FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache24 -- several vulnerabilities

Affected packages
apache24 < 2.4.12

Details

VuXML ID 5804b9d4-a959-11e4-9363-20cf30e32f6d
Discovery 2015-01-29
Entry 2015-01-31

Apache HTTP SERVER PROJECT reports:

mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K.

mod_cache: Avoid a crash when Content-Type has an empty value. PR 56924.

mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204.

core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior.

References

CVE Name CVE-2013-5704
CVE Name CVE-2014-3581
CVE Name CVE-2014-3583
CVE Name CVE-2014-8109