A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.
{"redhatcve": [{"lastseen": "2023-08-09T20:44:46", "description": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2020-04-05T16:53:25", "type": "redhatcve", "title": "CVE-2019-0197", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197"], "modified": "2023-08-05T06:24:44", "id": "RH:CVE-2019-0197", "href": "https://access.redhat.com/security/cve/cve-2019-0197", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-07-16T15:36:29", "description": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2019-06-11T22:29:00", "type": "alpinelinux", "title": "CVE-2019-0197", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197"], "modified": "2022-09-07T17:36:00", "id": "ALPINE:CVE-2019-0197", "href": "https://security.alpinelinux.org/vuln/CVE-2019-0197", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-07-16T14:54:36", "description": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When\nHTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a\nhttps: host, an Upgrade request from http/1.1 to http/2 that was not the\nfirst request on a connection could lead to a misconfiguration and crash.\nServer that never enabled the h2 protocol or that only enabled it for\nhttps: and did not set \"H2Upgrade on\" are unaffected by this issue.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1840188>\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2019-06-11T00:00:00", "type": "ubuntucve", "title": "CVE-2019-0197", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197"], "modified": "2019-06-11T00:00:00", "id": "UB:CVE-2019-0197", "href": "https://ubuntu.com/security/CVE-2019-0197", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-07-16T14:42:10", "description": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2019-06-11T22:29:00", "type": "debiancve", "title": "CVE-2019-0197", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197"], "modified": "2019-06-11T22:29:00", "id": "DEBIANCVE:CVE-2019-0197", "href": "https://security-tracker.debian.org/tracker/CVE-2019-0197", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2019-06-17T12:43:30", "description": "When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a\nhttps: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead\nto a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https:\nand did not configure the ", "cvss3": {}, "published": "2019-04-08T00:00:00", "type": "openvas", "title": "Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0197"], "modified": "2019-06-17T00:00:00", "id": "OPENVAS:1361412562310142225", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142225", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142225\");\n script_version(\"2019-06-17T06:50:08+0000\");\n script_tag(name:\"last_modification\", value:\"2019-06-17 06:50:08 +0000 (Mon, 17 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-08 15:32:26 +0000 (Mon, 08 Apr 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-0197\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a\nhttps: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead\nto a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https:\nand did not configure the '2Upgrade on' is unaffected by this.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP server version 2.4.38, 2.4.37, 2.4.35 and 2.4.34.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.4.39 or later.\");\n\n script_xref(name:\"URL\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\naffected = make_list('2.4.38',\n '2.4.37',\n '2.4.35',\n '2.4.34' );\n\nforeach af (affected) {\n if (version == af) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.4.39\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2019-06-17T12:43:30", "description": "When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a\nhttps: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead\nto a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https:\nand did not configure the ", "cvss3": {}, "published": "2019-04-08T00:00:00", "type": "openvas", "title": "Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0197"], "modified": "2019-06-17T00:00:00", "id": "OPENVAS:1361412562310142224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142224", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142224\");\n script_version(\"2019-06-17T06:50:08+0000\");\n script_tag(name:\"last_modification\", value:\"2019-06-17 06:50:08 +0000 (Mon, 17 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-08 15:27:02 +0000 (Mon, 08 Apr 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-0197\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache HTTP Server < 2.4.39 mod_http2 DoS Vulnerability (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a\nhttps: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead\nto a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https:\nand did not configure the '2Upgrade on' is unaffected by this.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP server version 2.4.38, 2.4.37, 2.4.35 and 2.4.34.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.4.39 or later.\");\n\n script_xref(name:\"URL\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\naffected = make_list('2.4.38',\n '2.4.37',\n '2.4.35',\n '2.4.34' );\n\nforeach af (affected) {\n if (version == af) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.4.39\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2020-03-24T16:51:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1289)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-0197", "CVE-2019-10092"], "modified": "2020-03-23T00:00:00", "id": "OPENVAS:1361412562311220201289", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201289", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1289\");\n script_version(\"2020-03-23T07:39:57+0000\");\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10092\", \"CVE-2019-10098\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-23 07:39:57 +0000 (Mon, 23 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-23 07:39:57 +0000 (Mon, 23 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1289)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1289\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1289\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2020-1289 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.(CVE-2019-10092)\n\nIn Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.(CVE-2019-10098)\n\nA vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set 'H2Upgrade on' are unaffected by this issue.(CVE-2019-0197)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.34~8.h12.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.34~8.h12.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-filesystem\", rpm:\"httpd-filesystem~2.4.34~8.h12.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.34~8.h12.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.34~8.h12.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.34~8.h12.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.34~8.h12.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-31T16:53:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-24T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:1258-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0220", "CVE-2019-0217", "CVE-2019-0211", "CVE-2019-0197", "CVE-2019-0196"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852446", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852446", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852446\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-0196\", \"CVE-2019-0197\", \"CVE-2019-0211\", \"CVE-2019-0217\",\n \"CVE-2019-0220\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-24 02:01:20 +0000 (Wed, 24 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:1258-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1258-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the openSUSE-SU-2019:1258-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for apache2 fixes the following issues:\n\n * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy\n for URL normalization throughout all of its components. In particular,\n consecutive slashes were not always collapsed. Attackers could\n potentially abuse these inconsistencies to by-pass access control\n mechanisms and thus gain unauthorized access to protected parts of the\n service. [bsc#1131241]\n\n * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when\n running in a threaded server could have allowed users with valid\n credentials to authenticate using another username, bypassing configured\n access control restrictions. [bsc#1131239]\n\n * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged\n child processes or threads to execute arbitrary code with the privileges\n of the parent process. Attackers with control over CGI scripts or\n extension modules run by the server could have abused this issue to\n potentially gain super user privileges. [bsc#1131233]\n\n * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for\n a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an\n Upgrade request from http/1.1 to http/2 that was not the first request\n on a connection could lead to a misconfiguration and crash. This issue\n could have been abused to mount a denial-of-service attack. Servers that\n never enabled the h2 protocol or that only enabled it for https: and did\n not configure the 'H2Upgrade on' are unaffected. [bsc#1131245]\n\n * CVE-2019-0196: Through specially crafted network input the Apache's\n http/2 request handler could be lead to access previously freed memory\n while determining the method of a request. This resulted in the request\n being misclassified and thus being processed incorrectly. [bsc#1131237]\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1258=1\");\n\n script_tag(name:\"affected\", value:\"'apache2' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event\", rpm:\"apache2-event~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event-debuginfo\", rpm:\"apache2-event-debuginfo~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork-debuginfo\", rpm:\"apache2-prefork-debuginfo~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils-debuginfo\", rpm:\"apache2-utils-debuginfo~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker-debuginfo\", rpm:\"apache2-worker-debuginfo~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.4.23~49.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:53:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-12T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:1190-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0220", "CVE-2019-0217", "CVE-2019-0211", "CVE-2019-0197", "CVE-2019-0196"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852416", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852416", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852416\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-0196\", \"CVE-2019-0197\", \"CVE-2019-0211\", \"CVE-2019-0217\",\n \"CVE-2019-0220\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-12 02:00:31 +0000 (Fri, 12 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:1190-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1190-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the openSUSE-SU-2019:1190-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for apache2 fixes the following issues:\n\n * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy\n for URL normalization throughout all of its components. In particular,\n consecutive slashes were not always collapsed. Attackers could\n potentially abuse these inconsistencies to by-pass access control\n mechanisms and thus gain unauthorized access to protected parts of the\n service. [bsc#1131241]\n\n * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when\n running in a threaded server could have allowed users with valid\n credentials to authenticate using another username, bypassing configured\n access control restrictions. [bsc#1131239]\n\n * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged\n child processes or threads to execute arbitrary code with the privileges\n of the parent process. Attackers with control over CGI scripts or\n extension modules run by the server could have abused this issue to\n potentially gain super user privileges. [bsc#1131233]\n\n * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for\n a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an\n Upgrade request from http/1.1 to http/2 that was not the first request\n on a connection could lead to a misconfiguration and crash. This issue\n could have been abused to mount a denial-of-service attack. Servers that\n never enabled the h2 protocol or that only enabled it for https: and did\n not configure the 'H2Upgrade on' are unaffected. [bsc#1131245]\n\n * CVE-2019-0196: Through specially crafted network input the Apache's\n http/2 request handler could be lead to access previously freed memory\n while determining the method of a request. This resulted in the request\n being misclassified and thus being processed incorrectly. [bsc#1131237]\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1190=1\");\n\n script_tag(name:\"affected\", value:\"'apache2' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event\", rpm:\"apache2-event~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event-debuginfo\", rpm:\"apache2-event-debuginfo~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork-debuginfo\", rpm:\"apache2-prefork-debuginfo~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils-debuginfo\", rpm:\"apache2-utils-debuginfo~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker-debuginfo\", rpm:\"apache2-worker-debuginfo~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.4.23~45.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T16:54:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:1209-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0220", "CVE-2019-0217", "CVE-2019-0211", "CVE-2019-0197", "CVE-2019-0196"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852430", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852430\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-0196\", \"CVE-2019-0197\", \"CVE-2019-0211\", \"CVE-2019-0217\",\n \"CVE-2019-0220\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-17 02:01:21 +0000 (Wed, 17 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:1209-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1209-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the openSUSE-SU-2019:1209-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for apache2 fixes the following issues:\n\n * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged\n child processes or threads to execute arbitrary code with the privileges\n of the parent process. Attackers with control over CGI scripts or\n extension modules run by the server could have abused this issue to\n potentially gain super user privileges. [bsc#1131233]\n\n * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy\n for URL normalization throughout all of its components. In particular,\n consecutive slashes were not always collapsed. Attackers could\n potentially abuse these inconsistencies to by-pass access control\n mechanisms and thus gain unauthorized access to protected parts of the\n service. [bsc#1131241]\n\n * CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when\n running in a threaded server could have allowed users with valid\n credentials to authenticate using another username, bypassing configured\n access control restrictions. [bsc#1131239]\n\n * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for\n a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an\n Upgrade request from http/1.1 to http/2 that was not the first request\n on a connection could lead to a misconfiguration and crash. This issue\n could have been abused to mount a denial-of-service attack. Servers that\n never enabled the h2 protocol or that only enabled it for https: and did\n not configure the 'H2Upgrade on' are unaffected. [bsc#1131245]\n\n * CVE-2019-0196: Through specially crafted network input the Apache's\n http/2 request handler could be lead to access previously freed memory\n while determining the method of a request. This resulted in the request\n being misclassified and thus being processed incorrectly. [bsc#1131237]\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1209=1\");\n\n script_tag(name:\"affected\", value:\"'apache2' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event\", rpm:\"apache2-event~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event-debuginfo\", rpm:\"apache2-event-debuginfo~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork-debuginfo\", rpm:\"apache2-prefork-debuginfo~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils-debuginfo\", rpm:\"apache2-utils-debuginfo~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker-debuginfo\", rpm:\"apache2-worker-debuginfo~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.4.33~lp150.2.17.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-31T16:45:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-08-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-4113-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10082", "CVE-2019-10081", "CVE-2019-9517", "CVE-2019-0197", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2019-08-30T00:00:00", "id": "OPENVAS:1361412562310844154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844154", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844154\");\n script_version(\"2019-08-30T11:09:32+0000\");\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-30 11:09:32 +0000 (Fri, 30 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-30 02:00:40 +0000 (Fri, 30 Aug 2019)\");\n script_name(\"Ubuntu Update for apache2 USN-4113-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4113-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-August/005090.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the USN-4113-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Stefan Eissing discovered that the HTTP/2 implementation in Apache\ndid not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in\nsome situations. A remote attacker could use this to cause a denial\nof service (daemon crash). This issue only affected Ubuntu 18.04 LTS\nand Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in\nApache when performing HTTP/2 very early pushes in some situations. A\nremote attacker could use this to cause a denial of service (daemon\ncrash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the\nHTTP/2 implementation in Apache during connection shutdown. A remote\nattacker could use this to possibly cause a denial of service (daemon\ncrash) or possibly expose sensitive information. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of\nApache did not properly filter URLs when reporting errors in some\nconfigurations. A remote attacker could possibly use this issue to\nconduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache\ncontained a stack buffer overflow when parsing headers from a trusted\nintermediary proxy in some situations. A remote attacker controlling a\ntrusted proxy could use this to cause a denial of service or possibly\nexecute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache\nwas vulnerable to open redirects in some situations. A remote attacker\ncould use this to possibly expose sensitive information or bypass\nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did\nnot properly limit the amount of buffering for client connections in\nsome situations. A remote attacker could use this to cause a denial\nof service (unresponsive daemon). This issue only affected Ubuntu\n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\");\n\n script_tag(name:\"affected\", value:\"'apache2' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.29-1ubuntu4.10\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.29-1ubuntu4.10\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.38-2ubuntu2.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.38-2ubuntu2.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.18-2ubuntu3.12\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.18-2ubuntu3.12\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-20T14:39:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-4113-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10082", "CVE-2019-10081", "CVE-2019-9517", "CVE-2019-0197", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2019-09-20T00:00:00", "id": "OPENVAS:1361412562310844179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844179", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844179\");\n script_version(\"2019-09-20T05:25:28+0000\");\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 05:25:28 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-18 02:01:06 +0000 (Wed, 18 Sep 2019)\");\n script_name(\"Ubuntu Update for apache2 USN-4113-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4113-2\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005121.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the USN-4113-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-4113-1 fixed vulnerabilities in the Apache HTTP server.