Niels Heinen

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 16.11.06 Description: A remote code execution (RCE) issue is possible when Freemarker markup is entered in a textarea field of an Apache OFBiz Form Widget, specifically when encoding has been disabled on such a field. This was identified in the Customer Request "story" input within the Order Manager application. It is advised that encoding should not be disabled without a valid reason, especially within fields that accept user input. Recommendations: For versions prior to 16.11.06, upgrade to 16.11.06 or manually apply the commit r1858533 on branch 16.11 as a mitigation measure.

**Name of the Vulnerable Software and Affected Versions** Apache Fineract versions prior to 1.3.0 **Description** The issue allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table. This is a SQL injection vulnerability. **Recommendations** For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the GroupSummaryCounts related table to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.2.x before 2.2.24-dev Apache HTTP Server versions 2.4.x before 2.4.4 **Description** The issue involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in several modules, including mod imagemap, mod info, mod ldap, mod proxy ftp, and mod status. This is due to unescaped hostnames and URIs in HTML output. The issue was reported by Niels Heinen of Google. **Recommendations** For Apache HTTP Server versions 2.2.x before 2.2.24-dev, update to version 2.2.24-dev or later. For Apache HTTP Server versions 2.4.x before 2.4.4, update to version 2.4.4 or later. As a temporary workaround, consider disabling the vulnerable modules (mod imagemap, mod info, mod ldap, mod proxy ftp, and mod status) until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.2.x before 2.2.24-dev Apache HTTP Server versions 2.4.x before 2.4.4 **Description** The issue is related to multiple cross-site scripting (XSS) vulnerabilities in the balancer handler function in the manager interface in the mod proxy balancer module. This allows remote attackers to inject arbitrary web script or HTML via a crafted string. The vulnerability was reported by Niels Heinen of Google. **Recommendations** For Apache HTTP Server versions 2.2.x before 2.2.24-dev, update to version 2.2.24-dev or later. For Apache HTTP Server versions 2.4.x before 2.4.4, update to version 2.4.4 or later. As a temporary workaround, consider disabling the balancer handler function in the manager interface until a patch is available.

**Name of the Vulnerable Software and Affected Versions** apache2 versions prior to 2.2.16-6+squeeze7 apache2 versions prior to 2.2.22-4 **Description** The default configuration of the apache2 package, when mod php or mod rivet is used, provides example scripts under the doc/ URI. This might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server. **Recommendations** For versions prior to 2.2.16-6+squeeze7, update to version 2.2.16-6+squeeze7 or later. For versions prior to 2.2.22-4, update to version 2.2.22-4 or later.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.2.12 through 2.2.21 **Description** The issue allows remote attackers to cause a denial of service by placing a worker node into an error state upon detection of a long request-processing time. This can be achieved via an expensive request. A flaw was found when the mod proxy ajp module connects to a backend server that takes too long to respond, potentially leading to a temporary denial of service. **Recommendations** For Apache HTTP Server versions 2.2.12 through 2.2.21, consider disabling the mod proxy ajp module as a temporary workaround until a patch is available. Restrict access to the backend server to minimize the risk of exploitation. Avoid sending expensive requests to the affected server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SLiM versions prior to 1.3.2 **Description** The issue is related to the default configuration of SLiM, where the default path option in slim.conf starts with ./ (dot slash), potentially allowing local users to gain privileges via a Trojan horse program in the current working directory. This is related to the cfg.cpp file. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider modifying the default path option in slim.conf to remove the ./ (dot slash) at the beginning, or restrict access to the slim.conf file to prevent modifications.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 1.3.39 and earlier, 2.0.61 and earlier, 2.2.6 and earlier **Description** A cross-site scripting (XSS) issue exists in the mod negotiation module, allowing remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension. This leads to injection within a "406 Not Acceptable" or "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. **Recommendations** For Apache HTTP Server versions 1.3.39 and earlier, 2.0.61 and earlier, 2.2.6 and earlier, consider disabling the mod negotiation module until a patch is available to prevent exploitation of this issue. Restrict access to file uploads to minimize the risk of arbitrary web script or HTML injection. Avoid using file extensions in requests for files uploaded with potentially malicious names.

**Name of the Vulnerable Software and Affected Versions** Newspost versions 2.1.1 and earlier **Description** A buffer overflow issue exists in the socket getline function, allowing remote malicious NNTP servers to execute arbitrary code via a long string without a newline character. **Recommendations** For versions 2.1.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Mutt versions 1.4.1 and earlier **Description** The issue is related to a buffer overflow in the index menu code, specifically in the `menu pad string` of `menu.c`. This allows remote attackers to cause a denial of service, potentially leading to a crash, and may also enable the execution of arbitrary code through certain mail messages. **Recommendations** For versions 1.4.1 and earlier, update to a version later than 1.4.1 to resolve the issue.