DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2022-22720", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-22720", "description": "This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "published": "2023-09-09T11:36:26", "modified": "2023-09-09T11:36:26", "epss": [], "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "candidate", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2023-09-09T11:36:26", "viewCount": 4330, "enchantments": {"backreferences": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-22720"]}, {"type": "freebsd", "idList": ["6601C08D-A46C-11EC-8BE6-D4C9EF517024"]}, {"type": "httpd", "idList": ["HTTPD:C072933AA965A86DA3E2C9172FFC1569"]}, {"type": "nessus", "idList": ["APACHE_2_4_53.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-22720"]}, {"type": "slackware", "idList": ["SSA-2022-073-01"]}]}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:1049"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-22720"]}, {"type": "altlinux", "idList": ["6A171AADF701CDBC64AEF0AC3686A12A", "C6F0755DEC8B215198E848115574C670"]}, {"type": "amazon", "idList": ["ALAS-2022-1584", "ALAS2-2022-1783"]}, {"type": "apple", "idList": ["APPLE:63CA0F4232480C58A7826938831F5D5B", "APPLE:9A4969F10DDA950938D09FB74CC40FF8", "APPLE:E82A2A3D978FD519CBF58A36F587B070"]}, {"type": "centos", "idList": ["CESA-2022:1045"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1648136177"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2960-1:2BD3E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-22720"]}, {"type": "f5", "idList": ["F5:K67090077"]}, {"type": "fedora", "idList": ["FEDORA:495F130B9B1C", "FEDORA:71CB730B3C94", "FEDORA:9BA73312EC38"]}, {"type": "freebsd", "idList": ["6601C08D-A46C-11EC-8BE6-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-202208-20"]}, {"type": "httpd", "idList": ["HTTPD:C072933AA965A86DA3E2C9172FFC1569"]}, {"type": "ibm", "idList": ["2A83B3B6C8F86D2832BAF4B218796934EA8A574FC6B9DC5AF80AD714A86A00BE", "61576C38D67F4C2AE3402398226DBE2A75A936DBD3C76DE52E71371EE31E9787", "67101C01C0A86209D9921850042EAF57B3DF03011AF513E21EC5D8AC221178BB", "7147B72B0537A00393FB808533C114E94C4EC044FE8F06504C604464F1FBA696", "724A5424620D59DD613442B81EA46C9D7AC2EF90FEA8E8B3577A6A5325EA50FA", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7FB7DE7BCA20AAE98D0E08ED3EAD9B6388EC52D2E009E95DFF107618AFFFA6BC", "822E1A1C2A729D1391289F16CEBC1B291F0AAFF917670750096C9FC6C25ED3C4", "89AB891C06E01DF4FE4174C9FB0586E8DE80BF8D31E72EB2EB1B4EAD67600F30", "96080ECFBE42CEF2D63B1341838131BE1CCC2B5F08130E2F678CCDCE13FAE376", "B1362A566E4630B377193CF3223367B861D83B9A967370881C2169A6D009F0F5", "BBD4E1F91F30930B076422CB14681BE320827F41F5F6DF095FADE31945995812", "D288D5ADF67DE9C3743BE8316D7F496F7CA64A396C1E8E9019178232D17AF15D", "D4738966309F02D024D49980ED274C4BC5E10C4678D32CA5CEEBC4FCD68CEEE5", "D4E8B3D5A598938D39607B0ACD41589F4C775C0E97E425D251BA6FBD21083849", "DD6273CC27D41DD4131BB087201CE6DB714476DEADC754F0E6CBE0F838D02085", "EA3EEE268E5415412D9A6A66BCC38B1F333B86D0471F632041E1C2D0F0EB6B51", "EAC404329213DF471FF757B7F009DD8A087FC2C57793182718799AB73514DB48", "EE481604503D792E94470946F5FFEAF3C5EEA645FEE27DF2E749C3EBAA476D91", "FB3F70E70F0C903BDF5EDC7C819CEED7E5FAEA29EABA59C2EB291E177063EB61"]}, {"type": "ics", "idList": ["ICSA-22-132-02"]}, {"type": "kaspersky", "idList": ["KLA12485"]}, {"type": "mageia", "idList": ["MGASA-2022-0105"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-053.NASL", "AL2022_ALAS2022-2022-202.NASL", "AL2023_ALAS2023-2023-072.NASL", "AL2_ALAS-2022-1783.NASL", "ALA_ALAS-2022-1584.NASL", "APACHE_2_4_53.NASL", "CENTOS8_RHSA-2022-1049.NASL", "CENTOS_RHSA-2022-1045.NASL", "DEBIAN_DLA-2960.NASL", "EULEROS_SA-2022-1569.NASL", "EULEROS_SA-2022-1730.NASL", "EULEROS_SA-2022-1790.NASL", "EULEROS_SA-2022-1807.NASL", "EULEROS_SA-2022-1843.NASL", "EULEROS_SA-2022-1867.NASL", "EULEROS_SA-2022-1893.NASL", "EULEROS_SA-2022-2025.NASL", "EULEROS_SA-2022-2053.NASL", "EULEROS_SA-2022-2180.NASL", "EULEROS_SA-2022-2199.NASL", "EULEROS_SA-2022-2506.NASL", "EULEROS_SA-2022-2564.NASL", "EULEROS_SA-2023-1260.NASL", "EULEROS_SA-2023-1737.NASL", "F5_BIGIP_SOL67090077.NASL", "FREEBSD_PKG_6601C08DA46C11EC8BE6D4C9EF517024.NASL", "GENTOO_GLSA-202208-20.NASL", "MACOS_HT213255.NASL", "MACOS_HT213256.NASL", "MACOS_HT213257.NASL", "NEWSTART_CGSL_NS-SA-2022-0076_HTTPD.NASL", "NEWSTART_CGSL_NS-SA-2023-0011_HTTPD.NASL", "NEWSTART_CGSL_NS-SA-2023-1001_HTTPD.NASL", "NUTANIX_NXSA-AOS-5_20_3_6.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-5_20_5.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "NUTANIX_NXSA-AOS-6_6.NASL", "OPENSUSE-2022-1031-1.NASL", "ORACLELINUX_ELSA-2022-1045.NASL", "ORACLELINUX_ELSA-2022-1049.NASL", "ORACLELINUX_ELSA-2022-9257.NASL", "REDHAT-RHSA-2022-1045.NASL", "REDHAT-RHSA-2022-1049.NASL", "REDHAT-RHSA-2022-1072.NASL", "REDHAT-RHSA-2022-1075.NASL", "REDHAT-RHSA-2022-1080.NASL", "REDHAT-RHSA-2022-1102.NASL", "REDHAT-RHSA-2022-1136.NASL", "REDHAT-RHSA-2022-1137.NASL", "REDHAT-RHSA-2022-1138.NASL", "REDHAT-RHSA-2022-1139.NASL", "REDHAT-RHSA-2022-1173.NASL", "REDHAT-RHSA-2022-1389.NASL", "SLACKWARE_SSA_2022-073-01.NASL", "SUSE_SU-2022-0918-1.NASL", "SUSE_SU-2022-0928-1.NASL", "SUSE_SU-2022-0929-1.NASL", "SUSE_SU-2022-1031-1.NASL", "SUSE_SU-2022-14924-1.NASL", "UBUNTU_USN-5333-1.NASL", "UBUNTU_USN-5333-2.NASL", "WEB_APPLICATION_SCANNING_113194"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-1045", "ELSA-2022-1049", "ELSA-2022-9257"]}, {"type": "osv", "idList": ["OSV:CVE-2022-22720"]}, {"type": "photon", "idList": ["PHSA-2022-0166", "PHSA-2022-0375", "PHSA-2022-0455", "PHSA-2022-3.0-0375", "PHSA-2022-4.0-0166"]}, {"type": "prion", "idList": ["PRION:CVE-2022-22720"]}, {"type": "redhat", "idList": ["RHSA-2022:1045", "RHSA-2022:1049", "RHSA-2022:1072", "RHSA-2022:1075", "RHSA-2022:1080", "RHSA-2022:1102", "RHSA-2022:1136", "RHSA-2022:1137", "RHSA-2022:1138", "RHSA-2022:1139", "RHSA-2022:1173", "RHSA-2022:1389", "RHSA-2022:1390"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-22720"]}, {"type": "redos", "idList": ["ROS-20220317-01"]}, {"type": "rocky", "idList": ["RLSA-2022:1049"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2023-2158", "ROSA-SA-2023-2160"]}, {"type": "slackware", "idList": ["SSA-2022-073-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:1031-1"]}, {"type": "thn", "idList": ["THN:8198C407B889F0B459BC5B078A2D620C"]}, {"type": "ubuntu", "idList": ["USN-5333-1", "USN-5333-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-22720"]}, {"type": "veracode", "idList": ["VERACODE:34692"]}]}, "score": {"value": 9.1, "vector": "NONE"}, "twitter": {"counter": 5, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1526302287878037505", "text": " NEW: CVE-2022-22720 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Severity: CRITICAL https://t.co/jyYb0Ok9Dr", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1526468376587026432", "text": " NEW: CVE-2022-22720 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Severity: CRITICAL https://t.co/jyYb0Ok9Dr", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}, {"link": "https://twitter.com/micsieg/status/1536503797618561030", "text": "Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request smuggling and a buffer overflow (CVE-2022-22720, CVE-2022-22721)", "author": "micsieg", "author_photo": "https://pbs.twimg.com/profile_images/941241322064830465/bbH-XJ4h_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1577481745288544256", "text": " NEW: CVE-2022-22720 Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Severity: CRITICAL https://t.co/jyYb0Ok9Dr", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}]}, "affected_software": {"major_version": [{"name": "apache http server", "version": 2}, {"name": "fedoraproject fedora", "version": 34}, {"name": "fedoraproject fedora", "version": 35}, {"name": "fedoraproject fedora", "version": 36}, {"name": "debian debian linux", "version": 9}, {"name": "oracle http server", "version": 12}, {"name": "oracle http server", "version": 12}, {"name": "oracle enterprise manager ops center", "version": 12}, {"name": "oracle zfs storage appliance kit", "version": 8}, {"name": "apple macos", "version": 10}, {"name": "apple mac os x", "version": 10}, {"name": "apple macos", "version": 11}, {"name": "apple macos", "version": 12}]}, "epss": [{"cve": "CVE-2022-22720", "epss": 0.00309, "percentile": 0.65514, "modified": "2023-05-02"}], "vulnersScore": 9.1}, "_state": {"dependencies": 1694259452, "score": 1694259527, "twitter": 0, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "057118c645f6850ae96611bffc121c74"}, "cna_cvss": {}, "cpe": [], "cpe23": [], "cwe": [], "affectedSoftware": [], "affectedConfiguration": [], "cpeConfiguration": {}, "extraReferences": [], "product_info": [], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [], "exploits": [], "assigned": null}

