Common Vulnerabilities and Exposures

From SpinetiX Support Wiki

Jump to: navigation, search
This page is no longer maintained. Please refer to Security and Release notes pages for updates.

Description

CVE stands for Common Vulnerabilities and Exposures, which is a dictionary of publicly known information security vulnerabilities and exposures.

  • An information security "vulnerability" is a mistake in software that can be directly used by a hacker to gain access to a system or network.
  • An information security "exposure" is a system configuration issue or a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network.

See also the dedicated article about Meltdown and Spectre vulnerabilities.

List of CVEs

The table below contains a list of CVEs related to the SpinetiX players up to firmware 4.2.3, grouped by the affected component and the firmware version in which they were fixed. For more details and updates, see firmware release notes page.

CVE codes Component Fixed in firmware Notes
CVE-2015-0228 Apache httpd Low security impact: mod_lua: Crash in websockets PING handling. Not vulnerable as it only affects httpd 2.4.7 and later.
CVE-2017-14106 Linux kernel 4.2.3 This should not affect the device.
CVE-2016-2161, CVE-2016-8743, CVE-2017-3169, CVE-2017-7679 Apache httpd 4.2.3 These could affect the device.
CVE-2016-0736, CVE-2017-7668, CVE-2017-3167, CVE-2017-9788 Apache httpd 4.2.3 These do not affect the device.
CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229, CVE-2016-10397, CVE-2017-7890 PHP 4.2.3 These could affect the device.
CVE-2017-11143, CVE-2017-11147, CVE-2017-11628 PHP 4.2.3 These do not affect the device.
CVE-2017-3735 OpenSSL 4.2.3 This could affect the device.
CVE-2015-5180, CVE-2017-12132 glibc 4.2.3 These could affect the device.
CVE-2014-9984 glibc 4.2.3 This does not affect the device.
CVE-2017-5969 libxml2 4.2.3 This does not affect the device.
CVE-2017-10989 sqlite3 4.2.3 This does not affect the device.
CVE-2017-9233, CVE-2016-9063 expat 4.2.3 These could affect the device.
CVE-2017-7526 gcrypt 4.2.3 This could affect the device.
CVE-2017-10790 libtasn1 4.2.3 This could affect the device.
CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113 ncurses 4.2.3 These do not affect the device.
CVE-2015-5224 util-linux 4.2.3 This could affect the device.
CVE-2017-1000100 curl 4.2.3 This does not affect the device.
CVE-2017-12424 shadow 4.2.3 This does not affect the device.
CVE-2017-7302, CVE-2017-7300, CVE-2017-7614, CVE-2017-7301, CVE-2017-7299, CVE-2017-12451 binutils 4.2.3 These do not affect the device.
CVE-2016-8743, CVE-2017-7679, CVE-2017-9788, CVE-2017-9798 Apache httpd 3.4.2 These could affect the device.

The Apache httpd version is now 2.2.34, plus security patches.

CVE-2016-5387, CVE-2017-7668, CVE-2017-3169, CVE-2017-3167 Apache httpd 3.4.2 These do not affect the device.

The Apache httpd version is now 2.2.34, plus security patches.

CVE-2016-9042, CVE-2017-6464, CVE-2017-6462, CVE-2017-6463, CVE-2017-6458, CVE-2017-6451, CVE-2017-6460 NTP 4.2.2 Only CVE-2016-9042 affects the device.

