-
critical:
IPv6 URI parsing heap overflow
CAN-2004-0786
Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util library.
If a remote attacker sent a request including a carefully crafted URI, an
httpd child process could be made to crash. One some BSD systems it
is believed this flaw may be able to lead to remote code execution.
-
critical:
APR remote crash
CAN-2003-0245
A vulnerability in the apr_psprintf function in the Apache Portable
Runtime (APR) library allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via long strings, as demonstrated using XML objects to
mod_dav, and possibly other vectors.
-
important:
Memory consumption DoS
CAN-2004-0942
An issue was discovered where the field length limit was not enforced
for certain malicious requests. This could allow a remote attacker who
is able to send large amounts of data to a server the ability to cause
Apache children to consume proportional amounts of memory, leading to
a denial of service.
-
important:
listening socket starvation
CAN-2004-0174
A starvation issue on listening sockets occurs when a short-lived
connection on a rarely-accessed listening socket will cause a child to
hold the accept mutex and block out new connections until another
connection arrives on that rarely-accessed listening socket. This
issue is known to affect some versions of AIX, Solaris, and Tru64; it
is known to not affect FreeBSD or Linux.
-
important:
mod_ssl memory leak
CVE-2004-0113
A memory leak in mod_ssl allows a remote denial of service attack
against an SSL-enabled server by sending plain HTTP requests to the
SSL port.
-
important:
Remote DoS with multiple Listen directives
CAN-2003-0253
In a server with multiple listening sockets a certain error returned
by accept() on a rarely access port can cause a temporary denial of
service, due to a bug in the prefork MPM.
-
important:
Basic Authentication DoS
CAN-2003-0189
A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers
to cause a denial of access to authenticated content when a threaded
server is used.
-
important:
Line feed memory leak DoS
CAN-2003-0132
Apache 2.0 versions before Apache 2.0.45 had a significant Denial of
Service vulnerability. Remote attackers could cause a denial of service
(memory consumption) via large chunks of linefeed characters, which
causes Apache to allocate 80 bytes for each linefeed.
-
moderate:
SSLCipherSuite bypass
CAN-2004-0885
An issue has been discovered in the mod_ssl module when configured to use
the "SSLCipherSuite" directive in directory or location context. If a
particular location context has been configured to require a specific set
of cipher suites, then a client will be able to access that location using
any cipher suite allowed by the virtual host configuration.
-
moderate:
CGI output information leak
CAN-2003-0789
A bug in mod_cgid mishandling of CGI redirect paths can result in
CGI output going to the wrong client when a threaded MPM
is used.
-
moderate:
Remote DoS via IPv6 ftp proxy
CAN-2003-0254
When a client requests that proxy ftp connect to a ftp server with
IPv6 address, and the proxy is unable to create an IPv6 socket,
an infinite loop occurs causing a remote Denial of Service.
-
low:
Environment variable expansion flaw
CAN-2004-0747
The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
expansion of environment variables during configuration file parsing. This
issue could allow a local user to gain the privileges of a httpd
child if a server can be forced to parse a carefully crafted .htaccess file
written by a local user.
-
low:
WebDAV remote crash
CAN-2004-0809
An issue was discovered in the mod_dav module which could be triggered
for a location where WebDAV authoring access has been configured. A
malicious remote client which is authorized to use the LOCK method
could force an httpd child process to crash by sending a particular
sequence of LOCK requests. This issue does not allow execution of
arbitrary code. and will only result in a denial of service where a
threaded process model is in use.
-
low:
FakeBasicAuth overflow
CAN-2004-0488
A buffer overflow in the mod_ssl FakeBasicAuth code could be exploited
by an attacker using a (trusted) client certificate with a subject DN
field which exceeds 6K in length.
-
low:
Error log escape filtering
CVE-2003-0020
Apache does not filter terminal escape sequences from error logs,
which could make it easier for attackers to insert those sequences
into terminal emulators containing vulnerabilities related to escape
sequences.
-
low:
Local configuration regular expression overflow
CAN-2003-0542
By using a regular expression with more than 9 captures a buffer
overflow can occur in mod_alias or mod_rewrite. To exploit this an
attacker would need to be able to create a carefully crafted configuration
file (.htaccess or httpd.conf)
-
low:
mod_ssl renegotiation issue
CAN-2003-0192
A bug in the optional renegotiation code in mod_ssl included with
Apache httpd can cause cipher suite restrictions to be ignored.
This is triggered if optional renegotiation is used (SSLOptions
+OptRenegotiate) along with verification of client certificates
and a change to the cipher suite over the renegotiation.
-
low:
Filtered escape sequences
CAN-2003-0083
Apache did not filter terminal escape sequences from its
access logs, which could make it easier for attackers to insert those
sequences into terminal emulators containing vulnerabilities related
to escape sequences.
-
low:
Error page XSS using wildcard DNS
CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of
Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
UseCanonicalName is "Off" and support for wildcard DNS is present,
allows remote attackers to execute script as other web page visitors
via the Host: header.