\nUnfortunately, that update introduced a regression when proxying\nbalancer manager connections in some configurations. This update\nfixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache\ndid not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in\nsome situations. A remote attacker could use this to cause a denial\nof service (daemon crash). This issue only affected Ubuntu 18.04 LTS\nand Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in\nApache when performing HTTP/2 very early pushes in some situations. A\nremote attacker could use this to cause a denial of service (daemon\ncrash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the\nHTTP/2 implementation in Apache during connection shutdown. A remote\nattacker could use this to possibly cause a denial of service (daemon\ncrash) or possibly expose sensitive information. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of\nApache did not properly filter URLs when reporting errors in some\nconfigurations. A remote attacker could possibly use this issue to\nconduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache\ncontained a stack buffer overflow when parsing headers from a trusted\nintermediary proxy in some situations. A remote attacker controlling a\ntrusted proxy could use this to cause a denial of service or possibly\nexecute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache\nwas vulnerable to open redirects in some situations. A remote attacker\ncould use this to possibly expose sensitive information or bypass\nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did\nnot properly limit the amount of buffering for client connections in\nsome situations. A remote attacker could use this to cause a denial\nof service (unresponsive daemon). This issue only affected Ubuntu\n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\");\n\n script_tag(name:\"affected\", value:\"'apache2' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.29-1ubuntu4.11\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.29-1ubuntu4.11\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.38-2ubuntu2.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.38-2ubuntu2.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.18-2ubuntu3.13\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.18-2ubuntu3.13\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "httpd": [{"lastseen": "2023-07-16T15:20:01", "description": "When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the \"H2Upgrade on\" is unaffected by this.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2019-01-29T00:00:00", "type": "httpd", "title": "Apache Httpd < 2.4.39 : mod_http2, possible crash on late upgrade", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197"], "modified": "2019-04-01T00:00:00", "id": "HTTPD:2F7A93926BF5E6C2E4D1EFB6F2BEEE01", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T13:59:10", "description": "mod_http2 is vulnerable to denial of service (DoS). When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, it is possible to crash the application due to late upgrade. \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2019-11-21T00:17:09", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197"], "modified": "2022-09-07T18:15:43", "id": "VERACODE:22000", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-22000/summary", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2023-08-14T15:04:53", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.(CVE-2019-10092)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.(CVE-2019-10098)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set 'H2Upgrade on' are unaffected by this issue.(CVE-2019-0197)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-23T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1289)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0197", "CVE-2019-10092", "CVE-2019-10098"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1289.NASL", "href": "https://www.tenable.com/plugins/nessus/134781", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134781);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10092\", \"CVE-2019-10098\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1289)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited\n cross-site scripting issue was reported affecting the\n mod_proxy error page. An attacker could cause the link\n on the error page to be malformed and instead point to\n a page of their choice. This would only be exploitable\n where a server was set up with proxying enabled but was\n misconfigured in such a way that the Proxy Error page\n was displayed.(CVE-2019-10092)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects\n configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines\n and redirect instead to an unexpected URL within the\n request URL.(CVE-2019-10098)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34\n to 2.4.38. When HTTP/2 was enabled for a http: host or\n H2Upgrade was enabled for h2 on a https: host, an\n Upgrade request from http/1.1 to http/2 that was not\n the first request on a connection could lead to a\n misconfiguration and crash. Server that never enabled\n the h2 protocol or that only enabled it for https: and\n did not set 'H2Upgrade on' are unaffected by this\n issue.(CVE-2019-0197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1289\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b03eedc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.34-8.h12.eulerosv2r8\",\n \"httpd-devel-2.4.34-8.h12.eulerosv2r8\",\n \"httpd-filesystem-2.4.34-8.h12.eulerosv2r8\",\n \"httpd-manual-2.4.34-8.h12.eulerosv2r8\",\n \"httpd-tools-2.4.34-8.h12.eulerosv2r8\",\n \"mod_session-2.4.34-8.h12.eulerosv2r8\",\n \"mod_ssl-2.4.34-8.h12.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:18:39", "description": "This update for apache2 fixes the following issues :\n\n - CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges.\n [bsc#1131233]\n\n - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241]\n\n - CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239]\n\n - CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash.\n This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected.\n [bsc#1131245]\n\n - CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly.\n [bsc#1131237]\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-2019-1209)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1209.NASL", "href": "https://www.tenable.com/plugins/nessus/124102", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1209.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124102);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-0211\",\n \"CVE-2019-0217\",\n \"CVE-2019-0220\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-2019-1209)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for apache2 fixes the following issues :\n\n - CVE-2019-0211: A flaw in the Apache HTTP Server allowed\n less-privileged child processes or threads to execute\n arbitrary code with the privileges of the parent\n process. Attackers with control over CGI scripts or\n extension modules run by the server could have abused\n this issue to potentially gain super user privileges.\n [bsc#1131233]\n\n - CVE-2019-0220: The Apache HTTP server did not use a\n consistent strategy for URL normalization throughout all\n of its components. In particular, consecutive slashes\n were not always collapsed. Attackers could potentially\n abuse these inconsistencies to by-pass access control\n mechanisms and thus gain unauthorized access to\n protected parts of the service. [bsc#1131241]\n\n - CVE-2019-0217: A race condition in Apache's\n 'mod_auth_digest' when running in a threaded server\n could have allowed users with valid credentials to\n authenticate using another username, bypassing\n configured access control restrictions. [bsc#1131239]\n\n - CVE-2019-0197: When HTTP/2 support was enabled in the\n Apache server for a 'http' host or H2Upgrade was enabled\n for h2 on a 'https' host, an Upgrade request from\n http/1.1 to http/2 that was not the first request on a\n connection could lead to a misconfiguration and crash.\n This issue could have been abused to mount a\n denial-of-service attack. Servers that never enabled the\n h2 protocol or that only enabled it for https: and did\n not configure the 'H2Upgrade on' are unaffected.\n [bsc#1131245]\n\n - CVE-2019-0196: Through specially crafted network input\n the Apache's http/2 request handler could be lead to\n access previously freed memory while determining the\n method of a request. This resulted in the request being\n misclassified and thus being processed incorrectly.\n [bsc#1131237]\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131245\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apache2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-debuginfo-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-debugsource-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-devel-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-event-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-event-debuginfo-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-example-pages-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-prefork-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-prefork-debuginfo-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-utils-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-utils-debuginfo-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-worker-2.4.33-lp150.2.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"apache2-worker-debuginfo-2.4.33-lp150.2.17.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:10:50", "description": "This update for apache2 fixes the following issues :\n\n - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241]\n\n - CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239]\n\n - CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges.\n [bsc#1131233]\n\n - CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash.\n This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected.\n [bsc#1131245]\n\n - CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly.\n [bsc#1131237]\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {}, "published": "2019-04-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-2019-1258)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1258.NASL", "href": "https://www.tenable.com/plugins/nessus/124264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1258.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124264);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-0211\",\n \"CVE-2019-0217\",\n \"CVE-2019-0220\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-2019-1258)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for apache2 fixes the following issues :\n\n - CVE-2019-0220: The Apache HTTP server did not use a\n consistent strategy for URL normalization throughout all\n of its components. In particular, consecutive slashes\n were not always collapsed. Attackers could potentially\n abuse these inconsistencies to by-pass access control\n mechanisms and thus gain unauthorized access to\n protected parts of the service. [bsc#1131241]\n\n - CVE-2019-0217: A race condition in Apache's\n 'mod_auth_digest' when running in a threaded server\n could have allowed users with valid credentials to\n authenticate using another username, bypassing\n configured access control restrictions. [bsc#1131239]\n\n - CVE-2019-0211: A flaw in the Apache HTTP Server allowed\n less-privileged child processes or threads to execute\n arbitrary code with the privileges of the parent\n process. Attackers with control over CGI scripts or\n extension modules run by the server could have abused\n this issue to potentially gain super user privileges.\n [bsc#1131233]\n\n - CVE-2019-0197: When HTTP/2 support was enabled in the\n Apache server for a 'http' host or H2Upgrade was enabled\n for h2 on a 'https' host, an Upgrade request from\n http/1.1 to http/2 that was not the first request on a\n connection could lead to a misconfiguration and crash.\n This issue could have been abused to mount a\n denial-of-service attack. Servers that never enabled the\n h2 protocol or that only enabled it for https: and did\n not configure the 'H2Upgrade on' are unaffected.\n [bsc#1131245]\n\n - CVE-2019-0196: Through specially crafted network input\n the Apache's http/2 request handler could be lead to\n access previously freed memory while determining the\n method of a request. This resulted in the request being\n misclassified and thus being processed incorrectly.\n [bsc#1131237]\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131245\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apache2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debuginfo-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debugsource-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-devel-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-debuginfo-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-example-pages-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-debuginfo-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-debuginfo-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-2.4.23-49.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-debuginfo-2.4.23-49.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:21", "description": "This update for apache2 fixes the following issues :\n\nCVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233]\n\nCVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241]\n\nCVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239]\n\nCVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash.\nThis issue could have been abused to mount a denial-of-service attack.\nServers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected.\n[bsc#1131245]\n\nCVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly.\n[bsc#1131237]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-05T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:0873-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-event", "p-cpe:/a:novell:suse_linux:apache2-event-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0873-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123782", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0873-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123782);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-0211\",\n \"CVE-2019-0217\",\n \"CVE-2019-0220\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:0873-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for apache2 fixes the following issues :\n\nCVE-2019-0211: A flaw in the Apache HTTP Server allowed\nless-privileged child processes or threads to execute arbitrary code\nwith the privileges of the parent process. Attackers with control over\nCGI scripts or extension modules run by the server could have abused\nthis issue to potentially gain super user privileges. [bsc#1131233]\n\nCVE-2019-0220: The Apache HTTP server did not use a consistent\nstrategy for URL normalization throughout all of its components. In\nparticular, consecutive slashes were not always collapsed. Attackers\ncould potentially abuse these inconsistencies to by-pass access\ncontrol mechanisms and thus gain unauthorized access to protected\nparts of the service. [bsc#1131241]\n\nCVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when\nrunning in a threaded server could have allowed users with valid\ncredentials to authenticate using another username, bypassing\nconfigured access control restrictions. [bsc#1131239]\n\nCVE-2019-0197: When HTTP/2 support was enabled in the Apache server\nfor a 'http' host or H2Upgrade was enabled for h2 on a 'https' host,\nan Upgrade request from http/1.1 to http/2 that was not the first\nrequest on a connection could lead to a misconfiguration and crash.\nThis issue could have been abused to mount a denial-of-service attack.\nServers that never enabled the h2 protocol or that only enabled it for\nhttps: and did not configure the 'H2Upgrade on' are unaffected.\n[bsc#1131245]\n\nCVE-2019-0196: Through specially crafted network input the Apache's\nhttp/2 request handler could be lead to access previously freed memory\nwhile determining the method of a request. This resulted in the\nrequest being misclassified and thus being processed incorrectly.\n[bsc#1131237]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0196/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0197/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0217/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0220/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190873-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2aa985a\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-873=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-873=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0211\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-debuginfo-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-debugsource-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-devel-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-event-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-event-debuginfo-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-example-pages-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-prefork-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-prefork-debuginfo-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-utils-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-utils-debuginfo-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-worker-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-worker-debuginfo-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-debuginfo-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-debugsource-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-event-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-event-debuginfo-2.4.33-3.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-example-pages-2.4.33-3.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:20", "description": "This update for apache2 fixes the following issues :\n\nCVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241]\n\nCVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239]\n\nCVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges. [bsc#1131233]\n\nCVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash.\nThis issue could have been abused to mount a denial-of-service attack.\nServers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected.\n[bsc#1131245]\n\nCVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly.\n[bsc#1131237]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-05T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0878-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123785", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0878-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123785);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-0211\",\n \"CVE-2019-0217\",\n \"CVE-2019-0220\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for apache2 fixes the following issues :\n\nCVE-2019-0220: The Apache HTTP server did not use a consistent\nstrategy for URL normalization throughout all of its components. In\nparticular, consecutive slashes were not always collapsed. Attackers\ncould potentially abuse these inconsistencies to by-pass access\ncontrol mechanisms and thus gain unauthorized access to protected\nparts of the service. [bsc#1131241]\n\nCVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when\nrunning in a threaded server could have allowed users with valid\ncredentials to authenticate using another username, bypassing\nconfigured access control restrictions. [bsc#1131239]\n\nCVE-2019-0211: A flaw in the Apache HTTP Server allowed\nless-privileged child processes or threads to execute arbitrary code\nwith the privileges of the parent process. Attackers with control over\nCGI scripts or extension modules run by the server could have abused\nthis issue to potentially gain super user privileges. [bsc#1131233]\n\nCVE-2019-0197: When HTTP/2 support was enabled in the Apache server\nfor a 'http' host or H2Upgrade was enabled for h2 on a 'https' host,\nan Upgrade request from http/1.1 to http/2 that was not the first\nrequest on a connection could lead to a misconfiguration and crash.\nThis issue could have been abused to mount a denial-of-service attack.\nServers that never enabled the h2 protocol or that only enabled it for\nhttps: and did not configure the 'H2Upgrade on' are unaffected.\n[bsc#1131245]\n\nCVE-2019-0196: Through specially crafted network input the Apache's\nhttp/2 request handler could be lead to access previously freed memory\nwhile determining the method of a request. This resulted in the\nrequest being misclassified and thus being processed incorrectly.