Consistently format SECURITY entries.

Changes with Apache 2.0.53

Changes with Apache 2.0.53

  *) SECURITY: CAN-2004-0942 (cve.mitre.org):

  *) SECURITY: CAN-2004-0942 (cve.mitre.org)

     Fix for memory consumption DoS in handling of MIME folded request

     Fix for memory consumption DoS in handling of MIME folded request

     headers.  [Joe Orton]

     headers.  [Joe Orton]

Changes with Apache 2.0.48

Changes with Apache 2.0.48

  *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of

  *) SECURITY: CAN-2003-0789 (cve.mitre.org)

     the AF_UNIX socket used to communicate with the cgid daemon and

     mod_cgid: Resolve some mishandling of the AF_UNIX socket used to

     the CGI script.  [Jeff Trawick]

     communicate with the cgid daemon and the CGI script.

     [Jeff Trawick]

  *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and 

  *) SECURITY: CAN-2003-0542 (cve.mitre.org)

     mod_rewrite which occurred if one configured a regular expression 

     Fix buffer overflows in mod_alias and mod_rewrite which occurred

     with more than 9 captures.  [André Malo]

     if one configured a regular expression with more than 9 captures.

     [André Malo]

  *) mod_include: fix segfault which occured if the filename was not

  *) mod_include: fix segfault which occured if the filename was not

     set, for example, when processing some error conditions.

     set, for example, when processing some error conditions.

Changes with Apache 2.0.47

Changes with Apache 2.0.47

  *) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences

  *) SECURITY: CAN-2003-0192 (cve.mitre.org)

     of per-directory renegotiations and the SSLCipherSuite directive

     Fixed a bug whereby certain sequences of per-directory

     being used to upgrade from a weak ciphersuite to a strong one

     renegotiations and the SSLCipherSuite directive being used to

     could result in the weak ciphersuite being used in place of the

     upgrade from a weak ciphersuite to a strong one could result in

     strong one.  [Ben Laurie]

     the weak ciphersuite being used in place of the strong one.  

     [Ben Laurie]

  *) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing

  *) SECURITY: CAN-2003-0253 (cve.mitre.org)

     temporary denial of service when accept() on a rarely accessed port

     Fixed a bug in prefork MPM causing temporary denial of service

     returns certain errors.  Reported by Saheed Akhtar

     when accept() on a rarely accessed port returns certain errors.

     <S.Akhtar talis.com>.  [Jeff Trawick]

     Reported by Saheed Akhtar <S.Akhtar talis.com>.  [Jeff Trawick]

  *) SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial

  *) SECURITY: CAN-2003-0254 (cve.mitre.org)

     of service when target host is IPv6 but proxy server can't create

     Fixed a bug in ftp proxy causing denial of service when target

     IPv6 socket.  Fixed by the reporter.  [Yoshioka Tsuneo

     host is IPv6 but proxy server can't create IPv6 socket.  Fixed by

     <tsuneo.yoshioka f-secure.com>]

     the reporter.  [Yoshioka Tsuneo <tsuneo.yoshioka f-secure.com>]

  *) SECURITY [VU#379828] Prevent the server from crashing when entering

  *) SECURITY [VU#379828] Prevent the server from crashing when entering

     infinite loops. The new LimitInternalRecursion directive configures

     infinite loops. The new LimitInternalRecursion directive configures

Changes with Apache 2.0.46

Changes with Apache 2.0.46

  *) SECURITY [CAN-2003-0245]: Fixed a bug causing apr_pvsprintf() to crash 

  *) SECURITY: CAN-2003-0245 (cve.mitre.org)

     by sending an overly long string.  This can be triggered remotely 

     Fixed a bug causing apr_pvsprintf() to crash by sending an overly

     through mod_dav, mod_ssl, and other mechanisms.  Reported by David

     long string.  This can be triggered remotely through mod_dav,

     Endler <DEndler iDefense.com>.

     mod_ssl, and other mechanisms.

     [Joe Orton <jorton redhat.com>]

     Reported by David Endler <DEndler iDefense.com>.  [Joe Orton]

  *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability

  *) SECURITY: CAN-2003-0189 (cve.mitre.org)

     affecting basic authentication on Unix platforms related to

     Fixed a denial-of-service vulnerability affecting basic

     thread-safety in apr_password_validate().  The problem was reported

     authentication on Unix platforms related to thread-safety in

     by John Hughes <john.hughes entegrity.com>.

     apr_password_validate().

     Reported by John Hughes <john.hughes entegrity.com>.

