FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache httpd -- Multiple vulnerabilities

Affected packages
apache24 < 2.4.55

Details

VuXML ID 00919005-96a3-11ed-86e9-d4c9ef517024
Discovery 2023-01-17
Entry 2023-01-17

The Apache httpd project reports:

mod_dav out of bounds read, or write of zero byte (CVE-2006-20001) (moderate)

mod_proxy_ajp Possible request smuggling (CVE-2022-36760) (moderate)

mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting (CVE-2022-37436) (moderate)

References

CVE Name CVE-2006-20001
CVE Name CVE-2022-36760
CVE Name CVE-2022-37436
URL https://downloads.apache.org/httpd/CHANGES_2.4.55