FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache -- multiple vulnerabilities

Affected packages
2.2.0	<	apache	<	2.2.9

Details

VuXML ID	c84dc9ad-41f7-11dd-a4f9-00163e000016
Discovery	2008-06-14
Entry	2008-06-24

Apache HTTP server project reports:

The following potential security flaws are addressed:

CVE-2008-2364: mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya.

CVE-2007-6420: mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface

[source]

References

CVE Name	CVE-2007-6420
CVE Name	CVE-2008-2364
URL	http://www.apache.org/dist/httpd/Announcement2.2.html