NTP updated from 4.2.8p9 to 4.2.8p10

CVE-2016-9933, CVE-2016-9138, CVE-2016-10158, CVE-2016-10161, CVE-2017-7272, CVE-2016-5399, CVE-2016-7478 PHP 4.2.2 These affect the device.
CVE-2014-9912, CVE-2016-9137, CVE-2016-9935, CVE-2016-9934, CVE-2016-10160, CVE-2016-10159 PHP 4.2.2 These do not affect the device.
CVE-2016-1234, CVE-2016-3706, CVE-2016-4429, CVE-2016-5417, CVE-2015-8982, CVE-2015-8983, CVE-2015-8984 glibc 4.2.2 These could affect the device.
CVE-2014-4043, CVE-2016-3075, CVE-2016-6323 glibc 4.2.2 These do not affect the device.
CVE-2015-3217, CVE-2017-7186, CVE-2017-7245, CVE-2017-7244, CVE-2017-7246 pcre 4.2.2 These affect the device.
CVE-2016-10009, CVE-2016-10011, CVE-2016-10012, CVE-2016-1908 OpenSSH 4.2.2 These do not affect the device.
CVE-2016-6313, CVE-2014-3591 libgcrypt 4.2.2 Only CVE-2016-6313 affects the device.
CVE-2017-3731, CVE-2016-7056 OpenSSL 4.2.2, 3.4.1 These do not affect the device.
CVE-2016-7543, CVE-2016-9401, CVE-2016-0634 bash 4.2.2 These do not affect the device.
CVE-2016-10087 libpng 4.2.2 This appears to not affect the device.
CVE-2014-9939, CVE-2017-6965, CVE-2017-6966, CVE-2017-7210, CVE-2017-7223, CVE-2017-7225, CVE-2017-7224, CVE-2017-7226, CVE-2017-7227 binutils 4.2.2 These do not affect the device.
CVE-2016-10244, CVE-2016-10328, CVE-2017-8105, CVE-2017-8287 FreeType 4.2.2 These affect the device.
CVE-2014-9645 busybox 4.2.2 This does not affect the device.
CVE-2016-10195, CVE-2016-10196, CVE-2016-10197 libevent 4.2.2 These do not affect the device.
CVE-2017-6891, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869 GnuTLS 4.2.2 Only CVE-2017-6891 may affect the firmware.
CVE-2017-7407 curl 4.2.2 This does not affect the device.
CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050, CVE-2017-0663 libxml2 4.2.2, 3.4.1 These affect the device.
CVE-2017-7611, CVE-2017-7610, CVE-2017-7613, CVE-2017-7612, CVE-2016-10255, CVE-2016-10254 elfutils 4.2.2 These do not affect the device.
CVE-2016-9840, CVE-2016-9841, CVE-2016-9842 and CVE-2016-9843 ZLib 4.2.2 Only CVE-2016-9840 and CVE-2016-9841 affect the device.
CVE-2017-7867, CVE-2017-7868, CVE-2014-9654 ICU 4.2.2 These affect the device.
CVE-2017-1000364, CVE-2017-6214 Linux kernel 4.2.1 build 2
CVE-2017-1000366 glibc 4.2.1 build 2 From analysis it seems this was not exploitable in the HMP / DiVA.
CVE-2016-7431, CVE-2016-7434, CVE-2016-7433 NTP 4.2.0 These affect the device. NTP updated from 4.2.8p8 to 4.2.8p9.
CVE-2016-9311, CVE-2016-9310, CVE-2016-7427, CVE-2016-7428, CVE-2016-9312, CVE-2016-7429, CVE-2016-7426 NTP 4.2.0 These do not affect the device. NTP updated from 4.2.8p8 to 4.2.8p9.
CVE-2015-6835, CVE-2016-4539, CVE-2016-4543, CVE-2016-4542, CVE-2016-4544, CVE-2015-8865, CVE-2016-4070, CVE-2014-9767, CVE-2015-4603, CVE-2015-8867, CVE-2015-4602, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598, CVE-2015-8877, CVE-2015-8873, CVE-2015-8876, CVE-2015-8874, CVE-2016-5385, CVE-2016-5766, CVE-2016-5767, CVE-2016-6128, CVE-2016-5771, CVE-2016-5773, CVE-2016-3132, CVE-2016-5768, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6292, CVE-2016-6291, CVE-2016-6297, CVE-2016-7124, CVE-2016-7414, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7411, CVE-2016-7417, CVE-2016-6207, CVE-2016-7568, CVE-2015-8935, CVE-2016-7125 PHP 4.2.0 These could affect the device.
CVE-2016-4071, CVE-2015-6834, CVE-2016-4538, CVE-2016-4537, CVE-2016-4541, CVE-2016-4540, CVE-2016-4342, CVE-2016-2554, CVE-2016-4343, CVE-2015-6837, CVE-2015-6838, CVE-2015-4642, CVE-2015-4600, CVE-2015-4599, CVE-2015-8866, CVE-2015-5589, CVE-2015-8838, CVE-2015-8835, CVE-2016-3185, CVE-2015-8878, CVE-2015-4116, CVE-2013-7456, CVE-2016-5093, CVE-2016-5772, CVE-2016-5769, CVE-2016-5114, CVE-2016-6294, CVE-2016-6295, CVE-2016-7129, CVE-2016-7413, CVE-2016-7412, CVE-2016-7416, CVE-2016-7418, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132 PHP 4.2.0 These do not affect the device.
