Information on source package apache2

Available versions

ReleaseVersion
wheezy2.2.22-13+deb7u6
wheezy (security)2.2.22-13+deb7u8
jessie2.4.10-10+deb8u7
jessie (security)2.4.10-10+deb8u8
stretch2.4.25-3
sid2.4.25-3

Open unimportant issues

BugwheezyjessiestretchsidDescription
CVE-2011-4415vulnerablefixedfixedfixedThe ap_pregsub function in server/util.c in the Apache HTTP Server ...
CVE-2008-0456vulnerablevulnerablevulnerablevulnerableCRLF injection vulnerability in the mod_negotiation module in the ...
CVE-2008-0455vulnerablevulnerablevulnerablevulnerableCross-site scripting (XSS) vulnerability in the mod_negotiation module ...
CVE-2007-3303vulnerablevulnerablevulnerablevulnerableApache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...
CVE-2007-1743vulnerablevulnerablevulnerablevulnerablesuexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...
CVE-2007-0086vulnerablevulnerablevulnerablevulnerable** DISPUTED ** ...
CVE-2003-1581vulnerablevulnerablevulnerablevulnerableThe Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...
CVE-2003-1580vulnerablevulnerablevulnerablevulnerableThe Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...
CVE-2003-1307vulnerablevulnerablevulnerablevulnerable** DISPUTED ** ...
CVE-2001-1534vulnerablevulnerablevulnerablevulnerablemod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...

