FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache -- multiple vulnerabilities

Affected packages
2.* < apache < 2.2.22

Details

VuXML ID 4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0
Discovery 2011-10-05
Entry 2012-01-31

CVE MITRE reports:

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker.

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

An additional exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker.

A flaw was found in mod_log_config. If the '%{cookiename}C' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM.

A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly.

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified.

References

CVE Name CVE-2011-3368
CVE Name CVE-2011-3607
CVE Name CVE-2011-4317
CVE Name CVE-2012-0021
CVE Name CVE-2012-0031
CVE Name CVE-2012-0053