{"nessus": [{"lastseen": "2023-05-18T14:43:35", "description": "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1173 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-04T00:00:00", "type": "nessus", "title": "RHEL 6 : httpd (RHSA-2022:1173)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_els:6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1173.NASL", "href": "https://www.tenable.com/plugins/nessus/159489", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1173. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159489);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1173\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 6 : httpd (RHSA-2022:1173)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:1173 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_els:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/6/6Client/i386/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/debug',\n 'content/dist/rhel/client/6/6Client/i386/optional/os',\n 'content/dist/rhel/client/6/6Client/i386/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/os',\n 'content/dist/rhel/client/6/6Client/i386/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/os',\n 'content/dist/rhel/client/6/6Client/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/os',\n 'content/dist/rhel/client/6/6Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/6/6Client/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/os',\n 'content/dist/rhel/client/6/6Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/6/6Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/os',\n 'content/dist/rhel/server/6/6Server/i386/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/i386/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/optional/debug',\n 'content/dist/rhel/server/6/6Server/i386/optional/os',\n 'content/dist/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/i386/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/os',\n 'content/dist/rhel/server/6/6Server/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/6/6Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/os',\n 'content/dist/rhel/server/6/6Server/x86_64/hpn/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/os',\n 'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/os',\n 'content/dist/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/6/6Server/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/os',\n 'content/dist/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/6/6Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/6/6Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/oracle-java-rm/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/scalablefilesystem/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/debug',\n 'content/els/rhel/server/6/6Server/i386/optional/os',\n 'content/els/rhel/server/6/6Server/i386/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/i386/os',\n 'content/els/rhel/server/6/6Server/i386/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/debug',\n 'content/els/rhel/server/6/6Server/x86_64/optional/os',\n 'content/els/rhel/server/6/6Server/x86_64/optional/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap-hana/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/sap/debug',\n 'content/els/rhel/server/6/6Server/x86_64/sap/os',\n 'content/els/rhel/server/6/6Server/x86_64/sap/source/SRPMS',\n 'content/els/rhel/server/6/6Server/x86_64/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/os',\n 'content/els/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/debug',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/os',\n 'content/els/rhel/system-z/6/6Server/s390x/sap/source/SRPMS',\n 'content/els/rhel/system-z/6/6Server/s390x/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/debug',\n 'content/fastrack/rhel/client/6/i386/optional/debug',\n 'content/fastrack/rhel/client/6/i386/optional/os',\n 'content/fastrack/rhel/client/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/i386/os',\n 'content/fastrack/rhel/client/6/i386/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/debug',\n 'content/fastrack/rhel/client/6/x86_64/optional/os',\n 'content/fastrack/rhel/client/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/6/x86_64/os',\n 'content/fastrack/rhel/client/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/os',\n 'content/fastrack/rhel/computenode/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/computenode/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/computenode/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/debug',\n 'content/fastrack/rhel/server/6/i386/highavailability/os',\n 'content/fastrack/rhel/server/6/i386/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/os',\n 'content/fastrack/rhel/server/6/i386/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/optional/debug',\n 'content/fastrack/rhel/server/6/i386/optional/os',\n 'content/fastrack/rhel/server/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/os',\n 'content/fastrack/rhel/server/6/i386/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/i386/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/6/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/hpn/debug',\n 'content/fastrack/rhel/server/6/x86_64/hpn/os',\n 'content/fastrack/rhel/server/6/x86_64/hpn/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/debug',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/os',\n 'content/fastrack/rhel/server/6/x86_64/loadbalancer/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/optional/debug',\n 'content/fastrack/rhel/server/6/x86_64/optional/os',\n 'content/fastrack/rhel/server/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/6/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/server/6/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/6/s390x/optional/os',\n 'content/fastrack/rhel/system-z/6/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/6/s390x/os',\n 'content/fastrack/rhel/system-z/6/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/debug',\n 'content/fastrack/rhel/workstation/6/i386/optional/os',\n 'content/fastrack/rhel/workstation/6/i386/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/i386/os',\n 'content/fastrack/rhel/workstation/6/i386/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/6/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/debug',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/os',\n 'content/fastrack/rhel/workstation/6/x86_64/scalablefilesystem/source/SRPMS',\n 'content/fastrack/rhel/workstation/6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.2.15-70.el6_10', 'cpu':'i686', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.2.15-70.el6_10', 'cpu':'s390x', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.2.15-70.el6_10', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.2.15-70.el6_10', 'cpu':'i686', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.2.15-70.el6_10', 'cpu':'s390', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.2.15-70.el6_10', 