\n[bsc#1131237]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0196/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0197/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0217/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-0220/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190878-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?62e5190f\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-878=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-878=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-878=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-878=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-878=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-878=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-878=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-878=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-878=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0211\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-debugsource-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-example-pages-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-prefork-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-prefork-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-utils-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-utils-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-worker-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"apache2-worker-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-debugsource-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-example-pages-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-prefork-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-prefork-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-utils-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-utils-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-worker-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-worker-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-debugsource-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-example-pages-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-prefork-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-prefork-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-utils-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-utils-debuginfo-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-worker-2.4.23-29.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-worker-debuginfo-2.4.23-29.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:02", "description": "This update for apache2 fixes the following issues :\n\n - CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout all of its components. In particular, consecutive slashes were not always collapsed. Attackers could potentially abuse these inconsistencies to by-pass access control mechanisms and thus gain unauthorized access to protected parts of the service. [bsc#1131241]\n\n - CVE-2019-0217: A race condition in Apache's 'mod_auth_digest' when running in a threaded server could have allowed users with valid credentials to authenticate using another username, bypassing configured access control restrictions. [bsc#1131239]\n\n - CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the server could have abused this issue to potentially gain super user privileges.\n [bsc#1131233]\n\n - CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash.\n This issue could have been abused to mount a denial-of-service attack. Servers that never enabled the h2 protocol or that only enabled it for https: and did not configure the 'H2Upgrade on' are unaffected.\n [bsc#1131245]\n\n - CVE-2019-0196: Through specially crafted network input the Apache's http/2 request handler could be lead to access previously freed memory while determining the method of a request. This resulted in the request being misclassified and thus being processed incorrectly.\n [bsc#1131237]\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {}, "published": "2019-04-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-2019-1190)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1190.NASL", "href": "https://www.tenable.com/plugins/nessus/124017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1190.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124017);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-0211\",\n \"CVE-2019-0217\",\n \"CVE-2019-0220\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-2019-1190)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for apache2 fixes the following issues :\n\n - CVE-2019-0220: The Apache HTTP server did not use a\n consistent strategy for URL normalization throughout all\n of its components. In particular, consecutive slashes\n were not always collapsed. Attackers could potentially\n abuse these inconsistencies to by-pass access control\n mechanisms and thus gain unauthorized access to\n protected parts of the service. [bsc#1131241]\n\n - CVE-2019-0217: A race condition in Apache's\n 'mod_auth_digest' when running in a threaded server\n could have allowed users with valid credentials to\n authenticate using another username, bypassing\n configured access control restrictions. [bsc#1131239]\n\n - CVE-2019-0211: A flaw in the Apache HTTP Server allowed\n less-privileged child processes or threads to execute\n arbitrary code with the privileges of the parent\n process. Attackers with control over CGI scripts or\n extension modules run by the server could have abused\n this issue to potentially gain super user privileges.\n [bsc#1131233]\n\n - CVE-2019-0197: When HTTP/2 support was enabled in the\n Apache server for a 'http' host or H2Upgrade was enabled\n for h2 on a 'https' host, an Upgrade request from\n http/1.1 to http/2 that was not the first request on a\n connection could lead to a misconfiguration and crash.\n This issue could have been abused to mount a\n denial-of-service attack. Servers that never enabled the\n h2 protocol or that only enabled it for https: and did\n not configure the 'H2Upgrade on' are unaffected.\n [bsc#1131245]\n\n - CVE-2019-0196: Through specially crafted network input\n the Apache's http/2 request handler could be lead to\n access previously freed memory while determining the\n method of a request. This resulted in the request being\n misclassified and thus being processed incorrectly.\n [bsc#1131237]\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131245\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apache2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debuginfo-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debugsource-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-devel-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-debuginfo-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-example-pages-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-debuginfo-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-debuginfo-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-2.4.23-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-debuginfo-2.4.23-45.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-09-20T13:38:52", "description": "Resolves: #1695046 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215 CVE-2019-0217 CVE-2019-0220 httpd: various flaws Resolves: #1694510 httpd-2.4.39 is available Resolves: #1694986 - CVE-2019-0211 httpd:\nprivilege escalation from modules scripts\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-02T00:00:00", "type": "nessus", "title": "Fedora 30 : httpd (2019-cf7695b470)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-09-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-CF7695B470.NASL", "href": "https://www.tenable.com/plugins/nessus/124541", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-cf7695b470.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124541);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/23 11:21:11\");\n\n script_cve_id(\"CVE-2019-0196\", \"CVE-2019-0197\", \"CVE-2019-0211\", \"CVE-2019-0215\", \"CVE-2019-0217\", \"CVE-2019-0220\");\n script_xref(name:\"FEDORA\", value:\"2019-cf7695b470\");\n\n script_name(english:\"Fedora 30 : httpd (2019-cf7695b470)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Resolves: #1695046 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215\nCVE-2019-0217 CVE-2019-0220 httpd: various flaws Resolves: #1694510\nhttpd-2.4.39 is available Resolves: #1694986 - CVE-2019-0211 httpd:\nprivilege escalation from modules scripts\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-cf7695b470\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"httpd-2.4.39-2.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-25T14:17:58", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple vulnerabilities:\n\n - A privilege escalation vulnerability exists in module scripts due to an ability to execute arbitrary code as the parent process by manipulating the scoreboard. (CVE-2019-0211)\n\n - An access control bypass vulnerability exists in mod_auth_digest due to a race condition when running in a threaded server. An attacker with valid credentials could authenticate using another username. (CVE-2019-0217)\n\n - An access control bypass vulnerability exists in mod_ssl when using per-location client certificate verification with TLSv1.3. (CVE-2019-0215)\n\nIn addition, Apache httpd is also affected by several additional vulnerabilities including a denial of service, read-after-free and URL path normalization inconsistencies. \n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-04-02T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.39 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:apache:http_server", "cpe:/a:apache:httpd"], "id": "APACHE_2_4_39.NASL", "href": "https://www.tenable.com/plugins/nessus/123642", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123642);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-0211\",\n \"CVE-2019-0215\",\n \"CVE-2019-0217\",\n \"CVE-2019-0220\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"Apache 2.4.x < 2.4.39 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache running on the remote\nhost is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple\nvulnerabilities:\n\n - A privilege escalation vulnerability exists in\n module scripts due to an ability to execute arbitrary\n code as the parent process by manipulating the\n scoreboard. (CVE-2019-0211)\n\n - An access control bypass vulnerability exists in \n mod_auth_digest due to a race condition when running\n in a threaded server. An attacker with valid credentials\n could authenticate using another username. (CVE-2019-0217)\n\n - An access control bypass vulnerability exists in \n mod_ssl when using per-location client certificate\n verification with TLSv1.3. (CVE-2019-0215)\n\nIn addition, Apache httpd is also affected by several additional \nvulnerabilities including a denial of service, read-after-free\nand URL path normalization inconsistencies. \n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://httpd.apache.org/security/vulnerabilities_24.html#2.4.39\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a84bee48\");\n # https://httpd.apache.org/security/vulnerabilities-httpd.xml\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?586e6a34\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.39 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0211\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nconstraints = [\n { 'min_version':'2.4', 'fixed_version':'2.4.39' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:16", "description": "The Apache httpd Project reports :\n\nApache HTTP Server privilege escalation from modules' scripts (CVE-2019-0211) (important)\n\nmod_auth_digest access control bypass (CVE-2019-0217) (important)\n\nmod_ssl access control bypass (CVE-2019-0215) (important)\n\nmod_http2, possible crash on late upgrade (CVE-2019-0197) (low)\n\nmod_http2, read-after-free on a string compare (CVE-2019-0196) (low)\n\nApache httpd URL normalization inconsistincy (CVE-2019-0220) (low)", "cvss3": {}, "published": "2019-04-03T00:00:00", "type": "nessus", "title": "FreeBSD : Apache -- Multiple vulnerabilities (cf2105c6-551b-11e9-b95c-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache24", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CF2105C6551B11E9B95CB499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/123644", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123644);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-0196\", \"CVE-2019-0211\", \"CVE-2019-0215\", \"CVE-2019-0217\", \"CVE-2019-0220\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"FreeBSD : Apache -- Multiple vulnerabilities (cf2105c6-551b-11e9-b95c-b499baebfeaf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Apache httpd Project reports :\n\nApache HTTP Server privilege escalation from modules' scripts\n(CVE-2019-0211) (important)\n\nmod_auth_digest access control bypass (CVE-2019-0217) (important)\n\nmod_ssl access control bypass (CVE-2019-0215) (important)\n\nmod_http2, possible crash on late upgrade (CVE-2019-0197) (low)\n\nmod_http2, read-after-free on a string compare (CVE-2019-0196) (low)\n\nApache httpd URL normalization inconsistincy (CVE-2019-0220) (low)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.apache.org/dist/httpd/CHANGES_2.4.39\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://httpd.apache.org/security/vulnerabilities_24.html\"\n );\n # https://vuxml.freebsd.org/freebsd/cf2105c6-551b-11e9-b95c-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc2f167e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0211\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache24<2.4.39\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:10:32", "description": "In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211)\n\nmod_http2: read-after-free on a string compare (CVE-2019-0196)\n\nmod_http2: possible crash on late upgrade (CVE-2019-0197)\n\nhttpd: URL normalization inconsistency (CVE-2019-0220)\n\nIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215)\n\nA race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)", "cvss3": {}, "published": "2019-04-18T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : httpd (ALAS-2019-1189)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-filesystem", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ldap", "p-cpe:/a:amazon:linux:mod_md", "p-cpe:/a:amazon:linux:mod_proxy_html", "p-cpe:/a:amazon:linux:mod_session", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/124125", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1189.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124125);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-0196\", \"CVE-2019-0197\", \"CVE-2019-0211\", \"CVE-2019-0215\", \"CVE-2019-0217\", \"CVE-2019-0220\");\n script_xref(name:\"ALAS\", value:\"2019-1189\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"Amazon Linux 2 : httpd (ALAS-2019-1189)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"In Apache HTTP Server with MPM event, worker or prefork, code\nexecuting in less-privileged child processes or threads (including\nscripts executed by an in-process scripting interpreter) could execute\narbitrary code with the privileges of the parent process (usually\nroot) by manipulating the scoreboard. (CVE-2019-0211)\n\nmod_http2: read-after-free on a string compare (CVE-2019-0196)\n\nmod_http2: possible crash on late upgrade (CVE-2019-0197)\n\nhttpd: URL normalization inconsistency (CVE-2019-0220)\n\nIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl\nwhen using per-location client certificate verification with TLSv1.3\nallowed a client to bypass configured access control\nrestrictions.(CVE-2019-0215)\n\nA race condition was found in mod_auth_digest when the web server was\nrunning in a threaded MPM configuration. It could allow a user with\nvalid credentials to authenticate using another username, bypassing\nconfigured access control restrictions.(CVE-2019-0217)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1189.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0211\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"httpd-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-debuginfo-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-devel-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-filesystem-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-manual-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-tools-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_ldap-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_md-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_proxy_html-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_session-2.4.39-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_ssl-2.4.39-1.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-filesystem / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:09:59", "description": "Versions of Apache HTTP server prior to 2.4.39 are unpatched, and therefore affected by multiple vulnerabilities :\n\n - Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. (CVE-2019-0196)\n - When HTTP/2 was enabled for a 'http: host' or H2Upgrade was enabled for h2 on a 'https: host', an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for HTTPS and did not configure the \"H2Upgrade on\" is unaffected by this. (CVE-2019-0197)\n - With MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard. (CVE-2019-0211)\n - A bug in 'mod_ssl' when using per-location client certificate verification with TLSv1.3 allows a client supporting Post-Handshake Authentication to bypass configured access control restrictions. (CVE-2019-0215)\n - A race condition in 'mod_auth_digest' when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. (CVE-2019-0217)\n - When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as 'LocationMatch' and 'RewriteRule' must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. (CVE-2019-0220)", "cvss3": {}, "published": "2019-04-08T00:00:00", "type": "nessus", "title": "Apache HTTP Server < 2.4.39 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-04-08T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "700509.PRM", "href": "https://www.tenable.com/plugins/nnm/700509", "sourceData": "Binary data 700509.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:10:28", "description": "In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211)\n\nA vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.(CVE-2019-0220)\n\nIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215)\n\nA vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38.\nUsing fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.(CVE-2019-0196)\n\nA vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set 'H2Upgrade on' are unaffected by this issue.(CVE-2019-0197)\n\nA race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)", "cvss3": {}, "published": "2019-04-10T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd24 (ALAS-2019-1189)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd24", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_md", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:mod24_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1189.NASL", "href": "https://www.tenable.com/plugins/nessus/123958", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1189.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123958);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-0196\", \"CVE-2019-0197\", \"CVE-2019-0211\", \"CVE-2019-0215\", \"CVE-2019-0217\", \"CVE-2019-0220\");\n script_xref(name:\"ALAS\", value:\"2019-1189\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 (ALAS-2019-1189)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"In Apache HTTP Server with MPM event, worker or prefork, code\nexecuting in less-privileged child processes or threads (including\nscripts executed by an in-process scripting interpreter) could execute\narbitrary code with the privileges of the parent process (usually\nroot) by manipulating the scoreboard. (CVE-2019-0211)\n\nA vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When\nthe path component of a request URL contains multiple consecutive\nslashes ('/'), directives such as LocationMatch and RewriteRule must\naccount for duplicates in regular expressions while other aspects of\nthe servers processing will implicitly collapse them.(CVE-2019-0220)\n\nIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl\nwhen using per-location client certificate verification with TLSv1.3\nallowed a client to bypass configured access control\nrestrictions.(CVE-2019-0215)\n\nA vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38.\nUsing fuzzed network input, the http/2 request handling could be made\nto access freed memory in string comparison when determining the\nmethod of a request and thus process the request\nincorrectly.(CVE-2019-0196)\n\nA vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When\nHTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on\na https: host, an Upgrade request from http/1.1 to http/2 that was not\nthe first request on a connection could lead to a misconfiguration and\ncrash. Server that never enabled the h2 protocol or that only enabled\nit for https: and did not set 'H2Upgrade on' are unaffected by this\nissue.(CVE-2019-0197)\n\nA race condition was found in mod_auth_digest when the web server was\nrunning in a threaded MPM configuration. It could allow a user with\nvalid credentials to authenticate using another username, bypassing\nconfigured access control restrictions.(CVE-2019-0217)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1189.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update httpd24' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0211\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-2.4.39-1.87.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-debuginfo-2.4.39-1.87.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-devel-2.4.39-1.87.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-manual-2.4.39-1.87.