Debian Apache2 vulnerabilities

CVE-2005-2728 [MEDIUM] CVE-2005-2728: apache2 - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cau... The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. Scope: local bookworm: resolved (fixed in 2.0.54-5) bullseye: resolved (fixed in 2.0.54-5) forky: resolved (fixed in 2.0.54-5) sid: resolved (fixed in 2.0.54-5) trixie: resolved (fixed in 2.0.54-5)

CVE-2005-2700 [CRITICAL] CVE-2005-2700: apache2 - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient option... ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. Scope: local bookworm: resolved (fixed in 2.0.54-5) bullseye: resolved (fixed in 2.0.54-5)

CVE-2005-3357 [MEDIUM] CVE-2005-3357: apache2 - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with acces... mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 2.0.55-4) bullseye: resolved (fixed in 2.0.55-4

CVE-2005-2970 [MEDIUM] CVE-2005-2970: apache2 - Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances,... Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. Scope: local bookworm: resolved (fixed in 2.0.55-1) bullseye: resolved (fixed in 2.0.55-1) forky

CVE-2005-1268 [MEDIUM] CVE-2005-1268: apache2 - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification c... Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. Scope: local bookworm: resolved (fixed in 2.0.54-5) bullseye: resolved (fixed in 2.0.54-5) forky: resolved

CVE-2005-3352 [MEDIUM] CVE-2005-3352: apache2 - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd ... Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Scope: local bookworm: resolved (fixed in 2.0.55-4) bullseye: resolved (fixed in 2.0.55-4) forky: resolved (fixed in 2.0.55-4)

CVE-2004-0885 [HIGH] CVE-2004-0885: apache2 - The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSui... The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. Scope: local bookworm: resolved (fixed in 2.0.52-2) bullseye: resolved (fixed in 2.0.52-2) forky: resolved (fix

CVE-2004-0811 [HIGH] CVE-2004-0811: apache2 - Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy dire... Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. Scope: local bookworm: resolved (fixed in 2.0.52) bullseye: resolved (fixed in 2.0.52) forky: resolved (fixed in 2.0.52) sid: resolved (fixed in 2.0.52) trix

CVE-2004-0488 [HIGH] CVE-2004-0488: apache2 - Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util... Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. Scope: local bookworm: resolved (fixed in 2.0.50-1) bullseye: resolved (fixed in 2.0.50-1) forky: resolved (fixed

CVE-2004-0747 [HIGH] CVE-2004-0747: apache2 - Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache p... Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. Scope: local bookworm: resolved (fixed in 2.0.51) bullseye: resolved (fixed in 2.0.51) forky: resolved (fixed in 2.0.51) sid: resolved (fixed in 2.0.51) trixie: resolved (fixed in 2.0.51)

CVE-2004-0493 [MEDIUM] CVE-2004-0493: apache2 - The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attac... The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. Scope: local bookworm: resolved (fixed in 2.0.50-1) bullseye: re

CVE-2004-0942 [MEDIUM] CVE-2004-0942: apache2 - Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of... Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. Scope: local bookworm: resolved (fixed in 2.0.52-2) bullseye: resolved (fixed in 2.0.52-2) forky: resolved (fixed in 2.0.52-2) sid: resolved (fixed in

CVE-2004-0786 [MEDIUM] CVE-2004-0786: apache2 - The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earl... The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. Scope: local bookworm: resolved (fixed in 2.0.51) bullseye: resolved (fixed in 2.0.51) forky: resolved (fixed in 2.0.51) sid: resolved (f

CVE-2004-0809 [MEDIUM] CVE-2004-0809: apache2 - The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause... The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. Scope: local bookworm: resolved (fixed in 2.0.51-1) bullseye: resolved (fixed in 2.0.51-1) forky: resolved (fixed in 2.0.51-1) sid: resolved (fixed in 2.

CVE-2004-0748 [MEDIUM] CVE-2004-0748: apache2 - mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial o... mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop. Scope: local bookworm: resolved (fixed in 2.0.51) bullseye: resolved (fixed in 2.0.51) forky: resolved (fixed in 2.0.51) sid: resolved (fixed in 2.0.51) trixi

CVE-2004-0751 [MEDIUM] CVE-2004-0751: apache2 - The char_buffer_read function in the mod_ssl module for Apache 2.x, when using r... The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault). Scope: local bookworm: resolved (fixed in 2.0.50-11) bullseye: resolved (fixed in 2.0.50-11) forky: resolved (fixed in 2.0.50-11) sid: resolved (fixed in 2.0.50-11) trixie: resolv

CVE-2004-0113 [MEDIUM] CVE-2004-0113: apache2 - Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remo... Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. Scope: local bookworm: resolved (fixed in 2.0.52) bullseye: resolved (fixed in 2.0.52) forky: resolved (fixed in 2.0.52) sid: resolved (fixed in 2.0.52) trixie

CVE-2004-1834 [LOW] CVE-2004-1834: apache2 - mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including aut... mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. Scope: local bookworm: resolved (fixed in 2.0.53-1) bullseye: resolved (fixed in 2.0.53-1) forky: resolved (fixed in 2.0.53-1) sid: resolved (fixed in 2.0.53-1) trixie: resolved (fixed in

CVE-2003-0789 [CRITICAL] CVE-2003-0789: apache2 - mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly h... mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. Scope: local bookworm: resolved (fixed in 2.0.48) bullseye: resolved (fixed in 2.0.48) forky: resolved (fixed in 2.0.48) sid: resolved (fixed in 2.0.48) trixie: resolved (fixed i

CVE-2003-0542 [HIGH] CVE-2003-0542: apache2 - Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for A... Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. Scope: local bookworm: resolved (fixed in 2.0.48) bullseye: resolved (fixed in 2.0.48) forky: resolved (fixed