Debian Apache2 vulnerabilities

CVE-2014-3581 [MEDIUM] CVE-2014-3581: apache2 - The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_ca... The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. Scope: local bookworm: resolved (fixed in 2.4.10-3) bullseye: resolved (fixed in 2.4.10-3) forky

CVE-2014-0098 [MEDIUM] CVE-2014-0098: apache2 - The log_cookie function in mod_log_config.c in the mod_log_config module in the ... The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. Scope: local bookworm: resolved (fixed in 2.4.9-1) bullseye: resolved (fixed in 2.4.9-1) forky:

CVE-2014-0231 [MEDIUM] CVE-2014-0231: apache2 - The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a time... The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. Scope: local bookworm: resolved (fixed in 2.4.10-1) bullseye: resolved (fixed in 2.4.10-1) forky: resolved (fixed in 2

CVE-2014-0118 [MEDIUM] CVE-2014-0118: apache2 - The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the... The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. Scope: local bookworm: resolved (fixed in 2.4.10-1) bullseye: resol

CVE-2014-8109 [MEDIUM] CVE-2014-8109: apache2 - mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x throug... mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require dir

CVE-2014-0226 [MEDIUM] CVE-2014-0226: apache2 - Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 ... Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_

CVE-2014-3523 [MEDIUM] CVE-2014-3523: apache2 - Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinN... Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixi

CVE-2014-3583 [MEDIUM] CVE-2014-3583: apache2 - The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in ... The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. Scope: local bookworm: resolved (fixed in 2.4.10-8) bullseye: resolved (fixed in 2.4.10-8) forky: resolved (fixed in 2.4.10-8) sid: reso

CVE-2013-1048 [MEDIUM] CWE-264 CVE-2013-1048: The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

CVE-2013-2249 [HIGH] CVE-2013-2249: apache2 - mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before... mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. Scope: local bookworm: resolved (fixed in 2.4.6-1) bullseye: resolved (fixed in 2.4.6-1) forky: resolved (

CVE-2013-5704 [MEDIUM] CVE-2013-5704: apache2 - The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers ... The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." Scope: local bookworm: resolved (fixed in 2.4.10-2) bullseye: resolved (fixed in 2.4.1

CVE-2013-6438 [MEDIUM] CVE-2013-6438: apache2 - The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apach... The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. Scope: local bookworm: resolved (fixed in 2.4.9-1) bullseye: resolved (fixed in 2.4.9-

CVE-2013-1862 [MEDIUM] CVE-2013-1862: apache2 - mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2... mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Scope: local bookworm: resolved (fixed in 2.4.1-1) bullseye: resolved (

CVE-2013-4352 [MEDIUM] CVE-2013-4352: apache2 - The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache ... The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value. Scope: local bookworm: resolved (fixed in 2.4.7-1) bulls

CVE-2013-1896 [MEDIUM] CVE-2013-1896: apache2 - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine wh... mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. Scope: local bookwo

CVE-2012-4557 [MEDIUM] CVE-2012-4557: apache2 - The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places ... The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request. Scope: local bookworm: resolved (fixed in 2.2.22-1) bullseye: resolved (fixed in 2.2.22-1) forky:

CVE-2012-0883 [MEDIUM] CVE-2012-0883: apache2 - envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-l... envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-2687 [LOW] CVE-2012-2687: apache2 - Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list fun... Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant li

CVE-2012-0031 [MEDIUM] CVE-2012-0031: apache2 - scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local user... scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Scope: local bookworm: resolved (fixed in 2.2.22-1) bullse

CVE-2012-4929 [LOW] CVE-2012-4929: apache2 - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt,... The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potenti