Apache 2 vulnerabilities

2005-08-0400:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

Confidence

Low

EPSS

0.963

Percentile

99.6%

JSON

Releases

Ubuntu 5.04
Ubuntu 4.10

Details

Marc Stern discovered a buffer overflow in the SSL module’s
certificate revocation list (CRL) handler. If Apache is configured to
use a malicious CRL, this could possibly lead to a server crash or
arbitrary code execution with the privileges of the Apache web server.
(CAN-2005-1268)

Watchfire discovered that Apache insufficiently verified the
“Transfer-Encoding” and “Content-Length” headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.
(CAN-2005-2088)

OSVersionArchitecturePackageVersionFilename
Ubuntu5.04noarchapache2-mpm-worker< *UNKNOWN
Ubuntu5.04noarchapache2-mpm-perchild< *UNKNOWN
Ubuntu5.04noarchapache2-mpm-prefork< *UNKNOWN
Ubuntu5.04noarchapache2-mpm-threadpool< *UNKNOWN
Ubuntu4.10noarchapache2-mpm-worker< *UNKNOWN
Ubuntu4.10noarchapache2-mpm-perchild< *UNKNOWN
Ubuntu4.10noarchapache2-mpm-prefork< *UNKNOWN
Ubuntu4.10noarchapache2-mpm-threadpool< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	5.04	noarch	apache2-mpm-worker	< *	UNKNOWN
Ubuntu	5.04	noarch	apache2-mpm-perchild	< *	UNKNOWN
Ubuntu	5.04	noarch	apache2-mpm-prefork	< *	UNKNOWN
Ubuntu	5.04	noarch	apache2-mpm-threadpool	< *	UNKNOWN
Ubuntu	4.10	noarch	apache2-mpm-worker	< *	UNKNOWN
Ubuntu	4.10	noarch	apache2-mpm-perchild	< *	UNKNOWN
Ubuntu	4.10	noarch	apache2-mpm-prefork	< *	UNKNOWN
Ubuntu	4.10	noarch	apache2-mpm-threadpool	< *	UNKNOWN