apache2 - Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status modul... Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not s

CVE-2006-3918 [MEDIUM] CVE-2006-3918: apache2 - http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.... http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that ca

CVE-2006-4110 [MEDIUM] CVE-2006-4110: apache2 - Apache 2.2.2, when running on Windows, allows remote attackers to read source co... Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved tr

CVE-2005-1344 [HIGH] CVE-2005-1344: apache2 - Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbi... Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

CVE-2005-2088 [MEDIUM] CVE-2005-2088: apache2 - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an... The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the bod