CVE-2016-5387 Apache httpd 4.2.0 This affects the device.
CVE-2016-4447, CVE-2016-4448, CVE-2016-1762, CVE-2016-4449, CVE-2016-4483, CVE-2016-5131 libxml2 4.2.0, 3.4.0 These could affect the device.
CVE-2015-6837, CVE-2015-6838 libxml2 4.2.0, 3.4.0 These do not affect the device.
CVE-2016-8610 OpenSSL 4.2.0, 3.4.0 This affects the device.
CVE-2016-4472, CVE-2012-6702, CVE-2016-5300, CVE-2016-0718 expat 4.2.0, 3.4.0 These could affect the device.
CVE-2016-6261, CVE-2015-8948, CVE-2016-6262, CVE-2016-6263 ibidn 4.2.0 These could affect the device.
CVE-2014-9747, CVE-2014-9746 FreeType 4.2.0 These could affect the device.
CVE-2016-5384 fontconfig 4.2.0, 3.4.0 This does not affect the device.
CVE-2016-2148, CVE-2016-2147, CVE-2016-6301 busybox 4.2.0 These do not affect the device.
CVE-2016-3189 bzip2 4.2.0 This does not affect the device.
CVE-2016-8858 OpenSSH 4.2.0 This affects the device.
CVE-2016-6515, CVE-2016-6210, CVE-2016-5615 OpenSSH 4.2.0 These do not affect the device.
CVE-2016-5011 util-linux 4.2.0 This affects the device.
CVE-2016-6321 tar 4.2.0 This could affect the device.
CVE-2016-4008 libtasn1 4.2.0 This affects the device.
CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-9586 curl 4.2.0 These do not affect the device.
CVE-2016-5195 Linux kernel 4.2.0 "Dirty COW" affects the device firmware although it could not be directly exploited.
CVE-2015-8947 harfbuzz 3.4.0 This affects the device.
CVE-2016-3190 cairo 3.4.0 This affects the device.
CVE-2016-6304, CVE-2016-2183, CVE-2016-6303, CVE-2016-6302, CVE-2016-2182, CVE-2016-2180 OpenSSL 4.1.0 build 2, 3.3.0 build 3 These could affect the device. CVE-2016-6304 is high severity for firmware 4.1, but does not affect firmware 3.3.
CVE-2016-2179, CVE-2016-2181, CVE-2016-6306 OpenSSL 4.1.0 build 2 These do not affect the device.
CVE-2015-5276 libstdc++ 4.1.0 Does not affect the firmware.
CVE-2015-8777, CVE-2015-8779, CVE-2014-9761, CVE-2015-8776 glibc 4.1.0
CVE-2015-8139, CVE-2015-5300, CVE-2015-8138, CVE-2015-7704, CVE-2016-1549, CVE-2016-4954, CVE-2016-1548, CVE-2016-4955, CVE-2016-1547, CVE-2016-4957, CVE-2016-4953, CVE-2016-2518 ntp 4.1.0 These affect the device. CVE-2015-7704 was previously fixed, but incomplete. Updated ntp to 4.2.8p8.
CVE-2015-7974, CVE-2015-8158, CVE-2015-7976, CVE-2015-7973, CVE-2015-7978, CVE-2015-7977, CVE-2015-7979, CVE-2015-8140, CVE-2016-2517, CVE-2016-2516, CVE-2016-1550, CVE-2016-2519, CVE-2016-1551, CVE-2016-4956 ntp 4.1.0 These do not affect the device. Updated ntp to 4.2.8p8.
CVE-2016-2326, CVE-2016-0754 curl 4.1.0 These do not affect the device.
CVE-2015-1038, CVE-2016-2335 p7zip 4.1.0, 3.3.0 These could potentially affect the device.
CVE-2016-4073 PHP 4.1.0 This affects the device.
CVE-2016-3141, CVE-2016-3142, CVE-2016-4072 PHP 4.1.0 These do not affect the device.
CVE-2016-3191 pcre 4.1.0 This could affect the device.
CVE-2016-2774 DHCP 4.1.0 This could affect the device.
CVE-2016-3115, CVE-2015-8325 OpenSSH 4.1.0 These do not affect the device.
CVE-2016-2177, CVE-2016-2178 OpenSSL 4.1.0, 3.3.0 These affect the device / Elementi.
CVE-2016-0703, CVE-2016-0704 OpenSSL 4.1.0, 3.3.0 These do not affect the device / Elementi.
CVE-2016-3705, CVE-2016-3627, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1838, CVE-2016-1840 libxml2 4.1.0, 3.3.0 These affect the device / Elementi.

