|CVE Description||CVSSv2 Base Score||Component||Product and Resolution|
|CVE-2009-1195 In configurations using the "AllowOverride" directive with certain
"Options=" arguments, local users may be able to bypass the
configured restrictions and execute commands from a Server-Side-Include
script which they shouldn't be able to.
||snv_111b plus bug fixes: 6972023 6937352 6864797 6935576 6936032 6882208 6857346 6841115 6838652 6844352|
||SPARC: 120543-22 X86: 120544-22|
|CVE-2009-1891 The mod_deflate module in Apache httpd 2.2.11 and earlier compresses
large files until completion even after the associated network
connection is closed, which allows remote users to cause a Denial
of Service (DoS - CPU consumption).
|CVE-2009-3094 A NULL pointer dereference vulnerability in the mod_proxy_ftp module
could allow a remote user who controls an FTP server to crash an httpd
child process resulting in a limited denial of service.
|CVE-2009-3095 A vulnerability in the mod_proxy_ftp module when configured as a
reverse proxy could allow a remote user to bypass intended access
restrictions allowing the user to send arbitrary commands to the FTP
|CVE-2009-3555 The Apache 2 mod_ssl module in httpd 2.2.14 and earlier is susceptible
to the SSL and TLS protocol Man-in-the-Middle vulnerability during a
renegotiation. This vulnerability allowed an attacker to "prefix" a
chosen plaintext to the HTTP request as seen by the web server. A
protocol extension was developed which fixed this vulnerability if
supported by both client and server.
|CVE-2010-0408 The ap_proxy_ajp_request function in the mod_proxy_ajp module
in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle
certain requests which can allow a remote user to cause a Denial of
Service (DoS - backend server outage).
|CVE-2010-0425 Windows only.
|CVE-2010-0434 All Apache 2 modules on threaded servers which handle subrequests such
as mod_headers may allow remote users to obtain sensitive information
or cause a crash of the affected module.
|CVE-2010-1452 The mod_cache and mod_dav modules can mishandle carefully crafted
requests which can allow a remoter user to cause an httpd child process
to crash which is a type of Denial of Service (DoS).
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.