Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: apache-win32
Package Version: [cpe:/a:apache:http_server:2.2.25]

Advisory: CVE-2007-5156
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2007-5156
  CVSS severity score: 6.8/10.0
  Confidence: high
  Description:

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
Advisory: CVE-2009-1955
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2009-1955
  CVSS severity score: 7.8/10.0
  Confidence: high
  Description:

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.