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-tools-2.4.39-1.87.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ldap-2.4.39-1.87.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_md-2.4.39-1.87.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_proxy_html-2.4.39-1.87.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_session-2.4.39-1.87.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ssl-2.4.39-1.87.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T16:39:34", "description": "USN-4113-1 fixed vulnerabilities in the Apache HTTP server.\nUnfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash).\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations.\nA remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-18T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server regression (USN-4113-2) (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4113-2.NASL", "href": "https://www.tenable.com/plugins/nessus/128993", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4113-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128993);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_xref(name:\"USN\", value:\"4113-2\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server regression (USN-4113-2) (Internal Data Buffering)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4113-1 fixed vulnerabilities in the Apache HTTP server.\nUnfortunately, that update introduced a regression when proxying\nbalancer manager connections in some configurations. This update fixes\nthe problem.\n\nWe apologize for the inconvenience.\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache did\nnot properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some\nsituations. A remote attacker could use this to cause a denial of\nservice (daemon crash). This issue only affected Ubuntu 18.04 LTS and\nUbuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in Apache\nwhen performing HTTP/2 very early pushes in some situations. A remote\nattacker could use this to cause a denial of service (daemon crash).\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the\nHTTP/2 implementation in Apache during connection shutdown. A remote\nattacker could use this to possibly cause a denial of service (daemon\ncrash) or possibly expose sensitive information. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of Apache did\nnot properly filter URLs when reporting errors in some configurations.\nA remote attacker could possibly use this issue to conduct cross-site\nscripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache\ncontained a stack buffer overflow when parsing headers from a trusted\nintermediary proxy in some situations. A remote attacker controlling a\ntrusted proxy could use this to cause a denial of service or possibly\nexecute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache\nwas vulnerable to open redirects in some situations. A remote attacker\ncould use this to possibly expose sensitive information or bypass\nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache\ndid not properly limit the amount of buffering for client connections\nin some situations. A remote attacker could use this to cause a denial\nof service (unresponsive daemon). This issue only affected Ubuntu\n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4113-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected apache2 and / or apache2-bin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2\", pkgver:\"2.4.18-2ubuntu3.13\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.18-2ubuntu3.13\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"apache2\", pkgver:\"2.4.29-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.29-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"apache2\", pkgver:\"2.4.38-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.38-2ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-bin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T16:36:38", "description": "Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash).\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations.\nA remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server vulnerabilities (USN-4113-1) (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4113-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128412", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4113-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128412);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_xref(name:\"USN\", value:\"4113-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server vulnerabilities (USN-4113-1) (Internal Data Buffering)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Stefan Eissing discovered that the HTTP/2 implementation in Apache did\nnot properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some\nsituations. A remote attacker could use this to cause a denial of\nservice (daemon crash). This issue only affected Ubuntu 18.04 LTS and\nUbuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in Apache\nwhen performing HTTP/2 very early pushes in some situations. A remote\nattacker could use this to cause a denial of service (daemon crash).\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the\nHTTP/2 implementation in Apache during connection shutdown. A remote\nattacker could use this to possibly cause a denial of service (daemon\ncrash) or possibly expose sensitive information. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of Apache did\nnot properly filter URLs when reporting errors in some configurations.\nA remote attacker could possibly use this issue to conduct cross-site\nscripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache\ncontained a stack buffer overflow when parsing headers from a trusted\nintermediary proxy in some situations. A remote attacker controlling a\ntrusted proxy could use this to cause a denial of service or possibly\nexecute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache\nwas vulnerable to open redirects in some situations. A remote attacker\ncould use this to possibly expose sensitive information or bypass\nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache\ndid not properly limit the amount of buffering for client connections\nin some situations. A remote attacker could use this to cause a denial\nof service (unresponsive daemon). This issue only affected Ubuntu\n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4113-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected apache2 and / or apache2-bin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2\", pkgver:\"2.4.18-2ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.18-2ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"apache2\", pkgver:\"2.4.29-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.29-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"apache2\", pkgver:\"2.4.38-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.38-2ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-bin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:25:52", "description": "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:\n\n - An unspecified vulnerability in Networking (cURL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-3822)\n\n - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow an unauthenticated attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-1559)\n\n - An unspecified vulnerability in Networking (OpenSSL) subcomponent of Oracle Enterprise Manager Ops Center, which could allow a low privileged attacker with network access to compromise Enterprise Manager Ops Center. (CVE-2019-2728)", "cvss3": {}, "published": "2019-07-17T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Ops Center (Jul 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-1559", "CVE-2019-2728", "CVE-2019-3822"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager_ops_center"], "id": "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2019_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/126777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126777);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-0211\",\n \"CVE-2019-0215\",\n \"CVE-2019-0217\",\n \"CVE-2019-0220\",\n \"CVE-2019-1559\",\n \"CVE-2019-2728\",\n \"CVE-2019-3822\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0227\");\n\n script_name(english:\"Oracle Enterprise Manager Ops Center (Jul 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Cloud Control installed on\nthe remote host is affected by multiple vulnerabilities in\nEnterprise Manager Base Platform component:\n\n - An unspecified vulnerability in Networking (cURL) subcomponent\n of Oracle Enterprise Manager Ops Center, which could allow\n an unauthenticated attacker with network access to\n compromise Enterprise Manager Ops Center. (CVE-2019-3822)\n\n - An unspecified vulnerability in Networking (OpenSSL) subcomponent\n of Oracle Enterprise Manager Ops Center, which could allow\n an unauthenticated attacker with network access to\n compromise Enterprise Manager Ops Center. (CVE-2019-1559)\n\n - An unspecified vulnerability in Networking (OpenSSL) subcomponent\n of Oracle Enterprise Manager Ops Center, which could allow\n a low privileged attacker with network access to\n compromise Enterprise Manager Ops Center. (CVE-2019-2728)\");\n # https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9aa2b901\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2019\nOracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-3822\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager_ops_center\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_ops_center_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Ops Center\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle_em_ops_center.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\n\nvar constraints = [\n {'min_version': '12.3.3.0', 'max_version': '12.3.3.9999', 'uce_patch': '29943334'},\n {'min_version': '12.4.0.0', 'max_version': '12.4.0.9999', 'uce_patch': '30044132'}\n];\n\nvar app_info = vcf::oracle_em_ops_center::get_app_info();\n\nvcf::oracle_em_ops_center::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:26", "description": "The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2644 advisory.\n\n - expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20843", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-15903", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-11080", "CVE-2020-1934", "CVE-2020-7595"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-pkcs11"], "id": "REDHAT-RHSA-2020-2644.NASL", "href": "https://www.tenable.com/plugins/nessus/137705", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2644. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137705);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-20843\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-15903\",\n \"CVE-2019-19956\",\n \"CVE-2019-20388\",\n \"CVE-2020-1934\",\n \"CVE-2020-7595\",\n \"CVE-2020-11080\"\n );\n script_bugtraq_id(107665, 107669);\n script_xref(name:\"RHSA\", value:\"2020:2644\");\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n script_xref(name:\"IAVA\", value:\"2019-A-0098-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2644 advisory.\n\n - expat: large number of colons in input makes parser consume high amount of resources, leading to DoS\n (CVE-2018-20843)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)\n\n - libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956)\n\n - libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n\n - nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\n - libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-20843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-7595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1723723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1752592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1788856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1799734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1799786\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1844929\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-1934\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(122, 125, 400, 401, 416, 444, 456, 770, 772, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-pkcs11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['6','7'])) audit(AUDIT_OS_NOT, 'Red Hat 6.x / 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/6/6Server/i386/jbcs/1/debug',\n 'content/dist/rhel/server/6/6Server/i386/jbcs/1/os',\n 'content/dist/rhel/server/6/6Server/i386/jbcs/1/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/jbcs/1/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/jbcs/1/os',\n 'content/dist/rhel/server/6/6Server/x86_64/jbcs/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jbcs-httpd24-curl-7.64.1-36.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-curl-7.64.1-36.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-manual-2.4.37-57.jbcs.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-7.64.1-36.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-7.64.1-36.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-devel-7.64.1-36.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-devel-7.64.1-36.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.14-4.Final_redhat_2.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.14-4.Final_redhat_2.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.15.7-3.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.15.7-3.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-ap24-1.2.48-4.redhat_1.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-ap24-1.2.48-4.redhat_1.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-manual-1.2.48-4.redhat_1.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-manual-1.2.48-4.redhat_1.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_md-2.0.8-24.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_md-2.0.8-24.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_security-2.9.2-51.GA.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_security-2.9.2-51.GA.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-57.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-57.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-1.39.2-25.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-1.39.2-25.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-devel-1.39.2-25.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-devel-1.39.2-25.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jbcs-httpd24-curl-7.64.1-36.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-manual-2.4.37-57.jbcs.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-7.64.1-36.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-devel-7.64.1-36.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.14-4.Final_redhat_2.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.15.7-3.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-ap24-1.2.48-4.redhat_1.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-manual-1.2.48-4.redhat_1.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_md-2.0.8-24.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_security-2.9.2-51.GA.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-57.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-1.39.2-25.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-devel-1.39.2-25.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-pkcs11-0.4.10-7.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jbcs-httpd24-curl / jbcs-httpd24-httpd / jbcs-httpd24-httpd-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T15:32:49", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4751 advisory.\n\n - httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : httpd:2.4 (CESA-2020:4751)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-filesystem", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_http2", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_md", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl"], "id": "CENTOS8_RHSA-2020-4751.NASL", "href": "https://www.tenable.com/plugins/nessus/145821", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4751. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145821);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2018-17189\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\",\n \"CVE-2020-1927\",\n \"CVE-2020-1934\"\n );\n script_bugtraq_id(106685, 107665, 107669);\n script_xref(name:\"RHSA\", value:\"2020:4751\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"CentOS 8 : httpd:2.4 (CESA-2020:4751)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4751 advisory.\n\n - httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4751\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar appstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module_el8.3.0+477+498bb568', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module_el8.3.0+477+498bb568', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0+452+00a0bbdd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0+452+00a0bbdd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:30:39", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4751 advisory.\n\n - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. (CVE-2019-0196)\n\n - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this issue. (CVE-2019-0197)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVE-2019-10082)\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the PROXY protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. (CVE-2019-10097)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVE-2020-1927)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. (CVE-2020-1934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-filesystem", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_http2", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_md", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl"], "id": "ORACLELINUX_ELSA-2020-4751.NASL", "href": "https://www.tenable.com/plugins/nessus/142762", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4751.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142762);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-17189\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\",\n \"CVE-2020-1927\",\n \"CVE-2020-1934\"\n );\n script_bugtraq_id(106685, 107665, 107669);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4751 advisory.\n\n - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2\n request handling could be made to access freed memory in string comparison when determining the method of\n a request and thus process the request incorrectly. (CVE-2019-0196)\n\n - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain\n resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming\n data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host\n or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not\n the first request on a connection could lead to a misconfiguration and crash. Server that never enabled\n the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this\n issue. (CVE-2019-0197)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead\n to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of\n the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made\n to read memory after being freed, during connection shutdown. (CVE-2019-10082)\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the\n mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point\n to a page of their choice. This would only be exploitable where a server was set up with proxying enabled\n but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy\n server using the PROXY protocol, a specially crafted PROXY header could trigger a stack buffer overflow\n or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by\n untrusted HTTP clients. (CVE-2019-10097)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within\n the request URL. (CVE-2020-1927)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the\n request URL. (CVE-2019-10098)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a\n malicious FTP server. (CVE-2020-1934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4751.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nappstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:30:09", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4751 advisory.\n\n - httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : httpd:2.4 (RHSA-2020:4751)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-filesystem", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_http2", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_md", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2020-4751.NASL", "href": "https://www.tenable.com/plugins/nessus/142397", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4751. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142397);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-17189\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\",\n \"CVE-2020-1927\",\n \"CVE-2020-1934\"\n );\n script_bugtraq_id(107669, 107665, 106685);\n script_xref(name:\"IAVA\", value:\"2020-A-0022\");\n script_xref(name:\"IAVA\", value:\"2020-A-0140\");\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"RHSA\", value:\"2020:4751\");\n script_xref(name:\"IAVA\", value:\"2019-A-0098-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0033-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"RHEL 8 : httpd:2.4 (RHSA-2020:4751)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4751 advisory.