FreeBSDE15F2356-9139-11DE-8F42-001AA0166822apache22 -- several vulnerabilities
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.316 Low
EPSS
Percentile
96.9%
Apache ChangeLog reports:
CVE-2009-1891: Fix a potential Denial-of-Service attack against mod_deflate or other modules.
CVE-2009-1195: Prevent the “Includes” Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it.
CVE-2009-1890: Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration.
CVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body.
CVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules (was already fixed in 2.2.11_5).
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.316 Low
EPSS
Percentile
96.9%