Firmware 3.3.0: updated libxml2 to version 2.9.1 with all security patches.

CVE-2015-8710, CVE-2016-2073, CVE-2015-8806, CVE-2016-1839, CVE-2016-1837 libxml2 4.1.0, 3.3.0 These do not affect the device / Elementi.

Firmware 3.3.0: updated libxml2 to version 2.9.1 with all security patches.

CVE-2015-8540, CVE-2015-8472, CVE-2015-8126, CVE-2015-7981 libpng 4.1.0, 3.3.0 Firmware 3.3.0: updated libxml2 to version 2.9.1 with all security patches.
CVE-2016-2108 OpenSSL 4.0.2 build 2, 3.2.2 Could affect the device.
CVE-2016-0798, CVE-2016-2176, CVE-2016-2107 OpenSSL 4.0.2 build 2, 3.2.2 Do not affect the device (no firmware component enables TLS-SRP).
CVE-2016-2105, CVE-2016-2106, CVE-2016-2109 OpenSSL 4.0.2 build 2, 3.2.2 Should not affect the device.
CVE-2015-8388, CVE-2015-8390, CVE-2015-8381, CVE-2015-8395, CVE-2015-8393, CVE-2015-8389, CVE-2015-8391, CVE-2015-8394, CVE-2015-8385, CVE-2015-8392, CVE-2015-8386, CVE-2015-8380, CVE-2015-8387, CVE-2015-8384 pcre 4.0.2 Could affect the device.
CVE-2015-7499, CVE-2015-7500, CVE-2015-7498, CVE-2015-8241, CVE-2015-8317 libxml2 4.0.2 Could affect the device.
CVE-2016-1907 OpenSSH 4.0.2 Could affect the device.
CVE-2016-0777, CVE-2016-0778 OpenSSH 4.0.2 Do not affect the device.
CVE-2015-7575 OpenSSL 4.0.2 Could affect the device. Does not affect 3.x firmware versions because OpenSSL 0.9.8 and lower are not affected.
CVE-2015-3197 OpenSSL 4.0.2, 3.2.2 Could affect the device.
CVE-2015-6831, CVE-2016-1903, CVE-2015-6832, CVE-2015-6836, CVE-2015-6833, CVE-2015-5590 PHP 4.0.2 Could affect the device.
CVE-2015-8472 libpng 4.0.2, 3.2.2 Could affect the device.
CVE-2015-8605 DHCP 4.0.2 Could affect the device.
CVE-2015-7547 glibc 4.0.1 build 2 Firmware 3.x or lower is not affected by the glibc getaddrinfo() stack-based buffer overflow vulnerability.
CVE-2016-0800, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702 OpenSSL 4.0.1 build 2, 3.2.2 Could affect the device. SSLv2 has been removed as part of the fix for CVE-2016-0800.
CVE-2016-0703, CVE-2016-0704 OpenSSL 4.0.1, 3.2.1 Solved as a side effect of the fix for CVE-2015-0293.
CVE-2015-7853, CVE-2015-7852, CVE-2015-7855, CVE-2015-7704, CVE-2015-7705 NTP 4.0.1 Could affect the device.
CVE-2015-7852, CVE-2015-7850, CVE-2015-7701, CVE-2015-7871, CVE-2015-7703, CVE-2015-7691, CVE-2015-7692 NTP 4.0.1 Should not affect the device.
CVE-2015-6564, CVE-2015-6563 OpenSSH 4.0.1 Did not affect the device in normal operating conditions.
CVE-2015-3194, CVE-2015-3196 OpenSSH 4.0.1 Could affect the device.
CVE-2015-3195 OpenSSH 4.0.1 Should not affect the device.
CVE-2015-8382, CVE-2015-2328, CVE-2015-2327 pcre 4.0.1 Could potentially affect the device.
CVE-2015-1283 expat 4.0.1 Could affect the device.