\n\n - httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-17189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1668497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 120, 400, 416, 444, 456, 601);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'httpd:2.4': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7670+8bf57d29', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7670+8bf57d29', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7670+8bf57d29', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:53", "description": "An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements.\nRefer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es) :\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)\n\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n\n* mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\n* mod_session_cookie does not respect expiry time (CVE-2018-17199)\n\n* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n\n* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n\n* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n\n* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-22T00:00:00", "type": "nessus", "title": "RHEL 7 : JBoss Core Services (RHSA-2019:3933) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0734", "CVE-2018-0737", "CVE-2018-17189", "CVE-2018-17199", "CVE-2018-5407", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0217", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516", "CVE-2019-9517"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3933.NASL", "href": "https://www.tenable.com/plugins/nessus/131216", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3933. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131216);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-0734\",\n \"CVE-2018-0737\",\n \"CVE-2018-17189\",\n \"CVE-2018-17199\",\n \"CVE-2018-5407\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-0217\",\n \"CVE-2019-9511\",\n \"CVE-2019-9513\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3933\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"RHEL 7 : JBoss Core Services (RHSA-2019:3933) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are\npart of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nPack Apache Server 2.4.29 and includes bug fixes and enhancements.\nRefer to the Release Notes for information on the most significant bug\nfixes and enhancements included in this release.\n\nSecurity Fix(es) :\n\n* openssl: RSA key generation cache timing vulnerability in\ncrypto/rsa/ rsa_gen.c allows attackers to recover private keys\n(CVE-2018-0737)\n\n* openssl: timing side channel attack in the DSA signature algorithm\n(CVE-2018-0734)\n\n* mod_auth_digest: access control bypass due to race condition\n(CVE-2019-0217)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading\narchitectures (PortSmash) (CVE-2018-5407)\n\n* mod_session_cookie does not respect expiry time (CVE-2018-17199)\n\n* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* nghttp2: HTTP/2: large amount of data request leads to denial of\nservice (CVE-2019-9511)\n\n* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive\nresource consumption (CVE-2019-9513)\n\n* mod_http2: HTTP/2: 0-length headers leads to denial of service\n(CVE-2019-9516)\n\n* mod_http2: HTTP/2: request for large response leads to denial of\nservice (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-0734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-0737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-0196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-0197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-0217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9517\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3933\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-1.6.3-63.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-debuginfo-1.6.3-63.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-devel-1.6.3-63.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-debuginfo-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-devel-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-ldap-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-mysql-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-nss-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-odbc-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-openssl-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-pgsql-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-sqlite-1.6.1-48.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-brotli-1.0.6-7.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-brotli-debuginfo-1.0.6-7.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-brotli-devel-1.0.6-7.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-curl-7.64.1-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-curl-debuginfo-7.64.1-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-httpd-manual-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-jansson-2.11-20.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-jansson-debuginfo-2.11-20.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-jansson-devel-2.11-20.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-libcurl-7.64.1-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-libcurl-devel-7.64.1-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.12-9.Final_redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-9.Final_redhat_2.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-ap24-1.2.46-22.redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-debuginfo-1.2.46-22.redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-manual-1.2.46-22.redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_md-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_security-2.9.2-16.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_security-debuginfo-2.9.2-16.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.37-33.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-1.39.2-4.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-debuginfo-1.39.2-4.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-devel-1.39.2-4.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-1.1.1-25.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-debuginfo-1.1.1-25.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-devel-1.1.1-25.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-libs-1.1.1-25.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-perl-1.1.1-25.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-static-1.1.1-25.jbcs.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbcs-httpd24-apr / jbcs-httpd24-apr-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:53", "description": "Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements.\nRefer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es) :\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/ Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2019-11-22T00:00:00", "type": "nessus", "title": "RHEL 6 : JBoss Core Services (RHSA-2019:3932) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0734", "CVE-2018-0737", "CVE-2018-17189", "CVE-2018-17199", "CVE-2018-5407", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0217", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516", "CVE-2019-9517"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl"], "id": "REDHAT-RHSA-2019-3932.NASL", "href": "https://www.tenable.com/plugins/nessus/131215", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3932. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131215);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-0734\",\n \"CVE-2018-0737\",\n \"CVE-2018-17189\",\n \"CVE-2018-17199\",\n \"CVE-2018-5407\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-0217\",\n \"CVE-2019-9511\",\n \"CVE-2019-9513\",\n \"CVE-2019-9516\",\n \"CVE-2019-9517\"\n );\n script_xref(name:\"RHSA\", value:\"2019:3932\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"RHEL 6 : JBoss Core Services (RHSA-2019:3932) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Updated packages that provide Red Hat JBoss Core Services Pack Apache\nServer 2.4.37 and fix several bugs, and add various enhancements are\nnow available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are\npart of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nPack Apache Server 2.4.29 and includes bug fixes and enhancements.\nRefer to the Release Notes for information on the most significant bug\nfixes and enhancements included in this release.\n\nSecurity Fix(es) :\n\n* openssl: RSA key generation cache timing vulnerability in\ncrypto/rsa/ rsa_gen.c allows attackers to recover private keys\n(CVE-2018-0737) * openssl: timing side channel attack in the DSA\nsignature algorithm (CVE-2018-0734) * mod_auth_digest: access control\nbypass due to race condition (CVE-2019-0217) * openssl: Side-channel\nvulnerability on SMT/ Hyper-Threading architectures (PortSmash)\n(CVE-2018-5407) * mod_session_cookie does not respect expiry time\n(CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies\n(CVE-2018-17189) * mod_http2: possible crash on late upgrade\n(CVE-2019-0197) * mod_http2: read-after-free on a string compare\n(CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads\nto denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using\nPRIORITY frames resulting in excessive resource consumption\n(CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial\nof service (CVE-2019-9516) * mod_http2: HTTP/2: request for large\nresponse leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-0734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-0737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-17199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-0196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-0197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-0217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-9517\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-0217\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-jansson-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3932\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-1.6.3-63.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-1.6.3-63.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-debuginfo-1.6.3-63.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-debuginfo-1.6.3-63.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-devel-1.6.3-63.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-devel-1.6.3-63.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-debuginfo-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-debuginfo-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-devel-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-devel-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-ldap-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-ldap-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-mysql-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-mysql-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-nss-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-nss-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-odbc-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-odbc-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-openssl-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-openssl-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-pgsql-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-pgsql-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-apr-util-sqlite-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-apr-util-sqlite-1.6.1-48.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-brotli-1.0.6-7.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-brotli-1.0.6-7.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-brotli-debuginfo-1.0.6-7.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-brotli-debuginfo-1.0.6-7.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-brotli-devel-1.0.6-7.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-brotli-devel-1.0.6-7.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-curl-7.64.1-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-curl-7.64.1-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-curl-debuginfo-7.64.1-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-curl-debuginfo-7.64.1-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-devel-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-httpd-manual-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-selinux-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-tools-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-jansson-2.11-20.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-jansson-2.11-20.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-jansson-debuginfo-2.11-20.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-jansson-debuginfo-2.11-20.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-jansson-devel-2.11-20.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-jansson-devel-2.11-20.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-libcurl-7.64.1-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-libcurl-7.64.1-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-libcurl-devel-7.64.1-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-libcurl-devel-7.64.1-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.12-9.Final_redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.12-9.Final_redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-9.Final_redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.12-9.Final_redhat_2.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_jk-ap24-1.2.46-22.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-ap24-1.2.46-22.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_jk-debuginfo-1.2.46-22.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-debuginfo-1.2.46-22.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_jk-manual-1.2.46-22.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_jk-manual-1.2.46-22.redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ldap-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_md-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_md-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_security-2.9.2-16.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_security-2.9.2-16.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_security-debuginfo-2.9.2-16.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_security-debuginfo-2.9.2-16.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_session-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ssl-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.37-33.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-nghttp2-1.39.2-4.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-1.39.2-4.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-nghttp2-debuginfo-1.39.2-4.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-debuginfo-1.39.2-4.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-nghttp2-devel-1.39.2-4.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-nghttp2-devel-1.39.2-4.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-debuginfo-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-debuginfo-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-devel-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-devel-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-libs-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-libs-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-perl-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-perl-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-static-1.1.1-25.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-static-1.1.1-25.jbcs.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbcs-httpd24-apr / jbcs-httpd24-apr-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:48:12", "description": "The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple vulnerabilities:\n\n - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. (CVE-2018-17199)\n\n - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. (CVE-2019-0196)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this issue. (CVE-2019-0197)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVE-2019-10082)\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above info will mitigate this vulnerability for unpatched servers. (CVE-2020-11993)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVE-2020-1927)\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVE-2021-26690)\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow (CVE-2021-26691)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-25T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2023-1001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17189", "CVE-2018-17199", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2020-11993", "CVE-2020-1927", "CVE-2021-26690", "CVE-2021-26691", "CVE-2021-39275", "CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-04-26T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:httpd", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2023-1001_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/174760", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2023-1001. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174760);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/26\");\n\n script_cve_id(\n \"CVE-2018-17189\",\n \"CVE-2018-17199\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2020-1927\",\n \"CVE-2020-11993\",\n \"CVE-2021-26690\",\n \"CVE-2021-26691\",\n \"CVE-2021-39275\",\n \"CVE-2021-44790\",\n \"CVE-2022-22720\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2023-1001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple\nvulnerabilities:\n\n - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain\n resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming\n data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before\n decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since\n the expiry time is loaded when the session is decoded. (CVE-2018-17199)\n\n - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2\n request handling could be made to access freed memory in string comparison when determining the method of\n a request and thus process the request incorrectly. (CVE-2019-0196)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host\n or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not\n the first request on a connection could lead to a misconfiguration and crash. Server that never enabled\n the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this\n issue. (CVE-2019-0197)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead\n to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of\n the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made\n to read memory after being freed, during connection shutdown. (CVE-2019-10082)\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the\n mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point\n to a page of their choice. This would only be exploitable where a server was set up with proxying enabled\n but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on\n certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent\n use of memory pools. Configuring the LogLevel of mod_http2 above info will mitigate this vulnerability\n for unpatched servers. (CVE-2020-11993)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within\n the request URL. (CVE-2020-1927)\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can\n cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVE-2021-26690)\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server\n could cause a heap overflow (CVE-2021-26691)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/notice/NS-SA-2023-1001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2018-17189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2018-17199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-0196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-0197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-10081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-10082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-10092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2020-11993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2020-1927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2021-26690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2021-26691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2021-39275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2022-22720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar os_release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(os_release) || os_release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (os_release !