  *) Fix for mod_dav.  Call the 'can_be_activity' callback, if provided,

  *) Fix for mod_dav.  Call the 'can_be_activity' callback, if provided,

     when a MKACTIVITY request comes in.

     when a MKACTIVITY request comes in.

  *) Fixed a segfault when multiple ProxyBlock directives were used.

  *) Fixed a segfault when multiple ProxyBlock directives were used.

     PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]

     PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]

  *) SECURITY [CAN-2003-0134] OS2: Fix a Denial of Service vulnerability 

  *) SECURITY: CAN-2003-0134 (cve.mitre.org)

     identified and reported by Robert Howard <rihoward rawbw.com> that 

     OS2: Fix a Denial of Service vulnerability identified and

     where device names faulted the running OS2 worker process.

     reported by Robert Howard <rihoward rawbw.com> that where device

     The fix is actually in APR 0.9.4.  [Brian Havard]

     names faulted the running OS2 worker process.  The fix is

     actually in APR 0.9.4.  [Brian Havard]

  *) Forward port: Escape special characters (especially control

  *) Forward port: Escape special characters (especially control

     characters) in mod_log_config to make a clear distinction between

     characters) in mod_log_config to make a clear distinction between

  *) Fix possible segfaults under obscure error conditions within the

  *) Fix possible segfaults under obscure error conditions within the

     cgid daemon.  [Jeff Trawick, William Rowe]

     cgid daemon.  [Jeff Trawick, William Rowe]

  *) SECURITY [CAN-2003-0132]: Close a Denial of Service vulnerability

  *) SECURITY: CAN-2003-0132 (cve.mitre.org)

     identified by David Endler <DEndler iDefense.com> on all platforms.

     Close a Denial of Service vulnerability identified by David

     An unlimited stream of newlines were acceptable between requests

     Endler <DEndler iDefense.com> on all platforms.  An unlimited

     where each <lf> would allocate an 80 byte buffer, leading very

     stream of newlines were acceptable between requests where each

     quickly to memory exahustion.  [Brian Pane]

     <lf> would allocate an 80 byte buffer, leading very quickly to

     memory exahustion.  [Brian Pane]

  *) Added an rpm build script.

  *) Added an rpm build script.

     [Graham Leggett, Joe Orton <jorton redhat.com>]

     [Graham Leggett, Joe Orton <jorton redhat.com>]

Changes with Apache 2.0.43

Changes with Apache 2.0.43

  *) SECURITY [CVE-2002-0840]: HTML-escape the address produced by 

  *) SECURITY: CVE-2002-0840 (cve.mitre.org)

     ap_server_signature() against this cross-site scripting 

     HTML-escape the address produced by ap_server_signature() against

     vulnerability exposed by the directive 'UseCanonicalName Off'.  

     this cross-site scripting vulnerability exposed by the directive

     Also HTML-escape the SERVER_NAME environment variable for CGI 

     'UseCanonicalName Off'.  Also HTML-escape the SERVER_NAME

     and SSI requests.  It's safe to escape as only the '<', '>', 

     environment variable for CGI and SSI requests.  It's safe to

     and '&' characters are affected, which won't appear in a valid 

     escape as only the '<', '>', and '&' characters are affected,

     hostname.  Reported by Matthew Murphy <mattmurphy kc.rr.com>.

     which won't appear in a valid hostname.  Reported by Matthew

     [Brian Pane]

     Murphy <mattmurphy kc.rr.com>.  [Brian Pane]

  *) Fix a core dump in mod_cache when it attemtped to store uncopyable

  *) Fix a core dump in mod_cache when it attemtped to store uncopyable

     buckets. This happened, for instance, when a file to be cached

     buckets. This happened, for instance, when a file to be cached

     could lead to an infinite loop.  PR 12705  

     could lead to an infinite loop.  PR 12705  

     [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]

     [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]

  *) SECURITY [CVE-2002-1156] (cve.mitre.org):

  *) SECURITY: CVE-2002-1156 (cve.mitre.org)

     Fix the exposure of CGI source when a POST request is sent to 

     Fix the exposure of CGI source when a POST request is sent to 

     a location where both DAV and CGI are enabled. [Ryan Bloom]

     a location where both DAV and CGI are enabled. [Ryan Bloom]

Changes with Apache 2.0.40

Changes with Apache 2.0.40

  *) SECURITY [CAN-2002-0661] (cve.mitre.org): 

  *) SECURITY: CAN-2002-0661 (cve.mitre.org) 

     Close a very significant security hole that 

     Close a very significant security hole that 

     applies only to the Win32, OS2 and Netware platforms.  Unix was not 

     applies only to the Win32, OS2 and Netware platforms.  Unix was not 

     affected, Cygwin may be affected.  Certain URIs will bypass security

     affected, Cygwin may be affected.  Certain URIs will bypass security

     Reported by Auriemma Luigi <bugtest sitoverde.com>.

