diff options
| author | Remko Lodder <remko@FreeBSD.org> | 2005-07-27 15:57:54 +0000 |
|---|---|---|
| committer | Remko Lodder <remko@FreeBSD.org> | 2005-07-27 15:57:54 +0000 |
| commit | fe0cc1d802bc9315a617b4d40edba76eee2b9262 (patch) | |
| tree | b47e98873c9c0fbe4de21031516265bc0b1ca42d /security | |
| parent | 2bb5ba70d05583b8f8874e53ce8252b9e7debeae (diff) | |
| download | ports-fe0cc1d802bc9315a617b4d40edba76eee2b9262.tar.gz ports-fe0cc1d802bc9315a617b4d40edba76eee2b9262.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f7c4ea8ccdb5..0aa78a4179d0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,70 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="651996e0-fe07-11d9-8329-000e0c2e438a"> + <topic>apache -- http request smuggling</topic> + <affects> + <package> + <name>apache</name> + <range><lt>2.0.54_1</lt></range> + <range><lt>2.1.6_1</lt></range> + </package> + <package> + <name>apache+ipv6</name> + <range><gt>0</gt></range> + </package> + <package> + <name>apache_fp</name> + <range><gt>0</gt></range> + </package> + <package> + <name>apache+ssl</name> + <range><lt>1.3.33.1.55_1</lt></range> + </package> + <package> + <name>apache+mod_perl</name> + <range><lt>1.3.33_3</lt></range> + </package> + <package> + <name>apache+mod_ssl</name> + <range><gt>0</gt></range> + </package> + <package> + <name>apache+mod_ssl+ipv6</name> + <range><gt>0</gt></range> + </package> + <package> + <name>ru-apache</name> + <range><gt>0</gt></range> + </package> + <package> + <name>ru-apache+mod_ssl</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Watchfire whitepaper reports an vulnerability in the + Apache webserver. The vulnerability can be exploited by + malicious people causing cross site scripting, web cache + poisoining, session hijacking and most importantly the + ability to bypass web application firewall protection. + Exploiting this vulnerability requires multiple carefully + crafted HTTP requests, taking advantage of an caching server, + proxy server, web application firewall etc.</p> + </body> + </description> + <references> + <bid>14106</bid> + <cvename>CAN-2005-2088</cvename> + <url>http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf</url> + </references> + <dates> + <discovery>2005-07-25</discovery> + <entry>2005-07-26</entry> + </dates> + </vuln> + <vuln vid="1db7ecf5-fd24-11d9-b4d6-0007e900f87b"> <topic>clamav -- multiple remote buffer overflows</topic> <affects> |