~ \"CGSL MAIN 6.06\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.06');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.06': [\n 'httpd-2.4.37-47.0.1.zncgsl6'\n ]\n};\nvar pkg_list = pkgs[os_release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ibm": [{"lastseen": "2023-02-23T21:41:30", "description": "## Summary\n\nHTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. \n \nThis security bulletin has been updated, on August 8, 2019, as superseding IBM i PTFs are available for CVE-2019-0220 for IBM i 7.2, 7.3, and 7.4. \nThis security bulletin has been updated, on June 21, 2019, as additional IBM i PTFs are available for IBM i 7.4. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-0220](<https://vulners.com/cve/CVE-2019-0220>) \n**DESCRIPTION:** Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158948> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2019-0196](<https://vulners.com/cve/CVE-2019-0196>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a use-after-free on a string compare in the mod_http2 module. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158963> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-0197](<https://vulners.com/cve/CVE-2019-0197>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when HTTP/2 or H2Upgrade was enabled for http/https host in the mod_http2 module. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158964> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nReleases 7.2, 7.3, and 7.4 of IBM i are affected.\n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to IBM i. \n\nReleases 7.2, 7.3 and 7.4 of IBM i are supported and will be fixed.\n\nThe IBM i PTF numbers are:\n\n| **CVE-2019-0196** | **CVE-2019-0197** | **CVE-2019-0220** \n---|---|---|--- \n**IBM i 7.2** | **Not affected** | **Not affected** | **SI70724** \n**IBM i 7.3** | **SI69828** | **SI69828** | **SI70629** \n**IBM i 7.4** | **SI69189** | **SI69189** | **SI70725** \n \n<https://www-945.ibm.com/support/fixcentral/>\n\n_**Important note:** IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220 in the IBM i HTTP Server affect IBM i.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0220"], "modified": "2019-12-18T14:26:38", "id": "916D4B841A8B0DE3D0A5F2B439D18C6BEA4DF5E660343A205D456A1F9FAD0DE2", "href": "https://www.ibm.com/support/pages/node/883380", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T05:45:27", "description": "## Summary\n\nAspera Web Applications (Faspex, Console) have addressed the following Apache Vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-0220](<https://vulners.com/cve/CVE-2019-0220>) \n** DESCRIPTION: **A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158948](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158948>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n \n** CVEID: **[CVE-2019-0196](<https://vulners.com/cve/CVE-2019-0196>) \n** DESCRIPTION: **A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158963](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158963>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2019-0197](<https://vulners.com/cve/CVE-2019-0197>) \n** DESCRIPTION: **A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2019-0217](<https://vulners.com/cve/CVE-2019-0217>) \n** DESCRIPTION: **In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158950>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n \n** CVEID: **[CVE-2019-0215](<https://vulners.com/cve/CVE-2019-0215>) \n** DESCRIPTION: **In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158951>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Aspera Faspex| 4.3.1 \nIBM Aspera Console| 3.3.0 \nIBM Aspera Orchestrator| 3.1.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Aspera Faspex| 4.4.0 \nIBM Aspera Console| 3.4.0 \nIBM Aspera Orchestrator| 3.2.0 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-07T02:12:36", "type": "ibm", "title": "Security Bulletin: Aspera Web Applications (Faspex, Console) are affected by Apache Vulnerabilities (CVE-2019-0196, CVE-2019-0197, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2020-02-07T02:12:36", "id": "94BDE6E9969FAA2846B7CFD346BCB2F6B62A01961F684586B1AB53CC8BBFF8D9", "href": "https://www.ibm.com/support/pages/node/1489173", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:12", "description": "## Summary\n\nApache HTTP Server has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. \n\n## Vulnerability Details\n\nThis section includes the vulnerability details that affects the Rational Build Forge.\n\n**CVEID:** [CVE-2019-0220](<https://vulners.com/cve/CVE-2019-0220>) \n**DESCRIPTION:** Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158948> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2019-0196](<https://vulners.com/cve/CVE-2019-0196>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a use-after-free on a string compare in the mod_http2 module. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158963> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-0197](<https://vulners.com/cve/CVE-2019-0197>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when HTTP/2 or H2Upgrade was enabled for http/https host in the mod_http2 module. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158964> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-0217](<https://vulners.com/cve/CVE-2019-0217>) \n**DESCRIPTION:** Apache HTTP Server could allow a remote authenticated attacker to bypass security restrictions, caused by a race condition in mod_auth_digest when running in a threaded server. An attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2019-0215](<https://vulners.com/cve/CVE-2019-0215>) \n**DESCRIPTION:** Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by a bug in mod_ssl. An attacker could exploit this vulnerability to bypass configured access control restrictions. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2019-0211](<https://vulners.com/cve/CVE-2019-0211>) \n**DESCRIPTION:** Apache HTTP Server could allow a local authenticated attacker to gain elevated privileges on the system, caused by the execution of code in less-privileged child processes or threads from modules' scripts. By manipulating the scoreboard, an attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. \nCVSS Base Score: 8.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158929> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Rational Build Forge 8.0 to 8.0.0.11.\n\n## Remediation/Fixes\n\nYou must download the Fix pack specified in the following table and apply it.\n\n**Affected Supporting Product**\n\n| \n\n**Remediation/Fix ** \n \n---|--- \n \nIBM Rational Build Forge 8.0 - 8.0.0.11\n\n| Rational Build Forge 8.0.0.12 [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.12&source=SAR>). \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-23T17:45:01", "type": "ibm", "title": "Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0196;CVE-2019-0197;CVE-2019-0211;CVE-2019-0215;CVE-2019-0217; and CVE-2019-0220)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-07-23T17:45:01", "id": "6E40DDCBEC654A7829306510074B291211F91ADCC0F6835AB58383A7E7D77585", "href": "https://www.ibm.com/support/pages/node/881246", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2020-04-06T22:39:46", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2019-05-07T05:29:00", "type": "f5", "title": "Apache vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0220", "CVE-2019-0197", "CVE-2019-0196"], "modified": "2019-07-01T20:15:00", "id": "F5:K44591505", "href": "https://support.f5.com/csp/article/K44591505", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-11-06T10:41:13", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for apache2 fixes the following issues:\n\n * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy\n for URL normalization throughout all of its components. In particular,\n consecutive slashes were not always collapsed. Attackers could\n potentially abuse these inconsistencies to by-pass access control\n mechanisms and thus gain unauthorized access to protected parts of the\n service. [bsc#1131241]\n\n * CVE-2019-0217: A race condition in Apache's \"mod_auth_digest\" when\n running in a threaded server could have allowed users with valid\n credentials to authenticate using another username, bypassing configured\n access control restrictions. [bsc#1131239]\n\n * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged\n child processes or threads to execute arbitrary code with the privileges\n of the parent process. Attackers with control over CGI scripts or\n extension modules run by the server could have abused this issue to\n potentially gain super user privileges. [bsc#1131233]\n\n * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for\n a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an\n Upgrade request from http/1.1 to http/2 that was not the first request\n on a connection could lead to a misconfiguration and crash. This issue\n could have been abused to mount a denial-of-service attack. Servers that\n never enabled the h2 protocol or that only enabled it for https: and did\n not configure the \"H2Upgrade on\" are unaffected. [bsc#1131245]\n\n * CVE-2019-0196: Through specially crafted network input the Apache's\n http/2 request handler could be lead to access previously freed memory\n while determining the method of a request. This resulted in the request\n being misclassified and thus being processed incorrectly. [bsc#1131237]\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1258=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-23T00:00:00", "type": "suse", "title": "Security update for apache2 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-04-23T00:00:00", "id": "OPENSUSE-SU-2019:1258-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SOYY34KTSZJH4WOLOBYSCK7RBN7SVB2F/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T12:42:07", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for apache2 fixes the following issues:\n\n * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged\n child processes or threads to execute arbitrary code with the privileges\n of the parent process. Attackers with control over CGI scripts or\n extension modules run by the server could have abused this issue to\n potentially gain super user privileges. [bsc#1131233]\n\n * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy\n for URL normalization throughout all of its components. In particular,\n consecutive slashes were not always collapsed. Attackers could\n potentially abuse these inconsistencies to by-pass access control\n mechanisms and thus gain unauthorized access to protected parts of the\n service. [bsc#1131241]\n\n * CVE-2019-0217: A race condition in Apache's \"mod_auth_digest\" when\n running in a threaded server could have allowed users with valid\n credentials to authenticate using another username, bypassing configured\n access control restrictions. [bsc#1131239]\n\n * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for\n a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an\n Upgrade request from http/1.1 to http/2 that was not the first request\n on a connection could lead to a misconfiguration and crash. This issue\n could have been abused to mount a denial-of-service attack. Servers that\n never enabled the h2 protocol or that only enabled it for https: and did\n not configure the \"H2Upgrade on\" are unaffected. [bsc#1131245]\n\n * CVE-2019-0196: Through specially crafted network input the Apache's\n http/2 request handler could be lead to access previously freed memory\n while determining the method of a request. This resulted in the request\n being misclassified and thus being processed incorrectly. [bsc#1131237]\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1209=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-16T00:00:00", "type": "suse", "title": "Security update for apache2 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-04-16T00:00:00", "id": "OPENSUSE-SU-2019:1209-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RNLNPLSIVUYNHELCO7GMIQ3KIORYAK6L/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T12:42:07", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for apache2 fixes the following issues:\n\n * CVE-2019-0220: The Apache HTTP server did not use a consistent strategy\n for URL normalization throughout all of its components. In particular,\n consecutive slashes were not always collapsed. Attackers could\n potentially abuse these inconsistencies to by-pass access control\n mechanisms and thus gain unauthorized access to protected parts of the\n service. [bsc#1131241]\n * CVE-2019-0217: A race condition in Apache's \"mod_auth_digest\" when\n running in a threaded server could have allowed users with valid\n credentials to authenticate using another username, bypassing configured\n access control restrictions. [bsc#1131239]\n * CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged\n child processes or threads to execute arbitrary code with the privileges\n of the parent process. Attackers with control over CGI scripts or\n extension modules run by the server could have abused this issue to\n potentially gain super user privileges. [bsc#1131233]\n * CVE-2019-0197: When HTTP/2 support was enabled in the Apache server for\n a 'http' host or H2Upgrade was enabled for h2 on a 'https' host, an\n Upgrade request from http/1.1 to http/2 that was not the first request\n on a connection could lead to a misconfiguration and crash. This issue\n could have been abused to mount a denial-of-service attack. Servers that\n never enabled the h2 protocol or that only enabled it for https: and did\n not configure the \"H2Upgrade on\" are unaffected. [bsc#1131245]\n * CVE-2019-0196: Through specially crafted network input the Apache's\n http/2 request handler could be lead to access previously freed memory\n while determining the method of a request. This resulted in the request\n being misclassified and thus being processed incorrectly. [bsc#1131237]\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1190=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-11T00:00:00", "type": "suse", "title": "Security update for apache2 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-04-11T00:00:00", "id": "OPENSUSE-SU-2019:1190-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FDFK4HDIIBODNEBCEMSXMGNAT4V56ZSB/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-04-05T00:03:02", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: httpd-2.4.39-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-04-05T00:03:02", "id": "FEDORA:783AC609A69C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-07-26T17:33:14", "description": "### *Detect date*:\n04/01/2019\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nApache HTTP Server earlier than 2.4.39\n\n### *Solution*:\nUpdate to the latest version \n[Download Apache HTTP Server](<https://httpd.apache.org/download.cgi>)\n\n### *Original advisories*:\n[Fixed in Apache HTTP Server 2.4.39](<https://httpd.apache.org/security/vulnerabilities_24.html#2.4.39>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apache HTTP Server](<https://threats.kaspersky.com/en/product/Apache-HTTP-Server/>)\n\n### *CVE-IDS*:\n[CVE-2019-0197](<https://vulners.com/cve/CVE-2019-0197>)4.9Warning \n[CVE-2019-0215](<https://vulners.com/cve/CVE-2019-0215>)6.0High \n[CVE-2019-0220](<https://vulners.com/cve/CVE-2019-0220>)5.0Critical \n[CVE-2019-0211](<https://vulners.com/cve/CVE-2019-0211>)7.2High \n[CVE-2019-0196](<https://vulners.com/cve/CVE-2019-0196>)5.0Critical \n[CVE-2019-0217](<https://vulners.com/cve/CVE-2019-0217>)6.0High", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-01T00:00:00", "type": "kaspersky", "title": "KLA12365 Multiple vulnerabilities in Apache HTTP Server", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2022-01-18T00:00:00", "id": "KLA12365", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12365/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2023-07-26T20:35:39", "description": "**Issue Overview:**\n\nIn Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211)\n\nA vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.(CVE-2019-0220)\n\nIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215)\n\nA vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.(CVE-2019-0196)\n\nA vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.(CVE-2019-0197)\n\nA race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)\n\n \n**Affected Packages:** \n\n\nhttpd24\n\n \n**Issue Correction:** \nRun _yum update httpd24_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 httpd24-debuginfo-2.4.39-1.87.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_proxy_html-2.4.39-1.87.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-2.4.39-1.87.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-tools-2.4.39-1.87.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-devel-2.4.39-1.87.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_session-2.4.39-1.87.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_ldap-2.4.39-1.87.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_ssl-2.4.39-1.87.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_md-2.4.39-1.87.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 httpd24-manual-2.4.39-1.87.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 httpd24-2.4.39-1.87.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 mod24_session-2.4.39-1.87.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_md-2.4.39-1.87.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_ssl-2.4.39-1.87.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-tools-2.4.39-1.87.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-devel-2.4.39-1.87.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-2.4.39-1.87.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_proxy_html-2.4.39-1.87.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_ldap-2.4.39-1.87.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-debuginfo-2.4.39-1.87.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2019-0196](<https://access.redhat.com/security/cve/CVE-2019-0196>), [CVE-2019-0197](<https://access.redhat.com/security/cve/CVE-2019-0197>), [CVE-2019-0211](<https://access.redhat.com/security/cve/CVE-2019-0211>), [CVE-2019-0215](<https://access.redhat.com/security/cve/CVE-2019-0215>), [CVE-2019-0217](<https://access.redhat.com/security/cve/CVE-2019-0217>), [CVE-2019-0220](<https://access.redhat.com/security/cve/CVE-2019-0220>)\n\nMitre: [CVE-2019-0196](<https://vulners.com/cve/CVE-2019-0196>), [CVE-2019-0197](<https://vulners.com/cve/CVE-2019-0197>), [CVE-2019-0211](<https://vulners.com/cve/CVE-2019-0211>), [CVE-2019-0215](<https://vulners.com/cve/CVE-2019-0215>), [CVE-2019-0217](<https://vulners.com/cve/CVE-2019-0217>), [CVE-2019-0220](<https://vulners.com/cve/CVE-2019-0220>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-05T20:05:00", "type": "amazon", "title": "Important: httpd24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-08-06T21:31:00", "id": "ALAS-2019-1189", "href": "https://alas.aws.amazon.com/ALAS-2019-1189.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-07-26T22:49:28", "description": "**Issue Overview:**\n\nIn Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. (CVE-2019-0211)\n\nmod_http2: read-after-free on a string compare (CVE-2019-0196)\n\nmod_http2: possible crash on late upgrade (CVE-2019-0197)\n\nhttpd: URL normalization inconsistency (CVE-2019-0220)\n\nIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.(CVE-2019-0215)\n\nA race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 httpd-2.4.39-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 httpd-devel-2.4.39-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 httpd-tools-2.4.39-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_ssl-2.4.39-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_md-2.4.39-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_proxy_html-2.4.39-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_ldap-2.4.39-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_session-2.4.39-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.4.39-1.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 httpd-2.4.39-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 httpd-devel-2.4.39-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 httpd-tools-2.4.39-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_ssl-2.4.39-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_md-2.4.39-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_proxy_html-2.4.39-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_ldap-2.4.39-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_session-2.4.39-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.4.39-1.amzn2.0.1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 httpd-manual-2.4.39-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 httpd-filesystem-2.4.39-1.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 httpd-2.4.39-1.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 httpd-2.4.39-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 httpd-devel-2.4.39-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 httpd-tools-2.4.39-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_ssl-2.4.39-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_md-2.4.39-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_proxy_html-2.4.39-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_ldap-2.4.39-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_session-2.4.39-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.4.39-1.