CVE-2015-5312, CVE-2015-7497, CVE-2015-8242, CVE-2015-8035, CVE-2015-7942, CVE-2015-7941 libxml2 4.0.1 Could affect the device.
CVE-2015-8126 libpng 4.0.1, 3.2.2 Could affect the device.
CVE-2014-9745 FreeType 4.0.1 Could affect the device.
CVE-2015-7803, CVE-2015-7804 PHP 4.0.1 Should not affect the device.
CVE-2013-5704 Apache httpd 4.0.1, 3.2.2 Low security impact: HTTP Trailers processing bypass.
CVE-2013-6438 Apache httpd 4.0.0 Moderate security impact: mod_dav crash.
CVE-2014-0098, CVE-2014-0098 Apache httpd 4.0.0 Low security impact: mod_log_config crash.
CVE-2013-4352, CVE-2014-3581 Apache httpd 4.0.0 Low security impact: mod_cache crash.
CVE-2014-0226 Apache httpd 4.0.0, 3.2.2 Moderate security impact: mod_status buffer overflow. Does not affect lower firmware versions because threaded MPM is not used.
CVE-2014-0118 Apache httpd 4.0.0, 3.2.2 Moderate security impact: mod_deflate denial of service. Does not affect lower firmware versions because mod_deflate is not used.
CVE-2014-0117 Apache httpd 4.0.0 Moderate security impact: mod_proxy denial of service.
CVE-2014-0231 Apache httpd 4.0.0, 3.2.2 Important security impact: mod_cgid denial of service. Does not affect lower firmware versions because mod_cgid is not used.
CVE-2014-3583 Apache httpd 4.0.0 Low security impact: mod_proxy_fcgi out-of-bounds memory read.
CVE-2014-8109 Apache httpd 4.0.0 Low security impact: mod_lua multiple "Require" directive handling is broken.
CVE-2015-3185 Apache httpd 4.0.0 Low security impact: ap_some_auth_required API unusable.
CVE-2015-3183 Apache httpd 4.0.0, 3.2.2 Low security impact: HTTP request smuggling attack against chunked request parser.
CVE-2015-0253 Apache httpd 4.0.0 Low security impact: Crash in ErrorDocument 400 handling.
CVE-2015-8540, CVE-2015-7981, CVE-2014-9495, CVE-2012-3386, CVE-2011-3048, CVE-2011-3026, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692, CVE-2010-1205, CVE-2012-3425 libpng 3.2.2 Updated libpng to 1.2.56.
CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3570, CVE-2014-3571, CVE-2015-0204, CVE-2014-3572, CVE-2014-8275, CVE-2014-3569, CVE-2014-3567, CVE-2014-3568 OpenSSL 3.2.1 Could affect the device.
CVE-2015-3195, CVE-2015-1790, CVE-2015-1792, CVE-2015-0289 OpenSSL 3.2.1 Should not affect the device.
CVE-2015-0235 glibc 3.1.1 build 2, 3.0.6 build 3, 2.2.7 build 3 The glibc GHOST vulnerability could potentially lead to execution of arbitrary commands, although no vector of attack is currently known in the case of HMP.
CVE-2013-6438, CVE-2013-1896 Apache httpd 3.1.0 Updated HTTP server to Apache httpd 2.2.27, fixing security vulnerabilities which could affect the HMP.
CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 bash 3.1.0,

