FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache -- several vulnerabilities

Affected packages
2.4.0 < apache24 < 2.4.9
2.2.0 < apache22 < 2.2.27
2.2.0 < apache22-event-mpm < 2.2.27
2.2.0 < apache22-itk-mpm < 2.2.27
2.2.0 < apache22-peruser-mpm < 2.2.27
2.2.0 < apache22-worker-mpm < 2.2.27

Details

VuXML ID 91ecb546-b1e6-11e3-980f-20cf30e32f6d
Discovery 2014-02-25
Entry 2014-03-22

Apache HTTP SERVER PROJECT reports:

Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies.

mod_dav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential denial of service from specifically crafted DAV WRITE requests.

References

CVE Name CVE-2013-6438
CVE Name CVE-2014-0098