diff options
| author | remko <remko@FreeBSD.org> | 2005-07-27 23:57:54 +0800 |
|---|---|---|
| committer | remko <remko@FreeBSD.org> | 2005-07-27 23:57:54 +0800 |
| commit | da1aaf63dabd3b1f7fabc0159f0281f2e0669f2e (patch) | |
| tree | afb0c0f901604c6cc26cb80327bfc7ca5b1aa242 /security/vuxml | |
| parent | 37780e05b09a87b63b8efa4a2d085a5f96024d9d (diff) | |
| download | freebsd-ports-gnome-da1aaf63dabd3b1f7fabc0159f0281f2e0669f2e.tar.gz freebsd-ports-gnome-da1aaf63dabd3b1f7fabc0159f0281f2e0669f2e.tar.zst freebsd-ports-gnome-da1aaf63dabd3b1f7fabc0159f0281f2e0669f2e.zip | |
Document apache -- http request smuggling.
Requested by: clement
Glanced at by: clement
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f7c4ea8ccdb5..0aa78a4179d0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,70 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="651996e0-fe07-11d9-8329-000e0c2e438a"> + <topic>apache -- http request smuggling</topic> + <affects> + <package> + <name>apache</name> + <range><lt>2.0.54_1</lt></range> + <range><lt>2.1.6_1</lt></range> + </package> + <package> + <name>apache+ipv6</name> + <range><gt>0</gt></range> + </package> + <package> + <name>apache_fp</name> + <range><gt>0</gt></range> + </package> + <package> + <name>apache+ssl</name> + <range><lt>1.3.33.1.55_1</lt></range> + </package> + <package> + <name>apache+mod_perl</name> + <range><lt>1.3.33_3</lt></range> + </package> + <package> + <name>apache+mod_ssl</name> + <range><gt>0</gt></range> + </package> + <package> + <name>apache+mod_ssl+ipv6</name> + <range><gt>0</gt></range> + </package> + <package> + <name>ru-apache</name> + <range><gt>0</gt></range> + </package> + <package> + <name>ru-apache+mod_ssl</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Watchfire whitepaper reports an vulnerability in the + Apache webserver. The vulnerability can be exploited by + malicious people causing cross site scripting, web cache + poisoining, session hijacking and most importantly the + ability to bypass web application firewall protection. + Exploiting this vulnerability requires multiple carefully + crafted HTTP requests, taking advantage of an caching server, + proxy server, web application firewall etc.</p> + </body> + </description> + <references> + <bid>14106</bid> + <cvename>CAN-2005-2088</cvename> + <url>http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf</url> + </references> + <dates> + <discovery>2005-07-25</discovery> + <entry>2005-07-26</entry> + </dates> + </vuln> + <vuln vid="1db7ecf5-fd24-11d9-b4d6-0007e900f87b"> <topic>clamav -- multiple remote buffer overflows</topic> <affects> |