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2019-0196](<https://access.redhat.com/security/cve/CVE-2019-0196>), [CVE-2019-0197](<https://access.redhat.com/security/cve/CVE-2019-0197>), [CVE-2019-0211](<https://access.redhat.com/security/cve/CVE-2019-0211>), [CVE-2019-0215](<https://access.redhat.com/security/cve/CVE-2019-0215>), [CVE-2019-0217](<https://access.redhat.com/security/cve/CVE-2019-0217>), [CVE-2019-0220](<https://access.redhat.com/security/cve/CVE-2019-0220>)\n\nMitre: [CVE-2019-0196](<https://vulners.com/cve/CVE-2019-0196>), [CVE-2019-0197](<https://vulners.com/cve/CVE-2019-0197>), [CVE-2019-0211](<https://vulners.com/cve/CVE-2019-0211>), [CVE-2019-0215](<https://vulners.com/cve/CVE-2019-0215>), [CVE-2019-0217](<https://vulners.com/cve/CVE-2019-0217>), [CVE-2019-0220](<https://vulners.com/cve/CVE-2019-0220>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-04T21:49:00", "type": "amazon", "title": "Important: httpd", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-05-20T18:05:00", "id": "ALAS2-2019-1189", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1189.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2023-07-27T02:21:53", "description": "\n\nThe Apache httpd Project reports:\n\nApache HTTP Server privilege escalation from modules' scripts\n\t (CVE-2019-0211) (important)\nmod_auth_digest access control bypass (CVE-2019-0217)\n\t (important)\nmod_ssl access control bypass (CVE-2019-0215) (important)\nmod_http2, possible crash on late upgrade (CVE-2019-0197) (low)\nmod_http2, read-after-free on a string compare (CVE-2019-0196)\n\t (low)\nApache httpd URL normalization inconsistincy (CVE-2019-0220)\n\t (low)\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-01T00:00:00", "type": "freebsd", "title": "Apache -- Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-04-01T00:00:00", "id": "CF2105C6-551B-11E9-B95C-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/cf2105c6-551b-11e9-b95c-b499baebfeaf.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2023-07-26T16:50:13", "description": "Arch Linux Security Advisory ASA-201904-3\n=========================================\n\nSeverity: Critical\nDate : 2019-04-05\nCVE-ID : CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0215\nCVE-2019-0217 CVE-2019-0220\nPackage : apache\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-946\n\nSummary\n=======\n\nThe package apache before version 2.4.39-1 is vulnerable to multiple\nissues including privilege escalation, access restriction bypass and\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 2.4.39-1.\n\n# pacman -Syu \"apache>=2.4.39-1\"\n\nThe problems have been fixed upstream in version 2.4.39.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2019-0196 (denial of service)\n\nA use-after-free issue has been found in the http/2 request handling\ncode of Apache HTTPd <= 2.4.18 and <= 2.4.38. Using crafted network\ninput, the http/2 request handling could be made to access freed memory\nin string comparison when determining the method of a request and thus\nprocess the request incorrectly.\n\n- CVE-2019-0197 (denial of service)\n\nAn issue has been found in Apache HTTPd >= 2.4.34 and <= 2.4.38. When\nHTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on\na https: host, an Upgrade request from http/1.1 to http/2 that was not\nthe first request on a connection could lead to a misconfiguration and\ncrash. A server that never enabled the h2 protocol or that only enabled\nit for https: and did not configure the \"H2Upgrade on\" is unaffected by\nthis.\n\n- CVE-2019-0211 (privilege escalation)\n\nIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event,\nworker or prefork, code executing in less-privileged child processes or\nthreads (including scripts executed by an in-process scripting\ninterpreter) could execute arbitrary code with the privileges of the\nparent process (usually root) by manipulating the scoreboard.\n\n- CVE-2019-0215 (access restriction bypass)\n\nIn Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl\nwhen using per-location client certificate verification with TLSv1.3\nallowed a client supporting Post-Handshake Authentication to bypass\nconfigured access control restrictions.\n\n- CVE-2019-0217 (access restriction bypass)\n\nIn Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in\nmod_auth_digest when running in a threaded server could allow a user\nwith valid credentials to authenticate using another username,\nbypassing configured access control restrictions.\n\n- CVE-2019-0220 (access restriction bypass)\n\nA security issue has been found in Apache HTTPd 2.4.x before 2.4.39.\nWhen the path component of a request URL contains multiple consecutive\nslashes ('/'), directives such as LocationMatch and RewriteRule must\naccount for duplicates in regular expressions while other aspects of\nthe servers processing will implicitly collapse them.\n\nImpact\n======\n\nA remote attacker can bypass access control restrictions, or crash a\nserver via a crafted HTTP/2 query. A local attacker can elevate\nprivileges to root by manipulating the scoreboard.\n\nReferences\n==========\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html\nhttps://security.archlinux.org/CVE-2019-0196\nhttps://security.archlinux.org/CVE-2019-0197\nhttps://security.archlinux.org/CVE-2019-0211\nhttps://security.archlinux.org/CVE-2019-0215\nhttps://security.archlinux.org/CVE-2019-0217\nhttps://security.archlinux.org/CVE-2019-0220", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-05T00:00:00", "type": "archlinux", "title": "[ASA-201904-3] apache: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220"], "modified": "2019-04-05T00:00:00", "id": "ASA-201904-3", "href": "https://security.archlinux.org/ASA-201904-3", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-07-25T00:13:48", "description": "## Releases\n\n * Ubuntu 19.04 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * apache2 \\- Apache HTTP server\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache \ndid not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in \nsome situations. A remote attacker could use this to cause a denial \nof service (daemon crash). This issue only affected Ubuntu 18.04 LTS \nand Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in \nApache when performing HTTP/2 very early pushes in some situations. A \nremote attacker could use this to cause a denial of service (daemon \ncrash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. \n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the \nHTTP/2 implementation in Apache during connection shutdown. A remote \nattacker could use this to possibly cause a denial of service (daemon \ncrash) or possibly expose sensitive information. This issue only \naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of \nApache did not properly filter URLs when reporting errors in some \nconfigurations. A remote attacker could possibly use this issue to \nconduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache \ncontained a stack buffer overflow when parsing headers from a trusted \nintermediary proxy in some situations. A remote attacker controlling a \ntrusted proxy could use this to cause a denial of service or possibly \nexecute arbitrary code. This issue only affected Ubuntu 19.04. \n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache \nwas vulnerable to open redirects in some situations. A remote attacker \ncould use this to possibly expose sensitive information or bypass \nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did \nnot properly limit the amount of buffering for client connections in \nsome situations. A remote attacker could use this to cause a denial \nof service (unresponsive daemon). This issue only affected Ubuntu \n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-08-29T00:00:00", "type": "ubuntu", "title": "Apache HTTP Server vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-08-29T00:00:00", "id": "USN-4113-1", "href": "https://ubuntu.com/security/notices/USN-4113-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-07-16T17:43:13", "description": "## Releases\n\n * Ubuntu 19.04 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * apache2 \\- Apache HTTP server\n\nUSN-4113-1 fixed vulnerabilities in the Apache HTTP server. \nUnfortunately, that update introduced a regression when proxying \nbalancer manager connections in some configurations. This update \nfixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache \ndid not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in \nsome situations. A remote attacker could use this to cause a denial \nof service (daemon crash). This issue only affected Ubuntu 18.04 LTS \nand Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in \nApache when performing HTTP/2 very early pushes in some situations. A \nremote attacker could use this to cause a denial of service (daemon \ncrash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. \n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the \nHTTP/2 implementation in Apache during connection shutdown. A remote \nattacker could use this to possibly cause a denial of service (daemon \ncrash) or possibly expose sensitive information. This issue only \naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of \nApache did not properly filter URLs when reporting errors in some \nconfigurations. A remote attacker could possibly use this issue to \nconduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache \ncontained a stack buffer overflow when parsing headers from a trusted \nintermediary proxy in some situations. A remote attacker controlling a \ntrusted proxy could use this to cause a denial of service or possibly \nexecute arbitrary code. This issue only affected Ubuntu 19.04. \n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache \nwas vulnerable to open redirects in some situations. A remote attacker \ncould use this to possibly expose sensitive information or bypass \nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did \nnot properly limit the amount of buffering for client connections in \nsome situations. A remote attacker could use this to cause a denial \nof service (unresponsive daemon). This issue only affected Ubuntu \n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-09-17T00:00:00", "type": "ubuntu", "title": "Apache HTTP Server regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-09-17T00:00:00", "id": "USN-4113-2", "href": "https://ubuntu.com/security/notices/USN-4113-2", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2023-08-04T12:27:59", "description": "This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity fix(es):\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n* libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash (CVE-2019-19956)\n* libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n* libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n* expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)\n* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-22T12:14:48", "type": "redhat", "title": "(RHSA-2020:2644) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20843", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-15903", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-11080", "CVE-2020-1934", "CVE-2020-7595"], "modified": "2020-06-22T12:21:17", "id": "RHSA-2020:2644", "href": "https://access.redhat.com/errata/RHSA-2020:2644", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-04T12:27:59", "description": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity fix(es):\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n* nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)\n* libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash (CVE-2019-19956)\n* libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388)\n* libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595)\n* expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)\n* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-22T13:04:38", "type": "redhat", "title": "(RHSA-2020:2646) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20843", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-15903", "CVE-2019-19956", "CVE-2019-20388", "CVE-2020-11080", "CVE-2020-1934", "CVE-2020-7595"], "modified": "2020-06-22T13:05:17", "id": "RHSA-2020:2646", "href": "https://access.redhat.com/errata/RHSA-2020:2646", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-04T12:27:58", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)\n\nSecurity Fix(es):\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-03T12:33:02", "type": "redhat", "title": "(RHSA-2020:4751) Moderate: httpd:2.4 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2020-11-04T00:04:21", "id": "RHSA-2020:4751", "href": "https://access.redhat.com/errata/RHSA-2020:4751", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-08-04T12:28:04", "description": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-20T16:05:46", "type": "redhat", "title": "(RHSA-2019:3935) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0734", "CVE-2018-0737", "CVE-2018-17189", "CVE-2018-17199", "CVE-2018-5407", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0217", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516", "CVE-2019-9517"], "modified": "2020-01-06T13:00:07", "id": "RHSA-2019:3935", "href": "https://access.redhat.com/errata/RHSA-2019:3935", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-04T12:28:04", "description": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-20T16:04:55", "type": "redhat", "title": "(RHSA-2019:3932) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0734", "CVE-2018-0737", "CVE-2018-17189", "CVE-2018-17199", "CVE-2018-5407", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0217", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516", "CVE-2019-9517"], "modified": "2020-01-06T13:01:25", "id": "RHSA-2019:3932", "href": "https://access.redhat.com/errata/RHSA-2019:3932", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-04T12:28:04", "description": "This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n* mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n* mod_session_cookie does not respect expiry time (CVE-2018-17199)\n* mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n* mod_http2: possible crash on late upgrade (CVE-2019-0197)\n* mod_http2: read-after-free on a string compare (CVE-2019-0196)\n* nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511)\n* nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)\n* mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516)\n* mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-20T16:05:23", "type": "redhat", "title": "(RHSA-2019:3933) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0734", "CVE-2018-0737", "CVE-2018-17189", "CVE-2018-17199", "CVE-2018-5407", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0217", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9516", "CVE-2019-9517"], "modified": "2020-01-06T13:01:22", "id": "RHSA-2019:3933", "href": "https://access.redhat.com/errata/RHSA-2019:3933", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "rocky": [{"lastseen": "2023-07-26T20:36:06", "description": "An update is available for mod_md.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)\n\nSecurity Fix(es):\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-03T12:33:02", "type": "rocky", "title": "httpd:2.4 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2020-11-03T12:33:02", "id": "RLSA-2020:4751", "href": "https://errata.rockylinux.org/RLSA-2020:4751", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "almalinux": [{"lastseen": "2023-09-27T21:01:03", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)\n\nSecurity Fix(es):\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-03T12:33:02", "type": "almalinux", "title": "Moderate: httpd:2.4 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2022-01-26T07:27:23", "id": "ALSA-2020:4751", "href": "https://errata.almalinux.org/8/ALSA-2020-4751.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:24", "description": "httpd\n[2.4.37-13.0.1]\n- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]\n- Replace index.html with Oracles index page oracle_index.html\n[2.4.37-30]\n- Resolves: #1209162 - support logging to journald from CustomLog\n[2.4.37-29]\n- Resolves: #1823263 (CVE-2020-1934) - CVE-2020-1934 httpd: mod_proxy_ftp use of\n uninitialized value\n[2.4.37-28]\n- Related: #1771847 - BalancerMember ping parameter for mod_proxy_http\n doesnt work\n[2.4.37-27]\n- Resolves: #1823259 - CVE-2020-1927 httpd:2.4/httpd: mod_rewrite configurations\n vulnerable to open redirect\n- Resolves: #1747284 - CVE-2019-10098 httpd:2.4/httpd: mod_rewrite potential\n open redirect\n- Resolves: #1747281 - CVE-2019-10092 httpd:2.4/httpd: limited cross-site\n scripting in mod_proxy error page\n- Resolves: #1747291 - CVE-2019-10097 httpd:2.4/httpd: null-pointer dereference\n in mod_remoteip\n- Resolves: #1771847 - BalancerMember ping parameter for mod_proxy_http\n doesnt work\n- Resolves: #1794728 - Backport of SessionExpiryUpdateInterval directive\nmod_http2\n[1.15.7-2]\n- Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd:\n Push diary crash on specifically crafted HTTP/2 header\n[1.15.7-1]\n- new version 1.15.7\n- Resolves: #1814236 - RFE: mod_http2 rebase\n- Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd:\n read-after-free in h2 connection shutdown\n- Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd:\n mod_http2: possible crash on late upgrade\n- Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd:\n mod_http2: read-after-free on a string compare\n- Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd:\n mod_http2: DoS via slow, unneeded request bodies\nmod_md\n[1:2.0.8-8]\n- Resolves: #1832844 - mod_md does not work with ACME server that does not\n provide keyChange or revokeCert resources", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2020-11-10T00:00:00", "type": "oraclelinux", "title": "httpd:2.4 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-9490"], "modified": "2020-11-10T00:00:00", "id": "ELSA-2020-4751", "href": "http://linux.oracle.com/errata/ELSA-2020-4751.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "symantec": [{"lastseen": "2022-01-11T11:31:28", "description": "**Summary**\n\nSymantec Web Security Group (WSG) products using affected versions of Apache HTTP Server may be susceptible to multiple vulnerabilities. A remote attacker can bypass security controls, modify the behavior of HTTP Server configuration, obtain information from the server process memory, perform XSS attacks, and cause denial of service. A local low-privileged attacker can escalate their privileges on the system.\n\n \n\n**Affected Product(s)**\n\nThe following products and product versions are vulnerable to the CVEs listed. If a CVE is not listed, the product or version is not known to be vulnerable to it.\n\n**Content Analysis (CA)** \n \n--- \n \n**CVE**\n\n| \n\n**Supported Version(s)**\n\n| \n\n**Remediation** \n \nCVE-2019-10098, CVE-2019-0220\n\n| \n\n2.3\n\n| \n\nUpgrade to later release with fixes. \n \n2.4, 3.0, 3.1\n\n| \n\nRemediation is not available at this time. \n \nCVE-2020-1927\n\n| \n\n2.3, 2.4\n\n| \n\nNot vulnerable \n \n3.0, 3.1\n\n| \n\nRemediation is not available at this time. \n \n \n\n \n\n\n**Security Analytics (SA)** \n \n--- \n \n**CVE**\n\n| \n\n**Supported Version(s)**\n\n| \n\n**Remediation** \n \nCVE-2019-0211\n\n| \n\n7.2, 7.3, 8.0\n\n| \n\nUpgrade to later release with fixes. \n \n8.1\n\n| \n\nNot vulnerable, remediation available in 8.1.1. \n \n \n\n**Additional Product Information**\n\nCVE-2019-0211 is exploitable in Security Analytics (SA) only when an authenticated web UI user can create and execute custom Lua scripts for data enrichment workflows. The web UI user must belong to a group that has permissions to modify data enrichment settings and create/edit rules.