Replies

Here are advisories for the Apache web server:

Aug 14 2002	(HP Issues Fix) PHP Flaw in Processing Multipart/Form-Data May Let Remote Users Execute Arbitrary Code on the Server
Aug 9 2002	Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
Jul 26 2002	(Sun Issues T-Patches) Re: Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jul 15 2002	Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
Jul 15 2002	(SGI Issues Fix) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jul 3 2002	(HP Issues Fix for HP Secure OS for Linux) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jul 2 2002	(HP Issues Fix For HP-UX) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 25 2002	(Caldera Issues Fix for Linux) Re: Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 24 2002	(Mandrake Issues Revised Fix) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 22 2002	(Mandrake Issues Fix) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 20 2002	(Apache Issues Fix) Re: Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 20 2002	(Trustix Issues Fix) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 20 2002	(IBM Plans to Issue Fix) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 20 2002	(Slackware Issues Fix) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 20 2002	(Conectiva Issues Fix) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 19 2002	(SuSE Issues Fix) Re: Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 19 2002	(Engarde Issues Fix) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 19 2002	(Debian Issues Fix) Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 19 2002	(Apache Issues Fix) Re: Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Jun 17 2002	Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
Mar 21 2002	Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
Mar 15 2002	(SGI Issues Fix) Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
Mar 15 2002	(SGI Issues Fix) Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
Jan 7 2002	(Vendor Responds to Say This is Due to a Major User Misconfiguration) Re: Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
Jan 7 2002	Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
Jan 5 2002	(HP Issues Fix for HP Secure OS for Linux) Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
Jan 5 2002	(FreeBSD Issues Fix For mod_auth_pgsql) Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
Dec 5 2001	(Red Hat Issues Fix) Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
Nov 29 2001	(Mandrake Issues Fix for Single Network Firewall) Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
Nov 28 2001	(Mandrake Issues Fix) Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
Oct 24 2001	(Red Hat Issues Fix for mod_auth_pgsql) Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
Oct 24 2001	Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
Oct 20 2001	(Engarde Issues Fix) Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
Oct 20 2001	(Engarde Issues Fix) Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
Oct 18 2001	(Conectiva Issues Fix) Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
Oct 18 2001	(Conectiva Issues Fix) Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
Oct 14 2001	(Apache Issues a Fix) Re: Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
Oct 14 2001	(Apache Issues Fix) Re: Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
Oct 14 2001	(Apache Issues Fix) Re: Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
Oct 14 2001	Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
Sep 28 2001	(Conectiva Issues Fix for mod_auth_pgsql) Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
Sep 18 2001	(Mandrake Issues Fix) Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
Sep 11 2001	(SuSE Issues Fix for mod_auth_mysql) Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
Sep 8 2001	(Conectiva Issues Fix) Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
Aug 30 2001	Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
Aug 13 2001	Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
Jul 29 2001	(Apple Issues Mac OS Fix) Re: Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
Jul 13 2001	Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
Jun 28 2001	(EnGarde Releases Fix) Re: Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
Jun 15 2001	(Trustix Issues Fix) Re: Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
Jun 13 2001	(Exploit Code Released) Re: Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
Jun 11 2001	Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
May 18 2001	Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
Apr 16 2001	(Additional Information) Re: Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
Apr 13 2001	Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
Mar 13 2001	Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled