http://httpd.apache.org/download.cgi
This version of Apache is principally a security release. The following potential security flaws are addressed, the first three of which address several classes of HTTP Request and Response Splitting/Spoofing attacks;
CAN-2005-2088 (cve.mitre.org)
core: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length.
proxy_http: Correctly handle the Transfer-Encoding and Content-Length request headers. Discard the request Content-Length whenever chunked T-E is used, always passing one of either C-L or T-E chunked whenever the request includes a request body.
Unassigned
proxy_http: If a response contains both Transfer-Encoding and a Content-Length, remove the Content-Length and don't reuse the connection.
CAN-2005-2700 (cve.mitre.org)
mod_ssl: Fix a security issue where "SSLVerifyClient" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the vhost configuration.
CAN-2005-2491 (cve.mitre.org)
pcre: Fix integer overflows in PCRE in quantifier parsing which could be triggered by a local user through use of a carefully crafted regex in an .htaccess file.
CAN-2005-2728 (cve.mitre.org)
Fix cases where the byterange filter would buffer responses into memory.
CAN-2005-1268 (cve.mitre.org)
mod_ssl: Fix off-by-one overflow whilst printing CRL information at "LogLevel debug" which could be triggered if configured to use a "malicious" CRL.
This version of Apache is principally a security release. The following potential security flaws are addressed, the first three of which address several classes of HTTP Request and Response Splitting/Spoofing attacks;
CAN-2005-2088 (cve.mitre.org)
core: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length.
proxy_http: Correctly handle the Transfer-Encoding and Content-Length request headers. Discard the request Content-Length whenever chunked T-E is used, always passing one of either C-L or T-E chunked whenever the request includes a request body.
Unassigned
proxy_http: If a response contains both Transfer-Encoding and a Content-Length, remove the Content-Length and don't reuse the connection.
CAN-2005-2700 (cve.mitre.org)
mod_ssl: Fix a security issue where "SSLVerifyClient" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the vhost configuration.
CAN-2005-2491 (cve.mitre.org)
pcre: Fix integer overflows in PCRE in quantifier parsing which could be triggered by a local user through use of a carefully crafted regex in an .htaccess file.
CAN-2005-2728 (cve.mitre.org)
Fix cases where the byterange filter would buffer responses into memory.
CAN-2005-1268 (cve.mitre.org)
mod_ssl: Fix off-by-one overflow whilst printing CRL information at "LogLevel debug" which could be triggered if configured to use a "malicious" CRL.