'cpu':'s390x', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.2.15-70.el6_10', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.2.15-70.el6_10', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.2.15-70.el6_10', 'cpu':'i686', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.2.15-70.el6_10', 'cpu':'s390x', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.2.15-70.el6_10', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.2.15-70.el6_10', 'cpu':'i686', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.2.15-70.el6_10', 'cpu':'s390x', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.2.15-70.el6_10', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_10', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:32", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:1049 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-25T00:00:00", "type": "nessus", "title": "CentOS 8 : httpd:2.4 (CESA-2022:1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2022-06-13T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-filesystem", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_http2", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_md", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl"], "id": "CENTOS8_RHSA-2022-1049.NASL", "href": "https://www.tenable.com/plugins/nessus/159220", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:1049. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159220);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1049\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"CentOS 8 : httpd:2.4 (CESA-2022:1049)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2022:1049 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1049\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'httpd-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module_el8.4.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:28", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1049 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-24T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : httpd:2.4 (ELSA-2022-1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2022-06-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-filesystem", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_http2", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_md", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl"], "id": "ORACLELINUX_ELSA-2022-1049.NASL", "href": "https://www.tenable.com/plugins/nessus/159212", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-1049.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159212);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"Oracle Linux 8 : httpd:2.4 (ELSA-2022-1049)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-1049 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-1049.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar appstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:39:56", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1102 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-01T00:00:00", "type": "nessus", "title": "RHEL 8 : httpd:2.4 (RHSA-2022:1102)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-filesystem", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_http2", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_md", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1102.NASL", "href": "https://www.tenable.com/plugins/nessus/159390", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1102. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159390);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1102\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 8 : httpd:2.4 (RHSA-2022:1102)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:1102 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'httpd:2.4': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-21.module+el8.2.0+14532+bd4c0f23.4', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-21.module+el8.2.0+14532+bd4c0f23.4', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-21.module+el8.2.0+14532+bd4c0f23.4', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-21.module+el8.2.0+14532+bd4c0f23.4', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-21.module+el8.2.0+14532+bd4c0f23.4', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-21.module+el8.2.0+14532+bd4c0f23.4', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-21.module+el8.2.0+14532+bd4c0f23.4', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-21.module+el8.2.0+14532+bd4c0f23.4', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-21.module+el8.2.0+14532+bd4c0f23.4', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:13", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:1045 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-29T00:00:00", "type": "nessus", "title": "CentOS 7 : httpd (CESA-2022:1045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2022-06-13T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2022-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/159316", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1045 and\n# CentOS Errata and Security Advisory 2022:1045 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159316);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1045\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"CentOS 7 : httpd (CESA-2022:1045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2022:1045 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2022-March/073576.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?031d98cd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/444.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'httpd-2.4.6-97.el7.centos.5', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7.centos.5', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-97.el7.centos.5', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7.centos.5', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7.centos.5', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-97.el7.centos.5', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.el7.centos.5', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-97.el7.centos.5', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:37:56", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1072 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-29T00:00:00", "type": "nessus", "title": "RHEL 8 : httpd:2.4 (RHSA-2022:1072)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-filesystem", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_http2", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_md", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1072.NASL", "href": "https://www.tenable.com/plugins/nessus/159287", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1072. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159287);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1072\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 8 : httpd:2.4 (RHSA-2022:1072)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:1072 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'httpd:2.4': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-39.module+el8.4.0+14531+e1b94dfe.4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-39.module+el8.4.0+14531+e1b94dfe.4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-39.module+el8.4.0+14531+e1b94dfe.4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-39.module+el8.4.0+14531+e1b94dfe.4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-39.module+el8.4.0+14531+e1b94dfe.4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-39.module+el8.4.0+14531+e1b94dfe.4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-39.module+el8.4.0+14531+e1b94dfe.4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-39.module+el8.4.0+14531+e1b94dfe.4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-39.module+el8.4.0+14531+e1b94dfe.4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T20:31:51", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by a vulnerability:\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-14T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Vulnerability (NS-SA-2022-0076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2022-11-14T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:httpd", "p-cpe:/a:zte:cgsl_core:httpd-debuginfo", "p-cpe:/a:zte:cgsl_core:httpd-devel", "p-cpe:/a:zte:cgsl_core:httpd-manual", "p-cpe:/a:zte:cgsl_core:httpd-tools", "p-cpe:/a:zte:cgsl_core:mod_ldap", "p-cpe:/a:zte:cgsl_core:mod_proxy_html", "p-cpe:/a:zte:cgsl_core:mod_session", "p-cpe:/a:zte:cgsl_core:mod_ssl", "p-cpe:/a:zte:cgsl_main:httpd", "p-cpe:/a:zte:cgsl_main:httpd-debuginfo", "p-cpe:/a:zte:cgsl_main:httpd-devel", "p-cpe:/a:zte:cgsl_main:httpd-manual", "p-cpe:/a:zte:cgsl_main:httpd-tools", "p-cpe:/a:zte:cgsl_main:mod_ldap", "p-cpe:/a:zte:cgsl_main:mod_proxy_html", "p-cpe:/a:zte:cgsl_main:mod_session", "p-cpe:/a:zte:cgsl_main:mod_ssl", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0076_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/167454", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0076. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167454);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/14\");\n\n script_cve_id(\"CVE-2022-22720\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Vulnerability (NS-SA-2022-0076)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by\na vulnerability:\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0076\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2022-22720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar os_release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(os_release) || os_release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (os_release !~ \"CGSL CORE 5.04\" &&\n os_release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'httpd-2.4.6-97.el7_9.5',\n 'httpd-debuginfo-2.4.6-97.el7_9.5',\n 'httpd-devel-2.4.6-97.el7_9.5',\n 'httpd-manual-2.4.6-97.el7_9.5',\n 'httpd-tools-2.4.6-97.el7_9.5',\n 'mod_ldap-2.4.6-97.el7_9.5',\n 'mod_proxy_html-2.4.6-97.el7_9.5',\n 'mod_session-2.4.6-97.el7_9.5',\n 'mod_ssl-2.4.6-97.el7_9.5'\n ],\n 'CGSL MAIN 5.04': [\n 'httpd-2.4.6-97.el7_9.5',\n 'httpd-debuginfo-2.4.6-97.el7_9.5',\n 'httpd-devel-2.4.6-97.el7_9.5',\n 'httpd-manual-2.4.6-97.el7_9.5',\n 'httpd-tools-2.4.6-97.el7_9.5',\n 'mod_ldap-2.4.6-97.el7_9.5',\n 'mod_proxy_html-2.4.6-97.el7_9.5',\n 'mod_session-2.4.6-97.el7_9.5',\n 'mod_ssl-2.4.6-97.el7_9.5'\n ]\n};\nvar pkg_list = pkgs[os_release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T15:00:21", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1045 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-24T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:1045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/159210", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1045. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159210);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1045\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:1045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:1045 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-97.el7_9.5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.6-97.el7_9.5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.6-97.el7_9.5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.6-97.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7_9.5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7_9.5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7_9.5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-97.el7_9.5', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7_9.5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7_9.5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7_9.5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7_9.5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7_9.5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7_9.5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-97.el7_9.5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.6-97.el7_9.5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.6-97.el7_9.5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.6-97.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-97.el7_9.5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.el7_9.5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.el7_9.5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-97.el7_9.5', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.6-97.el7_9.5', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.6-97.el7_9.5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.6-97.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:37:57", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1049 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-25T00:00:00", "type": "nessus", "title": "RHEL 8 : httpd:2.4 (RHSA-2022:1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-filesystem", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_http2", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_md", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1049.NASL", "href": "https://www.tenable.com/plugins/nessus/159226", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1049. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159226);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1049\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 8 : httpd:2.4 (RHSA-2022:1049)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:1049 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'httpd:2.4': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-43.module+el8.5.0+14530+6f259f31.3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:38:21", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1075 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-29T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd24-httpd (RHSA-2022:1075)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ssl"], "id": "REDHAT-RHSA-2022-1075.NASL", "href": "https://www.tenable.com/plugins/nessus/159298", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1075. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159298);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1075\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd24-httpd (RHSA-2022:1075)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:1075 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd24-httpd-2.4.34-23.el7.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-2.4.34-23.el7.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-2.4.34-23.el7.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-devel-2.4.34-23.el7.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-devel-2.4.34-23.el7.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-devel-2.4.34-23.el7.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-manual-2.4.34-23.el7.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-tools-2.4.34-23.el7.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-tools-2.4.34-23.el7.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-tools-2.4.34-23.el7.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_ldap-2.4.34-23.el7.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_ldap-2.4.34-23.el7.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_ldap-2.4.34-23.el7.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_proxy_html-2.4.34-23.el7.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_proxy_html-2.4.34-23.el7.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_proxy_html-2.4.34-23.el7.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_session-2.4.34-23.el7.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_session-2.4.34-23.el7.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_session-2.4.34-23.el7.