Resolved issues

BugDescription
TEMP-0535886-8B62DCapache2: htaccess override
CVE-2016-8743Apache HTTP Request Parsing Whitespace Defects
CVE-2016-8740The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...
CVE-2016-5387The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 ...
CVE-2016-4979The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and ...
CVE-2016-2161DoS vulnerability in mod_auth_digest
CVE-2016-1546The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, ...
CVE-2016-0736Padding Oracle in Apache mod_session_crypto
CVE-2015-3675The default configuration of the Apache HTTP Server on Apple OS X ...
CVE-2015-3185The ap_some_auth_required function in server/request.c in the Apache ...
CVE-2015-3183The chunked transfer coding implementation in the Apache HTTP Server ...
CVE-2015-0253The read_request_line function in server/protocol.c in the Apache HTTP ...
CVE-2015-0228The lua_websocket_read function in lua_request.c in the mod_lua module ...
CVE-2014-8109mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and ...
CVE-2014-3583The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi ...
CVE-2014-3581The cache_merge_headers_out function in modules/cache/cache_util.c in ...
CVE-2014-3523Memory leak in the winnt_accept function in server/mpm/winnt/child.c ...
CVE-2014-0231The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...
CVE-2014-0226Race condition in the mod_status module in the Apache HTTP Server ...
CVE-2014-0118The deflate_in_filter function in mod_deflate.c in the mod_deflate ...
CVE-2014-0117The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, ...
CVE-2014-0098The log_cookie function in mod_log_config.c in the mod_log_config ...
CVE-2013-6438The dav_xml_get_cdata function in main/util.c in the mod_dav module in ...
CVE-2013-5704The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...
CVE-2013-4352The cache_invalidate function in modules/cache/cache_storage.c in the ...
CVE-2013-2249mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP ...
CVE-2013-1896mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly ...
CVE-2013-1862mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server ...
CVE-2013-1048The Debian apache2ctl script in the apache2 package squeeze before ...
CVE-2012-4929The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...
CVE-2012-4558Multiple cross-site scripting (XSS) vulnerabilities in the ...
CVE-2012-4557The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through ...
CVE-2012-3502The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp ...
CVE-2012-3499Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ...
CVE-2012-2687Multiple cross-site scripting (XSS) vulnerabilities in the ...
CVE-2012-0883envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 ...
CVE-2012-0216The default configuration of the apache2 package in Debian GNU/Linux ...
CVE-2012-0053protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not ...
CVE-2012-0031scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow ...
CVE-2012-0021The log_cookie function in mod_log_config.c in the mod_log_config ...
CVE-2011-4317The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, ...
CVE-2011-3639The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 ...
CVE-2011-3607Integer overflow in the ap_pregsub function in server/util.c in the ...
CVE-2011-3368The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, ...
CVE-2011-3348The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when ...
CVE-2011-3192The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through ...
CVE-2011-1176The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...
CVE-2010-2791mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...
CVE-2010-2068mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...
CVE-2010-1623Memory leak in the apr_brigade_split_line function in ...
CVE-2010-1452The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server ...
CVE-2010-0434The ap_read_request function in server/protocol.c in the Apache HTTP ...
CVE-2010-0425modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ...
CVE-2010-0408The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...
CVE-2009-3095The mod_proxy_ftp module in the Apache HTTP Server allows remote ...
CVE-2009-3094The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the ...
CVE-2009-1891The mod_deflate module in Apache httpd 2.2.11 and earlier compresses ...
CVE-2009-1890The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy ...
CVE-2009-1195The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not ...
CVE-2009-1191mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...
CVE-2008-2939Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the ...
CVE-2008-2364The ap_proxy_http_process_response function in mod_proxy_http.c in the ...
CVE-2008-2168Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier ...
CVE-2008-1678Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c ...
CVE-2008-0005mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before ...
CVE-2007-6750The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a ...
CVE-2007-6423** DISPUTED ** ...
CVE-2007-6422The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...
CVE-2007-6421Cross-site scripting (XSS) vulnerability in balancer-manager in ...
CVE-2007-6420Cross-site request forgery (CSRF) vulnerability in the ...
CVE-2007-6388Cross-site scripting (XSS) vulnerability in mod_status in the Apache ...
CVE-2007-6203Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method ...
CVE-2007-5000Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...
CVE-2007-4465Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the ...
CVE-2007-3847The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...
CVE-2007-3304Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, ...
CVE-2007-1863cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...
CVE-2007-1862The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...
CVE-2007-1742suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...
CVE-2007-1741Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...
CVE-2006-5752Cross-site scripting (XSS) vulnerability in mod_status.c in the ...
CVE-2006-4110Apache 2.2.2, when running on Windows, allows remote attackers to read ...
CVE-2006-3918http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...
CVE-2006-3747Off-by-one error in the ldap scheme handling in the Rewrite module ...
CVE-2005-3357mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...
CVE-2005-3352Cross-site scripting (XSS) vulnerability in the mod_imap module of ...
CVE-2005-2970Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...
CVE-2005-2728The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...
CVE-2005-2700ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...
CVE-2005-2088The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ...
CVE-2005-1344Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...
CVE-2005-1268Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...
CVE-2004-1834mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...
CVE-2004-0942Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...
CVE-2004-0885The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...
CVE-2004-0811Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...
CVE-2004-0809The mod_dav module in Apache 2.0.50 and earlier allows remote ...
CVE-2004-0786The IPv6 URI parsing routines in the apr-util library for Apache ...
CVE-2004-0751The char_buffer_read function in the mod_ssl module for Apache 2.x, ...
CVE-2004-0748mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...
CVE-2004-0747Buffer overflow in Apache 2.0.50 and earlier allows local users to ...
CVE-2004-0493The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...
CVE-2004-0488Stack-based buffer overflow in the ssl_util_uuencode_binary function ...
CVE-2004-0113Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 ...
CVE-2003-1138The default configuration of Apache 2.0.40, as shipped with Red Hat ...
CVE-2003-0789mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...
CVE-2003-0542Multiple stack-based buffer overflows in (1) mod_alias and (2) ...
CVE-2003-0254Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...
CVE-2003-0253The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...
CVE-2003-0245Vulnerability in the apr_psprintf function in the Apache Portable ...
CVE-2003-0192Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...
CVE-2003-0189The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...
CVE-2003-0134Unknown vulnerability in filestat.c for Apache running on OS2, ...
CVE-2003-0132A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...
CVE-2003-0083Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...
CVE-2003-0020Apache does not filter terminal escape sequences from its error logs, ...
CVE-2002-1850mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...
CVE-2002-1593mod_dav in Apache before 2.0.42 does not properly handle versioning ...
CVE-2002-1592The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...
CVE-2002-1156Apache 2.0.42 allows remote attackers to view the source code of a CGI ...
CVE-2002-0840Cross-site scripting (XSS) vulnerability in the default error page of ...
CVE-2002-0661Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...
CVE-2002-0654Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...
CVE-2002-0392Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote ...

Security announcements

DSA / DLADescription
DLA-841-1apache2 - security update
DSA-3796-1apache2 - security update
DSA-3623-1apache2 - security update
DLA-553-1apache2 - security update
DSA-3325-2apache2 - regression update
DSA-3325-1apache2 - security update
DSA-3325-1apache2 - security update
DLA-284-1apache2 - security update
DLA-71-1apache2 - security update
DLA-66-1apache2 - security update
DSA-2989-1apache2 - security update
DSA-2637-1apache2 - several
DSA-2579-1apache2 - several
DSA-2452-1apache2 - insecure default configuration
DSA-2405-1apache2 - multiple issues
DSA-2405-1apache2 - multiple issues
DSA-2298-1apache2 - denial of service
DSA-2298-1apache2 - denial of service
DSA-2202-1apache2 - failure to drop root privileges
DSA-2035-1apache2 - several issues
DSA-1934-1apache2 - several issues
DSA-1934-1apache2 - several issues
DSA-1834-1apache2 apache2-mpm-itk - denial of service
DSA-1834-1apache2 apache2-mpm-itk - denial of service
DSA-1816-1apache2 apache2-mpm-itk - privilege escalation
DSA-1816-1apache2 apache2-mpm-itk - privilege escalation
DSA-1132-1apache2 - buffer overflow
DSA-805-1apache2 - several

Search for package or bug name: Reporting problems