3.0.6 build 2, 2.2.7 build 2

Fixed the Shellshock bash vulnerabilities which could potentially lead to execution of arbitrary commands, although no vector of attack is currently known.
CVE-2005-2974, CVE-2005-3350 giflib 3.0.0 Updated giflib to 5.0.0.
CVE-2012-0037 raptor 3.0.0 Updated raptor to 2.0.8.
CVE-2012-1126 to CVE-2012-1144, CVE-2011-3439, CVE-2011-3256, CVE-2011-0226 FreeType 3.0.0 Updated FreeType to 2.4.10.
CVE-2012-0841, CVE-2011-3905, CVE-2010-4008, CVE-2011-2834, CVE-2011-1944, CVE-2011-0216, CVE-2011-3919 libxml2 3.0.0 Updated libxml2 to 2.9.0.
CVE-2008-4316 glib 3.0.0 Updated glib to 2.34.1.
CVE-2012-5134 libxml2 3.0.0, 2.2.6
CVE-2011-3368 Apache httpd 2.2.5 Updated the embedded HTTP server to Apache 2.2.22.
CVE-2011-1002 avahi 2.2.5 Fixed vulnerability (denial of service when empty UDP packets are received) of the Bonjour daemon (avahi).
CVE-2012-1147, CVE-2012-1148 expat 2.2.5 Updated expat library.
CVE-2011-3192 Apache httpd 2.2.4 Updated the embedded HTTP server to Apache 2.2.21.
CVE-2010-1452, CVE-2009-2412, CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 Apache httpd 2.2.3 Updated the embedded HTTP server to Apache 2.2.19.
CVE-2010-0830, CVE-2009-4880, CVE-2009-4881, CVE-2010-0296 libc 2.2.1
CVE-2009-3560, CVE-2009-3720 libexpat 2.1.2
CVE-2009-3563 NTP 2.1.1
CVE-2009-3555 OpenSSL 2.1.1


Commonly-flagged vulnerabilities which do not apply to the HMP:

  • CVE-2008-2939 affects a module we do not use (mod_proxy_ftp).
  • CVE-2009-1191 affects a module we do not implement (mod_proxy_ajp.c).
  • CVE-2009-1195 concerns .htaccess which is not used.
  • CVE-2009-1890 affects a module we do not implement (mod_proxy).
  • CVE-2009-1891 affects a module we do not implement (mod_deflate).
  • CVE-2009-2699 only affects Solaris 10 and OpenSolaris.
  • CVE-2009-3095 and CVE-2009-3094 affect a module we do not use (mod_proxy_ftp).
  • CVE-2010-0408 only affects Apache on Windows, Netware, and OS/2.
  • CVE-2010-0425 only affects Apache on Windows.
  • CVE-2010-0434 only affects multi-threaded MPM systems - the HMP is not part of this category.
  • CVE-2011-3348 affects a module we do not implement (mod_proxy_ajp).
  • CVE-2011-3368 no proxying enabled.
  • CVE-2011-3607 use of .htaccess files is disabled.
  • CVE-2012-0021 cookie logging is not used.
  • CVE-2012-0031 no unprivileged children are run.
  • CVE-2012-0883 LD_LIBRARY_PATH is not used.
  • CVE-2012-2687 multiviews is not enabled.
  • CVE-2012-3499 only affects modules not included or whose features are not enabled.
  • CVE-2012-4557 affects a module we do not implement (mod_proxy_ajp).
  • CVE-2012-4558 only affects modules not included.
  • CVE-2014-3523 (Apache httpd - WinNT MPM denial of service) does not affect the HMP since this is a Windows specific vulnerability.
This page was last modified on 22 November 2018, at 11:56.