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_ssl-2.4.34-23.el7.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_ssl-2.4.34-23.el7.2', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_ssl-2.4.34-23.el7.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd24-httpd / httpd24-httpd-devel / httpd24-httpd-manual / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-18T16:17:49", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K67090077 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-14T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Apache HTTP Server vulnerability (K67090077)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2023-08-18T00:00:00", "cpe": ["cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL67090077.NASL", "href": "https://www.tenable.com/plugins/nessus/161197", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K67090077.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161197);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/18\");\n\n script_cve_id(\"CVE-2022-22720\");\n\n script_name(english:\"F5 Networks BIG-IP : Apache HTTP Server vulnerability (K67090077)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by\na vulnerability as referenced in the K67090077 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://my.f5.com/manage/s/article/K67090077\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K67090077.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/14\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvar sol = 'K67090077';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.8','14.1.0-14.1.5','13.1.0-13.1.5','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '16.1.4','15.1.9'\n ],\n },\n 'APM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.8','14.1.0-14.1.5','13.1.0-13.1.5','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '16.1.4','15.1.9'\n ],\n },\n 'ASM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.8','14.1.0-14.1.5','13.1.0-13.1.5','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '16.1.4','15.1.9'\n ],\n },\n 'DNS': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.8','14.1.0-14.1.5','13.1.0-13.1.5','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '16.1.4','15.1.9'\n ],\n },\n 'GTM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.8','14.1.0-14.1.5','13.1.0-13.1.5','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '16.1.4','15.1.9'\n ],\n },\n 'LTM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.8','14.1.0-14.1.5','13.1.0-13.1.5','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '16.1.4','15.1.9'\n ],\n },\n 'PEM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.8','14.1.0-14.1.5','13.1.0-13.1.5','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '16.1.4','15.1.9'\n ],\n },\n 'PSM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.8','14.1.0-14.1.5','13.1.0-13.1.5','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '16.1.4','15.1.9'\n ],\n },\n 'WOM': {\n 'affected': [\n '17.0.0-17.1.0','16.1.0-16.1.3','15.1.0-15.1.8','14.1.0-14.1.5','13.1.0-13.1.5','12.1.0-12.1.6','11.6.1-11.6.5'\n ],\n 'unaffected': [\n '16.1.4','15.1.9'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:40", "description": "The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9257 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-31T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : httpd (ELSA-2022-9257)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2022-06-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ssl"], "id": "ORACLELINUX_ELSA-2022-9257.NASL", "href": "https://www.tenable.com/plugins/nessus/159382", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9257.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159382);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"Oracle Linux 6 : httpd (ELSA-2022-9257)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9257 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9257.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'httpd-2.2.15-69.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.2.15-69.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.2.15-69.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.2.15-69.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.2.15-69.0.3.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.2.15-69.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.2.15-69.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.2.15-69.0.3.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.2.15-69.0.3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:50:13", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1045 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : httpd (ELSA-2022-1045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2022-06-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl"], "id": "ORACLELINUX_ELSA-2022-1045.NASL", "href": "https://www.tenable.com/plugins/nessus/159209", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-1045.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159209);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"Oracle Linux 7 : httpd (ELSA-2022-1045)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-1045 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-1045.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'httpd-2.4.6-97.0.5.el7_9.5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.6-97.0.5.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.0.5.el7_9.5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.0.5.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-97.0.5.el7_9.5', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.0.5.el7_9.5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.0.5.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.0.5.el7_9.5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.0.5.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-97.0.5.el7_9.5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.6-97.0.5.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-97.0.5.el7_9.5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.0.5.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-97.0.5.el7_9.5', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.6-97.0.5.el7_9.5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:38:20", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1080 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-29T00:00:00", "type": "nessus", "title": "RHEL 8 : httpd:2.4 (RHSA-2022:1080)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-filesystem", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_http2", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_md", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1080.NASL", "href": "https://www.tenable.com/plugins/nessus/159297", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1080. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159297);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1080\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 8 : httpd:2.4 (RHSA-2022:1080)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:1080 advisory.\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(444);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'httpd:2.4': [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-16.module+el8.1.0+14533+ac5a4716.4', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:14", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1139 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-02T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:1139)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-04-03T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.3", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1139.NASL", "href": "https://www.tenable.com/plugins/nessus/159470", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1139. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159470);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/03\");\n\n script_cve_id(\"CVE-2021-44790\", \"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1139\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:1139)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1139 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 444, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.3')) audit(AUDIT_OS_NOT, 'Red Hat 7.3', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.3/x86_64/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.3/x86_64/os',\n 'content/aus/rhel/server/7/7.3/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-45.el7_3.8', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:13", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1137 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-02T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:1137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-04-03T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1137.NASL", "href": "https://www.tenable.com/plugins/nessus/159467", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1137. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159467);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/03\");\n\n script_cve_id(\"CVE-2021-44790\", \"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1137\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:1137)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1137 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 444, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-90.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:06", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1136 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-02T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:1136)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-04-03T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1136.NASL", "href": "https://www.tenable.com/plugins/nessus/159468", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1136. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159468);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/03\");\n\n script_cve_id(\"CVE-2021-44790\", \"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1136\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:1136)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1136 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 444, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-89.el7_6.4', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:41:00", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14924-1 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-22T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : apache2 (SUSE-SU-2022:14924-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22720", "CVE-2022-22721"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2022-14924-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159135", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:14924-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159135);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2022-22720\", \"CVE-2022-22721\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:14924-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : apache2 (SUSE-SU-2022:14924-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:14924-1 advisory.\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22721\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010491.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c6757a68\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-2.2.34-70.41.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'apache2-doc-2.2.34-70.41.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'apache2-example-pages-2.2.34-70.41.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'apache2-prefork-2.2.34-70.41.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'apache2-utils-2.2.34-70.41.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'apache2-worker-2.2.34-70.41.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-11.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-doc / apache2-example-pages / apache2-prefork / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:34", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1138 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-02T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:1138)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-04-03T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1138.NASL", "href": "https://www.tenable.com/plugins/nessus/159469", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1138. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159469);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/03\");\n\n script_cve_id(\"CVE-2021-44790\", \"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1138\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:1138)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1138 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 444, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-67.el7_4.9', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:27", "description": "The version of httpd installed on the remote host is prior to 2.4.53. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-073-01 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-15T00:00:00", "type": "nessus", "title": "Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2022-073-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-13T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:15.0"], "id": "SLACKWARE_SSA_2022-073-01.NASL", "href": "https://www.tenable.com/plugins/nessus/158921", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Slackware Security Advisory SSA:2022-073-01. The text\n# itself is copyright (C) Slackware Linux, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158921);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2022-073-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware Linux host is missing a security update to httpd.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of httpd installed on the remote host is prior to 2.4.53. It is, therefore, affected by multiple\nvulnerabilities as referenced in the SSA:2022-073-01 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:15.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\nvar flag = 0;\nvar constraints = [\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.0', 'service_pack' : '1_slack14.0', 'arch' : 'i486' },\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.0', 'service_pack' : '1_slack14.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.1', 'service_pack' : '1_slack14.1', 'arch' : 'i486' },\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.1', 'service_pack' : '1_slack14.1', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.2', 'service_pack' : '1_slack14.2', 'arch' : 'i586' },\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.2', 'service_pack' : '1_slack14.2', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'i586' },\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '2.4.53', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' }\n];\n\nforeach constraint (constraints) {\n var pkg_arch = constraint['arch'];\n var arch = NULL;\n if (pkg_arch == \"x86_64\") {\n arch = pkg_arch;\n }\n if (slackware_check(osver:constraint['os_version'],\n arch:arch,\n pkgname:constraint['product'],\n pkgver:constraint['fixed_version'],\n pkgarch:pkg_arch,\n pkgnum:constraint['service_pack'])) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : slackware_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:30:50", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-06-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1843)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1843.NASL", "href": "https://www.tenable.com/plugins/nessus/162253", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162253);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/15\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1843)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1843\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8afe0b0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-24.h13.eulerosv2r9\",\n \"httpd-filesystem-2.4.34-24.h13.eulerosv2r9\",\n \"httpd-tools-2.4.34-24.h13.eulerosv2r9\",\n \"mod_ssl-2.4.34-24.h13.