Vulnerabilities > CVE-2005-2491 - Unspecified vulnerability in Pcre 5.0/6.0/6.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN pcre
nessus
Summary
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_12013.NASL description Python contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2005-2491, CVE-2006-7228) last seen 2020-06-01 modified 2020-06-02 plugin id 41173 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41173 title SuSE9 Security Update : Python (YOU Patch Number 12013) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41173); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2005-2491", "CVE-2006-7228"); script_name(english:"SuSE9 Security Update : Python (YOU Patch Number 12013)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Python contains a copy of the pcre library. Specially crafted regular expressions could lead to a buffer overflow in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code. (CVE-2005-2491, CVE-2006-7228)" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2005-2491/" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-7228.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12013."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"python-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-curses-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-demo-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-devel-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-doc-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-doc-pdf-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-gdbm-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-idle-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-mpz-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-tk-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", reference:"python-xml-2.3.3-88.18")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"python-32bit-9-200712110030")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_049.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:049 (php4, php5). This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498). The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications. - A integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491) last seen 2019-10-28 modified 2005-10-05 plugin id 19928 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19928 title SUSE-SA:2005:049: php4, php5 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:049 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(19928); script_version ("1.8"); name["english"] = "SUSE-SA:2005:049: php4, php5"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2005:049 (php4, php5). This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498). The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications. - A integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491)" ); script_set_attribute(attribute:"solution", value: "http://www.suse.de/security/advisories/2005_49_php.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2005/10/05"); script_end_attributes(); summary["english"] = "Check for the version of the php4, php5 package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"apache2-mod_php4-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-aolserver-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-devel-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.3-194", release:"SUSE9.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-core-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-imap-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-mysql-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-recode-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-servlet-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-wddx-4.3.4-43.41", release:"SUSE9.1") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.8-8.12", release:"SUSE9.2") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php4-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"apache2-mod_php5-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"mod_php4-servlet-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-devel-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-exif-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-fastcgi-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-pear-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-session-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php4-sysvshm-4.3.10-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-devel-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-exif-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-fastcgi-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-pear-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-sysvmsg-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"php5-sysvshm-5.0.3-14.9", release:"SUSE9.3") ) { security_hole(0); exit(0); }
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34123.NASL description s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 21107 published 2006-03-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21107 title HP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-154.NASL description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The python packages use a private copy of pcre code. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 19910 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19910 title Mandrake Linux Security Advisory : python (MDKSA-2005:154) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-173-1.NASL description A buffer overflow has been discovered in the PCRE, a widely used library that provides Perl compatible regular expressions. Specially crafted regular expressions triggered a buffer overflow. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20580 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20580 title Ubuntu 4.10 / 5.04 : pcre3 vulnerability (USN-173-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-173-2.NASL description USN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was determined that this did not suffice to prevent all possible overflows, so another update is necessary. In addition, it was found that the Ubuntu 4.10 version of Apache 2 contains a static copy of the library code, so this package needs to be updated as well. In Ubuntu 5.04, Apache 2 uses the external library from the libpcre3 package. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20581 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20581 title Ubuntu 4.10 / 5.04 : pcre3, apache2 vulnerabilities (USN-173-2) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B971D2A6167011DA978E0001020EED82.NASL description The pcre library is vulnerable to a buffer overflow vulnerability due to insufficient validation of quantifier values. This could lead execution of arbitrary code with the permissions of the program using pcre by way of a specially crated regular expression. last seen 2020-06-01 modified 2020-06-02 plugin id 21502 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21502 title FreeBSD : pcre -- regular expression buffer overflow (b971d2a6-1670-11da-978e-0001020eed82) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-251-04.NASL description A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP last seen 2020-06-01 modified 2020-06-02 plugin id 19863 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19863 title Slackware 10.1 : php5 in Slackware 10.1 (SSA:2005-251-04) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-12.NASL description The remote host is affected by the vulnerability described in GLSA-200509-12 (Apache, mod_ssl: Multiple vulnerabilities) mod_ssl contains a security issue when last seen 2020-06-01 modified 2020-06-02 plugin id 19811 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19811 title GLSA-200509-12 : Apache, mod_ssl: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0197.NASL description Updated Python packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was found in Python last seen 2020-06-01 modified 2020-06-02 plugin id 21042 published 2006-03-10 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21042 title RHEL 2.1 / 3 / 4 : python (RHSA-2006:0197) NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_051.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:051 (php4,php5). This update fixes the following security issues in the PHP scripting language. - Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CVE-2005-1921, CVE-2005-2498). The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications. - An integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CVE-2005-2491) Please note: last seen 2019-10-28 modified 2005-10-05 plugin id 19930 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19930 title SUSE-SA:2005:051: php4,php5 NASL family CGI abuses NASL id PHP_4_4_1.NASL description According to its banner, the version of PHP installed on the remote host is older than 4.4.1 or 5.0.6. Such versions fail to protect the last seen 2020-06-01 modified 2020-06-02 plugin id 20111 published 2005-11-01 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20111 title PHP < 4.4.1 / 5.0.6 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-152.NASL description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The php packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 19908 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19908 title Mandrake Linux Security Advisory : php (MDKSA-2005:152) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34163.NASL description s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 21108 published 2006-03-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21108 title HP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-213.NASL description A number of vulnerabilities were discovered in PHP : An issue with fopen_wrappers.c would not properly restrict access to other directories when the open_basedir directive included a trailing slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1. An issue with the apache2handler SAPI in mod_php could allow an attacker to cause a Denial of Service via the session.save_path option in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue does not affect Corporate Server 2.1. A Denial of Service vulnerability was discovered in the way that PHP processes EXIF image data which could allow an attacker to cause PHP to crash by supplying carefully crafted EXIF image data (CVE-2005-3353). A cross-site scripting vulnerability was discovered in the phpinfo() function which could allow for the injection of JavaScript or HTML content onto a page displaying phpinfo() output, or to steal data such as cookies (CVE-2005-3388). A flaw in the parse_str() function could allow for the enabling of register_globals, even if it was disabled in the PHP configuration file (CVE-2005-3389). A vulnerability in the way that PHP registers global variables during a file upload request could allow a remote attacker to overwrite the $GLOBALS array which could potentially lead the execution of arbitrary PHP commands. This vulnerability only affects systems with register_globals enabled (CVE-2005-3390). The updated packages have been patched to address this issue. Once the new packages have been installed, you will need to restart your Apache server using last seen 2020-06-01 modified 2020-06-02 plugin id 20445 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20445 title Mandrake Linux Security Advisory : php (MDKSA-2005:213) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-800.NASL description An integer overflow with subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code. Since several packages link dynamically to this library you are advised to restart the corresponding services or programs respectively. The command last seen 2020-06-01 modified 2020-06-02 plugin id 19570 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19570 title Debian DSA-800-1 : pcre3 - integer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-19.NASL description The remote host is affected by the vulnerability described in GLSA-200509-19 (PHP: Vulnerabilities in included PCRE and XML-RPC libraries) PHP makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). It also ships with an XML-RPC library affected by a script injection vulnerability (see GLSA 200508-13). Impact : An attacker could target a PHP-based web application that would use untrusted data as regular expressions, potentially resulting in the execution of arbitrary code. If web applications make use of the XML-RPC library shipped with PHP, they are also vulnerable to remote execution of arbitrary PHP code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19818 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19818 title GLSA-200509-19 : PHP: Vulnerabilities in included PCRE and XML-RPC libraries NASL family Debian Local Security Checks NASL id DEBIAN_DSA-821.NASL description An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression. last seen 2020-06-01 modified 2020-06-02 plugin id 19790 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19790 title Debian DSA-821-1 : python2.3 - integer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-02.NASL description The remote host is affected by the vulnerability described in GLSA-200509-02 (Gnumeric: Heap overflow in the included PCRE library) Gnumeric contains a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). Impact : An attacker could potentially exploit this vulnerability by tricking a user into opening a specially crafted spreadsheet, which could lead to the execution of arbitrary code with the privileges of the user running Gnumeric. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19577 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19577 title GLSA-200509-02 : Gnumeric: Heap overflow in the included PCRE library NASL family Debian Local Security Checks NASL id DEBIAN_DSA-819.NASL description An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression. last seen 2020-06-01 modified 2020-06-02 plugin id 19788 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19788 title Debian DSA-819-1 : python2.1 - integer overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-761.NASL description Updated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team PCRE is a Perl-compatible regular expression library. An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. The security impact of this issue varies depending on the way that applications make use of PCRE. For example, the Apache web server uses the system PCRE library in order to parse regular expressions, but this flaw would only allow a user who already has the ability to write .htaccess files to gain last seen 2020-06-01 modified 2020-06-02 plugin id 19675 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19675 title RHEL 2.1 / 3 / 4 : pcre (RHSA-2005:761) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-155.NASL description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The apache2 packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem. 10.1 and 10.2/LE2005 are already built against the system pcre. last seen 2020-06-01 modified 2020-06-02 plugin id 19911 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19911 title Mandrake Linux Security Advisory : apache2 (MDKSA-2005:155) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-009.NASL description The remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apache_mod_ssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog last seen 2020-06-01 modified 2020-06-02 plugin id 20249 published 2005-11-30 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20249 title Mac OS X Multiple Vulnerabilities (Security Update 2005-009) NASL family Web Servers NASL id APACHE_2_0_55.NASL description The remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities : - A security issue exists where last seen 2020-06-01 modified 2020-06-02 plugin id 31656 published 2008-03-26 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31656 title Apache < 2.0.55 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-358.NASL description Updated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within Exim. A local user could create a maliciously crafted regular expression in such as way that they could gain the privileges of the last seen 2020-06-01 modified 2020-06-02 plugin id 19672 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19672 title RHEL 4 : exim (RHSA-2005:358) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-17.NASL description The remote host is affected by the vulnerability described in GLSA-200508-17 (libpcre: Heap integer overflow) libpcre fails to check certain quantifier values in regular expressions for sane values. Impact : An attacker could possibly exploit this vulnerability to execute arbitrary code by sending specially crafted regular expressions to applications making use of the libpcre library. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19537 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19537 title GLSA-200508-17 : libpcre: Heap integer overflow NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0197.NASL description Updated Python packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was found in Python last seen 2020-06-01 modified 2020-06-02 plugin id 21890 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21890 title CentOS 3 / 4 : python (CESA-2006:0197) NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_048.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:048 (pcre). A vulnerability was found in the PCRE regular expression handling library which allows an attacker to crash or overflow a buffer in the program by specifying a special regular expression. Since this library is used in a large number of packages, including apache2, php4, exim, postfix and similar, a remote attack could be possible. This is tracked by the Mitre CVE ID CVE-2005-2491. last seen 2019-10-28 modified 2005-10-05 plugin id 19927 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19927 title SUSE-SA:2005:048: pcre NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-151.NASL description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 19907 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19907 title Mandrake Linux Security Advisory : pcre (MDKSA-2005:151) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-242-01.NASL description New PCRE packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A buffer overflow could be triggered by a specially crafted regular expression. Any applications that use PCRE to process untrusted regular expressions may be exploited to run arbitrary code as the user running the application. The PCRE library is also provided in an initial installation by the aaa_elflibs package, so if your system has a /usr/lib/libpcre.so.0 symlink, then you should install this updated package even if the PCRE package itself is not installed on the system. last seen 2020-06-01 modified 2020-06-02 plugin id 19858 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19858 title Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PCRE library (SSA:2005-242-01) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-173-4.NASL description USN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was found that the various python packages and gnumeric contain static copies of the library code, so these packages need to be updated as well. In gnumeric this bug could be exploited to execute arbitrary code with the privileges of the user if the user was tricked into opening a specially crafted spreadsheet document. In python, the impact depends on the particular application that uses python last seen 2020-06-01 modified 2020-06-02 plugin id 20583 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20583 title Ubuntu 4.10 / 5.04 : python2.1, python2.2, python2.3, gnumeric vulnerabilities (USN-173-4) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-358.NASL description Updated exim packages that fix a security issue in PCRE and a free space computation on large file system bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within Exim. A local user could create a maliciously crafted regular expression in such as way that they could gain the privileges of the last seen 2020-06-01 modified 2020-06-02 plugin id 21927 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21927 title CentOS 4 : exim (CESA-2005:358) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-761.NASL description Updated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team PCRE is a Perl-compatible regular expression library. An integer overflow flaw was found in PCRE, triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. The security impact of this issue varies depending on the way that applications make use of PCRE. For example, the Apache web server uses the system PCRE library in order to parse regular expressions, but this flaw would only allow a user who already has the ability to write .htaccess files to gain last seen 2020-06-01 modified 2020-06-02 plugin id 21854 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21854 title CentOS 3 / 4 : pcre (CESA-2005:761) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-242-02.NASL description New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP last seen 2020-06-01 modified 2020-06-02 plugin id 19859 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19859 title Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2005-242-02) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-817.NASL description An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression. last seen 2020-06-01 modified 2020-06-02 plugin id 19786 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19786 title Debian DSA-817-1 : python2.2 - integer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-08.NASL description The remote host is affected by the vulnerability described in GLSA-200509-08 (Python: Heap overflow in the included PCRE library) The last seen 2020-06-01 modified 2020-06-02 plugin id 19687 published 2005-09-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19687 title GLSA-200509-08 : Python: Heap overflow in the included PCRE library NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-153.NASL description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The gnumeric packages use a private copy of pcre code. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 19909 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19909 title Mandrake Linux Security Advisory : gnumeric (MDKSA-2005:153)
Oval
accepted 2013-04-29T04:14:32.292-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. family unix id oval:org.mitre.oval:def:11516 status accepted submitted 2010-07-09T03:56:16-04:00 title Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. version 28 accepted 2007-10-02T08:08:09.337-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc.
description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. family unix id oval:org.mitre.oval:def:1496 status accepted submitted 2006-03-18T07:24:00.000-04:00 title Webproxy Integer Overflow in pcre_compile version 36 accepted 2007-10-02T08:08:10.207-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc.
description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. family unix id oval:org.mitre.oval:def:1659 status accepted submitted 2006-03-18T07:24:00.000-04:00 title VirusVault Integer Overflow in pcre_compile version 36 accepted 2006-01-25T07:30:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. family unix id oval:org.mitre.oval:def:735 status accepted submitted 2005-11-30T12:00:00.000-04:00 title Apache Integer Overflow in pcre_compile.c version 35
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2008-07-02 |
organization | Apache |
statement | Fixed in Apache 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html |
References
- http://www.securityfocus.com/bid/14620
- http://securitytracker.com/id?1014744
- http://www.debian.org/security/2005/dsa-800
- http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml
- http://www.redhat.com/support/errata/RHSA-2005-761.html
- http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
- http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml
- http://www.debian.org/security/2005/dsa-819
- http://www.debian.org/security/2005/dsa-817
- http://www.debian.org/security/2005/dsa-821
- http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://www.ethereal.com/appnotes/enpa-sa-00021.html
- http://www.php.net/release_4_4_1.php
- http://docs.info.apple.com/article.html?artnum=302847
- http://www.securityfocus.com/bid/15647
- http://secunia.com/advisories/17813
- http://secunia.com/advisories/16502
- http://secunia.com/advisories/16679
- http://www.redhat.com/support/errata/RHSA-2006-0197.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
- http://secunia.com/advisories/19072
- http://www.redhat.com/support/errata/RHSA-2005-358.html
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt
- http://secunia.com/advisories/19193
- http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
- http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
- http://secunia.com/advisories/17252
- ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
- http://secunia.com/advisories/19532
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://www.novell.com/linux/security/advisories/2005_48_pcre.html
- http://www.novell.com/linux/security/advisories/2005_49_php.html
- http://www.novell.com/linux/security/advisories/2005_52_apache2.html
- http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm
- http://secunia.com/advisories/21522
- http://secunia.com/advisories/22691
- http://secunia.com/advisories/22875
- http://securityreason.com/securityalert/604
- http://www.vupen.com/english/advisories/2006/0789
- http://www.vupen.com/english/advisories/2006/4502
- http://www.vupen.com/english/advisories/2006/4320
- http://www.vupen.com/english/advisories/2005/1511
- http://www.vupen.com/english/advisories/2005/2659
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://marc.info/?l=bugtraq&m=112606064317223&w=2
- http://marc.info/?l=bugtraq&m=112605112027335&w=2
- http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516
- http://www.securityfocus.com/archive/1/428138/100/0/threaded
- http://www.securityfocus.com/archive/1/427046/100/0/threaded
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E