\n\nThe following products are not vulnerable: \n**Advanced Secure Gateway (ASG) \n****AuthConnector \nBCAAA \nGeneral Auth Connector Login Application \nHSM Agent \nManagement Center (MC) \n****PacketShaper (PS) S-Series \nPolicyCenter (PC) S-Series \nProxySG \nReporter \nSSL Visibility \nSymantec Messaging Gateway (SMG) \nUnified Agent \nWeb Isolation (WI) \nWSS Agent \nWSS Mobile Agent** \n\n \n\n **Issue Details**\n\n**CVE-2018-17189** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**References:**\n\n| \n\nNVD: [CVE-2018-17189](<https://nvd.nist.gov/vuln/detail/CVE-2018-17189>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send crafted HTTP/2 requests and cause denial of service by occupying a server thread. \n \n** **\n\n**CVE-2018-17199** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2018-17199](<https://nvd.nist.gov/vuln/detail/CVE-2018-17199>) \n \n**Impact:**\n\n| \n\nSecurity control bypass \n \n**Description:**\n\n| \n\nA flaw in the mod_session module allows a remote attacker to bypass the session expiry check for sessions stored in HTTP cookies. \n \n** **\n\n**CVE-2019-0190** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0190](<https://nvd.nist.gov/vuln/detail/CVE-2019-0190>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in mod_ssl client renegotiation handling allows a remote attacker to send a crafted request and cause denial of service through excessive CPU consumption. \n \n** **\n\n**CVE-2019-0196** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0196](<https://nvd.nist.gov/vuln/detail/CVE-2019-0196>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send crafted HTTP/2 requests and cause denial of service through invalid memory read access. \n \n** **\n\n**CVE-2019-0197** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 4.2 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0197](<https://nvd.nist.gov/vuln/detail/CVE-2019-0197>) \n \n**Impact:**\n\n| \n\nDenial of service, unauthorized modification \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to upgrade HTTP 1.1 connections to HTTP/2 and cause misconfiguration and denial of service through application crashes. \n \n** **\n\n**CVE-2019-0211** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0211](<https://nvd.nist.gov/vuln/detail/CVE-2019-0211>) \n \n**Impact:**\n\n| \n\nPrivilege escalation \n \n**Description:**\n\n| \n\nA flaw in process and thread handling allows an attacker who can execute low-privileged arbitrary code on the web server to escalate their privileges on the system. To execute arbitrary code, the attacker must have local access or the web server must allow clients to upload arbitrary code for execution. \n \n \n\n**CVE-2019-0215** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0215](<https://nvd.nist.gov/vuln/detail/CVE-2019-0215>) \n \n**Impact:**\n\n| \n\nSecurity control bypass \n \n**Description:**\n\n| \n\nA flaw in the mod_ssl module allows a remote attacker to bypass access control restrictions that use client certificate authentication in TLS 1.3 connections. \n \n \n\n**CVE-2019-0217** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0217](<https://nvd.nist.gov/vuln/detail/CVE-2019-0217>) \n \n**Impact:**\n\n| \n\nSecurity control bypass \n \n**Description:**\n\n| \n\nA flaw in the mod_auth_digest module allows a remote attacker with valid credentials to authenticate using a different username and bypass access control restrictions. \n \n \n\n**CVE-2019-0220** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0220](<https://nvd.nist.gov/vuln/detail/CVE-2019-0220>) \n \n**Impact:**\n\n| \n\nUnauthorized modification \n \n**Description:**\n\n| \n\nA flaw in request handling allows a remote attacker to send crafted requests with multiple slashes ('/') in the URL path component and modify the behavior of configuration directives that match URL path components against regular expressions. \n \n \n\n**CVE-2019-9517** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-9517](<https://nvd.nist.gov/vuln/detail/CVE-2019-9517>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send requests for large objects and cause denial of service through excessive CPU and/or memory consumption. \n \n \n\n**CVE-2019-10081** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10081](<https://nvd.nist.gov/vuln/detail/CVE-2019-10081>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send requests that trigger the HTTP/2 server push functionality and cause denial of service through memory corruption and application crashes. Server Push is a feature of the HTTP/2 protocol that allows the web server to push additional objects to the client when the client requests a different but related object. \n \n \n\n**CVE-2019-10082** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nCritical / 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10082](<https://nvd.nist.gov/vuln/detail/CVE-2019-10082>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send requests that trigger read-after-free memory accesses and cause denial of service through application crashes. \n \n \n\n**CVE-2019-10092** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10092](<https://nvd.nist.gov/vuln/detail/CVE-2019-10092>) \n \n**Impact:**\n\n| \n\nCross-site scripting (XSS) \n \n**Description:**\n\n| \n\nA flaw in the mod_proxy module allows a remote attacker to target a web server user with a crafted link and execute arbitrary code in the user's web browser. The web server must have proxying enabled and be misconfigured in order to show a proxy error page. \n \n \n\n**CVE-2019-10097** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10097](<https://nvd.nist.gov/vuln/detail/CVE-2019-10097>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_remoteip module allows a malicious downstream proxy to send crafted PROXY headers and cause denial of service through memory corruption and application crashes. \n \n \n\n**CVE-2019-10098** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10098](<https://nvd.nist.gov/vuln/detail/CVE-2019-10098>) \n \n**Impact:**\n\n| \n\nOpen redirection \n \n**Description:**\n\n| \n\nA flaw in the mod_rewrite module allows a remote attacker to target a web server user with crafted links and redirect the user's web browser to an arbitrary URL. This vulnerability is different from CVE-2020-1927. \n \n \n\n**CVE-2020-1927** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2020-1927](<https://nvd.nist.gov/vuln/detail/CVE-2020-1927>) \n \n**Impact:**\n\n| \n\nOpen redirection \n \n**Description:**\n\n| \n\nA flaw in the mod_rewrite module allows a remote attacker to target a web server user with crafted links and redirect the user's web browser to an arbitrary URL. This vulnerability is different from CVE-2019-10098. \n \n \n\n**CVE-2020-1934** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2020-1934](<https://nvd.nist.gov/vuln/detail/CVE-2020-1934>) \n \n**Impact:**\n\n| \n\nInformation disclosure \n \n**Description:**\n\n| \n\nA flaw in the mod_proxy_ftp module allows a remote attacker to connect through the web server to a malicious FTP server and obtain limited contents from the web server process' memory. The target web server must be configured to act as a proxy to a malicious FTP server. \n \n \n \n**References**\n\nApache 2.4 Security Vulnerabilities - <http://httpd.apache.org/security/vulnerabilities_24.html>\n\n**Revisions**\n\n2021-07-15 A fix for Security Analytics 7.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2021-04-26 PacketShaper (PS) S-Series and PolicyCenter (PC) S-Series are not vulnerable. \n2021-02-18 A fix for CA 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-12-09 A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-12 Content Analysis 3.1 is vulnerable. \n2020-06-18 initial public release\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2020-06-12T20:41:37", "type": "symantec", "title": "Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2018-17199", "CVE-2019-0190", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2022-01-10T20:21:15", "id": "SMNTC-16056", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2023-09-27T20:24:21", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 219 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2566015.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-01-22T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2019", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5180", "CVE-2015-9251", "CVE-2016-0729", "CVE-2016-1000031", "CVE-2016-4000", "CVE-2016-5425", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-16531", "CVE-2017-17558", "CVE-2017-5645", "CVE-2017-6056", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-0732", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000873", "CVE-2018-11784", "CVE-2018-11798", "CVE-2018-12384", "CVE-2018-12404", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-1320", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-16842", "CVE-2018-18065", "CVE-2018-18066", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-20685", "CVE-2018-2875", "CVE-2018-3300", "CVE-2018-7185", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8037", "CVE-2019-0188", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0227", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11068", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1559", "CVE-2019-1563", "CVE-2019-16335", "CVE-2019-17091", "CVE-2019-2734", "CVE-2019-2765", "CVE-2019-2872", "CVE-2019-2883", "CVE-2019-2884", "CVE-2019-2886", "CVE-2019-2887", "CVE-2019-2888", "CVE-2019-2889", "CVE-2019-2890", "CVE-2019-2891", "CVE-2019-2894", "CVE-2019-2895", "CVE-2019-2896", "CVE-2019-2897", "CVE-2019-2898", "CVE-2019-2899", "CVE-2019-2900", "CVE-2019-2901", "CVE-2019-2902", "CVE-2019-2903", "CVE-2019-2904", "CVE-2019-2905", "CVE-2019-2906", "CVE-2019-2907", "CVE-2019-2909", "CVE-2019-2910", "CVE-2019-2911", "CVE-2019-2913", "CVE-2019-2914", "CVE-2019-2915", "CVE-2019-2920", "CVE-2019-2922", "CVE-2019-2923", "CVE-2019-2924", "CVE-2019-2925", "CVE-2019-2926", "CVE-2019-2927", "CVE-2019-2929", "CVE-2019-2930", "CVE-2019-2931", "CVE-2019-2932", "CVE-2019-2933", "CVE-2019-2934", "CVE-2019-2935", "CVE-2019-2936", "CVE-2019-2937", "CVE-2019-2938", "CVE-2019-2939", "CVE-2019-2940", "CVE-2019-2941", "CVE-2019-2942", "CVE-2019-2943", "CVE-2019-2944", "CVE-2019-2945", "CVE-2019-2946", "CVE-2019-2947", "CVE-2019-2948", "CVE-2019-2949", "CVE-2019-2950", "CVE-2019-2951", "CVE-2019-2952", "CVE-2019-2953", "CVE-2019-2954", "CVE-2019-2955", "CVE-2019-2956", "CVE-2019-2957", "CVE-2019-2958", "CVE-2019-2959", "CVE-2019-2960", "CVE-2019-2961", "CVE-2019-2962", "CVE-2019-2963", "CVE-2019-2964", "CVE-2019-2965", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2969", "CVE-2019-2970", "CVE-2019-2971", "CVE-2019-2972", "CVE-2019-2973", "CVE-2019-2974", "CVE-2019-2975", "CVE-2019-2976", "CVE-2019-2977", "CVE-2019-2978", "CVE-2019-2979", "CVE-2019-2980", "CVE-2019-2981", "CVE-2019-2982", "CVE-2019-2983", "CVE-2019-2984", "CVE-2019-2985", "CVE-2019-2986", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2990", "CVE-2019-2991", "CVE-2019-2992", "CVE-2019-2993", "CVE-2019-2994", "CVE-2019-2995", "CVE-2019-2996", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-2999", "CVE-2019-3000", "CVE-2019-3001", "CVE-2019-3002", "CVE-2019-3003", "CVE-2019-3004", "CVE-2019-3005", "CVE-2019-3008", "CVE-2019-3009", "CVE-2019-3010", "CVE-2019-3011", "CVE-2019-3012", "CVE-2019-3014", "CVE-2019-3015", "CVE-2019-3017", "CVE-2019-3018", "CVE-2019-3019", "CVE-2019-3020", "CVE-2019-3021", "CVE-2019-3022", "CVE-2019-3023", "CVE-2019-3024", "CVE-2019-3025", "CVE-2019-3026", "CVE-2019-3027", "CVE-2019-3028", "CVE-2019-3031", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-6109", "CVE-2019-6111", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9517", "CVE-2019-9936", "CVE-2019-9937"], "modified": "2019-10-15T00:00:00", "id": "ORACLE:CPUOCT2019", "href": "https://www.oracle.com/security-alerts/cpuoct2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-21T12:16:05", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 319 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2559985.1>).\n\n** Please note that since the release of the April 2019 Critical Patch Update, Oracle has released two Security Alerts for Oracle WebLogic Server: CVE-2019-2725 (April 29, 2019) and CVE-2019-2729 (June 18, 2019). WebLogic Server customers are strongly advised to apply the fixes contained in this Critical Patch Update, which provides the fixes for the previously-released Alerts as well as additional fixes.**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-07-16T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2019", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0114", "CVE-2015-0226", "CVE-2015-0227", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2183", "CVE-2016-3473", "CVE-2016-5007", "CVE-2016-6306", "CVE-2016-6497", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2016-8735", "CVE-2016-9572", "CVE-2016-9878", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3164", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-5647", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-7525", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000180", "CVE-2018-1000301", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-16890", "CVE-2018-17189", "CVE-2018-17197", "CVE-2018-17199", "CVE-2018-17960", "CVE-2018-18311", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-2883", "CVE-2018-3111", "CVE-2018-3315", "CVE-2018-3316", "CVE-2018-5407", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8034", "CVE-2018-8039", "CVE-2018-9861", "CVE-2019-0190", "CVE-2019-0192", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0232", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12814", "CVE-2019-1543", "CVE-2019-1559", "CVE-2019-2484", "CVE-2019-2561", "CVE-2019-2569", "CVE-2019-2599", "CVE-2019-2666", "CVE-2019-2668", "CVE-2019-2672", "CVE-2019-2725", "CVE-2019-2727", "CVE-2019-2728", "CVE-2019-2729", "CVE-2019-2730", "CVE-2019-2731", "CVE-2019-2732", "CVE-2019-2733", "CVE-2019-2735", "CVE-2019-2736", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2742", "CVE-2019-2743", "CVE-2019-2744", "CVE-2019-2745", "CVE-2019-2746", "CVE-2019-2747", "CVE-2019-2748", "CVE-2019-2749", "CVE-2019-2750", "CVE-2019-2751", "CVE-2019-2752", "CVE-2019-2753", "CVE-2019-2754", "CVE-2019-2755", "CVE-2019-2756", "CVE-2019-2757", "CVE-2019-2758", "CVE-2019-2759", "CVE-2019-2760", "CVE-2019-2761", "CVE-2019-2762", "CVE-2019-2763", "CVE-2019-2764", "CVE-2019-2766", "CVE-2019-2767", "CVE-2019-2768", "CVE-2019-2769", "CVE-2019-2770", "CVE-2019-2771", "CVE-2019-2772", "CVE-2019-2773", "CVE-2019-2774", "CVE-2019-2775", "CVE-2019-2776", "CVE-2019-2777", "CVE-2019-2778", "CVE-2019-2779", "CVE-2019-2780", "CVE-2019-2781", "CVE-2019-2782", "CVE-2019-2783", "CVE-2019-2784", "CVE-2019-2785", "CVE-2019-2786", "CVE-2019-2787", "CVE-2019-2788", "CVE-2019-2789", "CVE-2019-2790", "CVE-2019-2791", "CVE-2019-2792", "CVE-2019-2793", "CVE-2019-2794", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2799", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2804", "CVE-2019-2805", "CVE-2019-2807", "CVE-2019-2808", "CVE-2019-2809", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2813", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2816", "CVE-2019-2817", "CVE-2019-2818", "CVE-2019-2819", "CVE-2019-2820", "CVE-2019-2821", "CVE-2019-2822", "CVE-2019-2823", "CVE-2019-2824", "CVE-2019-2825", "CVE-2019-2826", "CVE-2019-2827", "CVE-2019-2828", "CVE-2019-2829", "CVE-2019-2830", "CVE-2019-2831", "CVE-2019-2832", "CVE-2019-2833", "CVE-2019-2834", "CVE-2019-2835", "CVE-2019-2836", "CVE-2019-2837", "CVE-2019-2838", "CVE-2019-2839", "CVE-2019-2840", "CVE-2019-2841", "CVE-2019-2842", "CVE-2019-2843", "CVE-2019-2844", "CVE-2019-2845", "CVE-2019-2846", "CVE-2019-2847", "CVE-2019-2848", "CVE-2019-2850", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2854", "CVE-2019-2855", "CVE-2019-2856", "CVE-2019-2857", "CVE-2019-2858", "CVE-2019-2859", "CVE-2019-2860", "CVE-2019-2861", "CVE-2019-2862", "CVE-2019-2863", "CVE-2019-2864", "CVE-2019-2865", "CVE-2019-2866", "CVE-2019-2867", "CVE-2019-2868", "CVE-2019-2869", "CVE-2019-2870", "CVE-2019-2871", "CVE-2019-2873", "CVE-2019-2874", "CVE-2019-2875", "CVE-2019-2876", "CVE-2019-2877", "CVE-2019-2878", "CVE-2019-2879", "CVE-2019-3822", "CVE-2019-3823", "CVE-2019-5597", "CVE-2019-5598", "CVE-2019-6129", "CVE-2019-7317"], "modified": "2020-10-12T00:00:00", "id": "ORACLE:CPUJUL2019", "href": "https://www.oracle.com/security-alerts/cpujul2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-28T02:46:16", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 399 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2652714.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-04-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-7940", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-10244", "CVE-2016-10251", "CVE-2016-10328", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-4463", "CVE-2016-6306", "CVE-2016-6489", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-14735", "CVE-2017-15706", "CVE-2017-3160", "CVE-2017-5130", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5754", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-1165", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-11797", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1320", "CVE-2018-1336", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17197", "CVE-2018-18227", "CVE-2018-18311", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-19622", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-19625", "CVE-2018-19626", "CVE-2018-19627", "CVE-2018-19628", "CVE-2018-20346", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-20852", "CVE-2018-5407", "CVE-2018-5711", "CVE-2018-5712", "CVE-2018-6942", "CVE-2018-8014", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8036", "CVE-2018-8037", "CVE-2018-8039", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0221", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1010238", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12387", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12418", "CVE-2019-12419", "CVE-2019-12855", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14821", "CVE-2019-14889", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-15601", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17563", "CVE-2019-17571", "CVE-2019-18197", "CVE-2019-19242", "CVE-2019-19244", "CVE-2019-19269", "CVE-2019-19317", "CVE-2019-19553", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-20330", "CVE-2019-2412", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2756", "CVE-2019-2759", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2878", "CVE-2019-2880", "CVE-2019-2899", "CVE-2019-2904", "CVE-2019-3008", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9517", "CVE-2019-9579", "CVE-2020-2514", "CVE-2020-2522", "CVE-2020-2524", "CVE-2020-2553", "CVE-2020-2558", "CVE-2020-2575", "CVE-2020-2578", "CVE-2020-2594", "CVE-2020-2680", "CVE-2020-2706", "CVE-2020-2733", "CVE-2020-2734", "CVE-2020-2735", "CVE-2020-2737", "CVE-2020-2738", "CVE-2020-2739", "CVE-2020-2740", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2744", "CVE-2020-2745", "CVE-2020-2746", "CVE-2020-2747", "CVE-2020-2748", "CVE-2020-2749", "CVE-2020-2750", "CVE-2020-2751", "CVE-2020-2752", "CVE-2020-2753", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2758", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2764", "CVE-2020-2765", "CVE-2020-2766", "CVE-2020-2767", "CVE-2020-2768", "CVE-2020-2769", "CVE-2020-2770", "CVE-2020-2771", "CVE-2020-2772", "CVE-2020-2773", "CVE-2020-2774", "CVE-2020-2775", "CVE-2020-2776", "CVE-2020-2777", "CVE-2020-2778", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2781", "CVE-2020-2782", "CVE-2020-2783", "CVE-2020-2784", "CVE-2020-2785", "CVE-2020-2786", "CVE-2020-2787", "CVE-2020-2789", "CVE-2020-2790", "CVE-2020-2791", "CVE-2020-2793", "CVE-2020-2794", "CVE-2020-2795", "CVE-2020-2796", "CVE-2020-2797", "CVE-2020-2798", "CVE-2020-2799", "CVE-2020-2800", "CVE-2020-2801", "CVE-2020-2802", "CVE-2020-2803", "CVE-2020-2804", "CVE-2020-2805", "CVE-2020-2806", "CVE-2020-2807", "CVE-2020-2808", "CVE-2020-2809", "CVE-2020-2810", "CVE-2020-2811", "CVE-2020-2812", "CVE-2020-2813", "CVE-2020-2814", "CVE-2020-2815", "CVE-2020-2816", "CVE-2020-2817", "CVE-2020-2818", "CVE-2020-2819", "CVE-2020-2820", "CVE-2020-2821", "CVE-2020-2822", "CVE-2020-2823", "CVE-2020-2824", "CVE-2020-2825", "CVE-2020-2826", "CVE-2020-2827", "CVE-2020-2828", "CVE-2020-2829", "CVE-2020-2830", "CVE-2020-2831", "CVE-2020-2832", "CVE-2020-2833", "CVE-2020-2834", "CVE-2020-2835", "CVE-2020-2836", "CVE-2020-2837", "CVE-2020-2838", "CVE-2020-2839", "CVE-2020-2840", "CVE-2020-2841", "CVE-2020-2842", "CVE-2020-2843", "CVE-2020-2844", "CVE-2020-2845", "CVE-2020-2846", "CVE-2020-2847", "CVE-2020-2848", "CVE-2020-2849", "CVE-2020-2850", "CVE-2020-2851", "CVE-2020-2852", "CVE-2020-2853", "CVE-2020-2854", "CVE-2020-2855", "CVE-2020-2856", "CVE-2020-2857", "CVE-2020-2858", "CVE-2020-2859", "CVE-2020-2860", "CVE-2020-2861", "CVE-2020-2862", "CVE-2020-2863", "CVE-2020-2864", "CVE-2020-2865", "CVE-2020-2866", "CVE-2020-2867", "CVE-2020-2868", "CVE-2020-2869", "CVE-2020-2870", "CVE-2020-2871", "CVE-2020-2872", "CVE-2020-2873", "CVE-2020-2874", "CVE-2020-2875", "CVE-2020-2876", "CVE-2020-2877", "CVE-2020-2878", "CVE-2020-2879", "CVE-2020-2880", "CVE-2020-2881", "CVE-2020-2882", "CVE-2020-2883", "CVE-2020-2884", "CVE-2020-2885", "CVE-2020-2886", "CVE-2020-2887", "CVE-2020-2888", "CVE-2020-2889", "CVE-2020-2890", "CVE-2020-2891", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2894", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2899", "CVE-2020-2900", "CVE-2020-2901", "CVE-2020-2902", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2905", "CVE-2020-2906", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2912", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2915", "CVE-2020-2920", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2927", "CVE-2020-2928", "CVE-2020-2929", "CVE-2020-2930", "CVE-2020-2931", "CVE-2020-2932", "CVE-2020-2933", "CVE-2020-2934", "CVE-2020-2935", "CVE-2020-2936", "CVE-2020-2937", "CVE-2020-2938", "CVE-2020-2939", "CVE-2020-2940", "CVE-2020-2941", "CVE-2020-2942", "CVE-2020-2943", "CVE-2020-2944", "CVE-2020-2945", "CVE-2020-2946", "CVE-2020-2947", "CVE-2020-2949", "CVE-2020-2950", "CVE-2020-2951", "CVE-2020-2952", "CVE-2020-2953", "CVE-2020-2954", "CVE-2020-2955", "CVE-2020-2956", "CVE-2020-2958", "CVE-2020-2959", "CVE-2020-2961", "CVE-2020-2963", "CVE-2020-2964", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-7044", "CVE-2020-8840"], "modified": "2020-07-20T00:00:00", "id": "ORACLE:CPUAPR2020", "href": "https://www.oracle.com/security-alerts/cpuapr2020.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2019-0197