     Reported by Auriemma Luigi <bugtest sitoverde.com>.

     [Brad Nicholes]

     [Brad Nicholes]

  *) SECURITY [CAN-2002-0654] (cve.mitre.org):

  *) SECURITY: CAN-2002-0654 (cve.mitre.org)

     Close a path-revealing exposure in multiview type

     Close a path-revealing exposure in multiview type

     map negotiation (such as the default error documents) where the

     map negotiation (such as the default error documents) where the

     module would report the full path of the typemapped .var file when

     module would report the full path of the typemapped .var file when

     negotiation.  Reported by Auriemma Luigi <bugtest sitoverde.com>.

     negotiation.  Reported by Auriemma Luigi <bugtest sitoverde.com>.

     [William Rowe]

     [William Rowe]

  *) SECURITY [CAN-2002-0654] (cve.mitre.org):

  *) SECURITY: CAN-2002-0654 (cve.mitre.org)

     Close a path-revealing exposure in cgi/cgid when we 

     Close a path-revealing exposure in cgi/cgid when we 

     fail to invoke a script.  The modules would report "couldn't create 

     fail to invoke a script.  The modules would report "couldn't create 

     child process /path-to-script/script.pl" revealing the full path

     child process /path-to-script/script.pl" revealing the full path

     the pipes and spawning functionality working.

     the pipes and spawning functionality working.

     [Brad Nicholes]

     [Brad Nicholes]

  *) SECURITY [CVE-2002-0392] (cve.mitre.org) [CERT VU#944335]:

  *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]

     Detect overflow when reading the hex bytes forming a chunk line.

     Detect overflow when reading the hex bytes forming a chunk line.

     [Aaron Bannert]

     [Aaron Bannert]

     multiple places and allows for an SSL module to be added much

     multiple places and allows for an SSL module to be added much

     simpler. [Ryan Bloom]

     simpler. [Ryan Bloom]

  *) SECURITY [CVE-2000-0913] (cve.mitre.org):

  *) SECURITY: CVE-2000-0913 (cve.mitre.org)

     Fix a security problem that affects certain configurations of

     Fix a security problem that affects certain configurations of

     mod_rewrite. If the result of a RewriteRule is a filename that

     mod_rewrite. If the result of a RewriteRule is a filename that

     contains expansion specifiers, especially regexp backreferences

     contains expansion specifiers, especially regexp backreferences

     container is VirtualHost or Directory or whatever.

     container is VirtualHost or Directory or whatever.

     [Jeff Trawick]

     [Jeff Trawick]

  *) SECURITY [CAN-2000-1204] (cve.mitre.org):

  *) SECURITY: CAN-2000-1204 (cve.mitre.org)

     Prevent the source code for CGIs from being revealed when 

     Prevent the source code for CGIs from being revealed when 

     using mod_vhost_alias and the CGI directory is under the document root

     using mod_vhost_alias and the CGI directory is under the document root

     and a user makes a request like http://www.example.com//cgi-bin/cgi

     and a user makes a request like http://www.example.com//cgi-bin/cgi

     run-time configurable using the ExtendedStatus directive.

     run-time configurable using the ExtendedStatus directive.

     [Jim Jagielski]

     [Jim Jagielski]

  *) SECURITY [CVE-1999-1199] (cve.mitre.org): 

  *) SECURITY: CVE-1999-1199 (cve.mitre.org) 

     Eliminate O(n^2) space DoS attacks (and other O(n^2)

     Eliminate O(n^2) space DoS attacks (and other O(n^2)

     cpu time attacks) in header parsing.  Add ap_overlap_tables(),

     cpu time attacks) in header parsing.  Add ap_overlap_tables(),

     a function which can be used to perform bulk update operations

     a function which can be used to perform bulk update operations

     on tables in a more efficient manner.

     on tables in a more efficient manner.  [Dean Gaudet]

     [Dean Gaudet]

  *) SECURITY: Added compile-time and configurable limits for

  *) SECURITY: Added compile-time and configurable limits for

     various aspects of reading a client request to avoid some simple

     various aspects of reading a client request to avoid some simple