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:51:03", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5333-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-17T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 21.10 : Apache HTTP Server vulnerabilities (USN-5333-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-07-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "p-cpe:/a:canonical:ubuntu_linux:apache2-data", "p-cpe:/a:canonical:ubuntu_linux:apache2-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-ssl-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-md", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-uwsgi"], "id": "UBUNTU_USN-5333-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159024", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5333-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159024);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"USN\", value:\"5333-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 21.10 : Apache HTTP Server vulnerabilities (USN-5333-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5333-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5333-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-ssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-uwsgi\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release || '21.10' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 21.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'apache2', 'pkgver': '2.4.29-1ubuntu4.22'},\n {'osver': '18.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.29-1ubuntu4.22'},\n {'osver': '18.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.29-1ubuntu4.22'},\n {'osver': '18.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.29-1ubuntu4.22'},\n {'osver': '18.04', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.29-1ubuntu4.22'},\n {'osver': '18.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.29-1ubuntu4.22'},\n {'osver': '18.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.29-1ubuntu4.22'},\n {'osver': '18.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.29-1ubuntu4.22'},\n {'osver': '20.04', 'pkgname': 'apache2', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libapache2-mod-md', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '20.04', 'pkgname': 'libapache2-mod-proxy-uwsgi', 'pkgver': '2.4.41-4ubuntu3.10'},\n {'osver': '21.10', 'pkgname': 'apache2', 'pkgver': '2.4.48-3.1ubuntu3.3'},\n {'osver': '21.10', 'pkgname': 'apache2-bin', 'pkgver': '2.4.48-3.1ubuntu3.3'},\n {'osver': '21.10', 'pkgname': 'apache2-data', 'pkgver': '2.4.48-3.1ubuntu3.3'},\n {'osver': '21.10', 'pkgname': 'apache2-dev', 'pkgver': '2.4.48-3.1ubuntu3.3'},\n {'osver': '21.10', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.48-3.1ubuntu3.3'},\n {'osver': '21.10', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.48-3.1ubuntu3.3'},\n {'osver': '21.10', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.48-3.1ubuntu3.3'},\n {'osver': '21.10', 'pkgname': 'apache2-utils', 'pkgver': '2.4.48-3.1ubuntu3.3'},\n {'osver': '21.10', 'pkgname': 'libapache2-mod-md', 'pkgver': '2.4.48-3.1ubuntu3.3'},\n {'osver': '21.10', 'pkgname': 'libapache2-mod-proxy-uwsgi', 'pkgver': '2.4.48-3.1ubuntu3.3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:30:58", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-06-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1807)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1807.NASL", "href": "https://www.tenable.com/plugins/nessus/161872", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161872);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/06\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1807)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1807\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e56e655e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-filesystem-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-tools-2.4.43-4.h14.eulerosv2r10\",\n \"mod_ssl-2.4.43-4.h14.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:22", "description": "The version of Apache httpd installed on the remote host is prior to 2.4.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.53 advisory.\n\n - mod_lua Use of uninitialized value of in r:parsebody: A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Acknowledgements: Chamal De Silva (CVE-2022-22719)\n\n - HTTP request smuggling: Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Acknowledgements: James Kettle <james.kettle portswigger.net> (CVE-2022-22720)\n\n - Possible buffer overflow with very large or unlimited LimitXMLRequestBody in core: If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Acknowledgements: Anonymous working with Trend Micro Zero Day Initiative (CVE-2022-22721)\n\n - Read/write beyond bounds in mod_sed: Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Acknowledgements: Ronald Crane (Zippenhop LLC) (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-14T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.53 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-15T00:00:00", "cpe": ["cpe:/a:apache:httpd", "cpe:/a:apache:http_server"], "id": "APACHE_2_4_53.NASL", "href": "https://www.tenable.com/plugins/nessus/158900", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158900);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/15\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"Apache 2.4.x < 2.4.53 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache httpd installed on the remote host is prior to 2.4.53. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 2.4.53 advisory.\n\n - mod_lua Use of uninitialized value of in r:parsebody: A carefully crafted request body can cause a read to a\n random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52\n and earlier. Acknowledgements: Chamal De Silva (CVE-2022-22719)\n\n - HTTP request smuggling: Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are \n encountered discarding the request body, exposing the server to HTTP Request Smuggling Acknowledgements: James \n Kettle <james.kettle portswigger.net> (CVE-2022-22720)\n\n - Possible buffer overflow with very large or unlimited LimitXMLRequestBody in core: If LimitXMLRequestBody is set to \n allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later \n causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Acknowledgements: Anonymous \n working with Trend Micro Zero Day Initiative (CVE-2022-22721)\n\n - Read/write beyond bounds in mod_sed: Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows\n an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP\n Server 2.4 version 2.4.52 and prior versions. Acknowledgements: Ronald Crane (Zippenhop LLC)\n (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.apache.org/dist/httpd/Announcement2.4.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.53 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nvar constraints = [\n { 'max_version' : '2.4.52', 'fixed_version' : '2.4.53' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:30:34", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : httpd (EulerOS-SA-2022-1893)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-17T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1893.NASL", "href": "https://www.tenable.com/plugins/nessus/162350", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162350);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/17\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : httpd (EulerOS-SA-2022-1893)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1893\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfc58c48\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-80.1.h16.eulerosv2r7\",\n \"httpd-devel-2.4.6-80.1.h16.eulerosv2r7\",\n \"httpd-manual-2.4.6-80.1.h16.eulerosv2r7\",\n \"httpd-tools-2.4.6-80.1.h16.eulerosv2r7\",\n \"mod_session-2.4.6-80.1.h16.eulerosv2r7\",\n \"mod_ssl-2.4.6-80.1.h16.