Debian Apache2 vulnerabilities

CVE-2012-0021 [LOW] CVE-2012-0021: apache2 - The log_cookie function in mod_log_config.c in the mod_log_config module in the ... The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. Scope: local bookworm: resolved (fixed in 2.2.22-1

CVE-2012-3499 [MEDIUM] CVE-2012-3499: apache2 - Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.... Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. Scope: local bookworm: resolved (fixed i

CVE-2012-0053 [MEDIUM] CVE-2012-0053: apache2 - protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly rest... protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Scope: local bookworm: resolved (f

CVE-2012-0216 [MEDIUM] CVE-2012-0216: apache2 - The default configuration of the apache2 package in Debian GNU/Linux squeeze bef... The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vector

CVE-2012-3502 [MEDIUM] CVE-2012-3502: apache2 - The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (... The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a r

CVE-2012-4558 [MEDIUM] CVE-2012-4558: apache2 - Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler func... Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. Scope: local bookworm: resolved (fixed in 2.

CVE-2011-3192 [HIGH] CVE-2011-3192: apache2 - The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and ... The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Scope: local bookworm: resolved (fixe

CVE-2011-3607 [MEDIUM] CVE-2011-3607: apache2 - Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP ... Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. Scope:

CVE-2011-1176 [MEDIUM] CVE-2011-1176: apache2 - The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Proc... The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process. Scope

CVE-2011-3368 [MEDIUM] CVE-2011-3368: apache2 - The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x throu... The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign)

CVE-2011-4317 [MEDIUM] CVE-2011-4317: apache2 - The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x throu... The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a m

CVE-2011-3348 [MEDIUM] CVE-2011-3348: apache2 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with... The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request. Scope: local bookworm: resolved (fixed in 2.2.21-1) bullseye: resolved (fixed in 2.2.21-1) forky: resolved (fi

CVE-2011-3639 [MEDIUM] CVE-2011-3639: apache2 - The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x be... The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol

CVE-2011-4415 [MEDIUM] CVE-2011-4415: apache2 - The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through... The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf di

CVE-2010-1623 [MEDIUM] CVE-2010-1623: apache2 - Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in t... Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an A

CVE-2010-0434 [MEDIUM] CVE-2010-0434: apache2 - The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.... The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory

CVE-2010-2791 [MEDIUM] CVE-2010-2791: apache2 - mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not c... mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same

CVE-2010-0408 [MEDIUM] CVE-2010-0408: apache2 - The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apa... The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate

CVE-2010-0425 [CRITICAL] CVE-2010-0425: apache2 - modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 thr... modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a cra

CVE-2010-1452 [MEDIUM] CVE-2010-1452: apache2 - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before... The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. Scope: local bookworm: resolved (fixed in 2.2.16-1) bullseye: resolved (fixed in 2.2.16-1) forky: resolved (fixed in 2.2.16-1) sid: resolved (fixed in 2.2.16-1) trixie: resolved (