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:46", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-29T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2022-2199)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-07-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2022-2199.NASL", "href": "https://www.tenable.com/plugins/nessus/163623", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163623);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/29\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2022-2199)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2199\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5435a44d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-24.h13.eulerosv2r9\",\n \"httpd-filesystem-2.4.34-24.h13.eulerosv2r9\",\n \"httpd-tools-2.4.34-24.h13.eulerosv2r9\",\n \"mod_ssl-2.4.34-24.h13.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:48", "description": "The version of httpd24 installed on the remote host is prior to 2.4.53-1.96. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1584 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-29T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd24 (ALAS-2022-1584)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd24", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_md", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:mod24_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1584.NASL", "href": "https://www.tenable.com/plugins/nessus/160333", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1584.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160333);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n script_xref(name:\"ALAS\", value:\"2022-1584\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 (ALAS-2022-1584)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of httpd24 installed on the remote host is prior to 2.4.53-1.96. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2022-1584 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1584.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22720.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22721.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23943.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update httpd24' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'httpd24-2.4.53-1.96.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-2.4.53-1.96.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-debuginfo-2.4.53-1.96.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-debuginfo-2.4.53-1.96.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-devel-2.4.53-1.96.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-devel-2.4.53-1.96.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-manual-2.4.53-1.96.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-tools-2.4.53-1.96.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-tools-2.4.53-1.96.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_ldap-2.4.53-1.96.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_ldap-2.4.53-1.96.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_md-2.4.53-1.96.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_md-2.4.53-1.96.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_proxy_html-2.4.53-1.96.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_proxy_html-2.4.53-1.96.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_session-2.4.53-1.96.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_session-2.4.53-1.96.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_ssl-2.4.53-1.96.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_ssl-2.4.53-1.96.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:27", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6601c08d-a46c-11ec-8be6-d4c9ef517024 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-16T00:00:00", "type": "nessus", "title": "FreeBSD : Apache httpd -- Multiple vulnerabilities (6601c08d-a46c-11ec-8be6-d4c9ef517024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache24", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_6601C08DA46C11EC8BE6D4C9EF517024.NASL", "href": "https://www.tenable.com/plugins/nessus/158989", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158989);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"FreeBSD : Apache httpd -- Multiple vulnerabilities (6601c08d-a46c-11ec-8be6-d4c9ef517024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 6601c08d-a46c-11ec-8be6-d4c9ef517024 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n # https://vuxml.freebsd.org/freebsd/6601c08d-a46c-11ec-8be6-d4c9ef517024.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f26652af\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'apache24<2.4.53'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:33", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1031-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-30T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : apache2 (openSUSE-SU-2022:1031-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-03-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-worker", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-1031-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159326", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:1031-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159326);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/30\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : apache2 (openSUSE-SU-2022:1031-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:1031-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197098\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4LVBWCEX7IVK73L73JHPXASP5AT5BZGS/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c62e499d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23943\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'apache2-2.4.51-150200.3.42.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-devel-2.4.51-150200.3.42.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-event-2.4.51-150200.3.42.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-example-pages-2.4.51-150200.3.42.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-worker-2.4.51-150200.3.42.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-devel / apache2-event / apache2-example-pages / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:57:24", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0918-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:0918-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0918-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159131", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0918-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159131);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0918-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:0918-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0918-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23943\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010494.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?37f614a4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-doc-2.4.23-29.88.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-example-pages-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-prefork-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-utils-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-worker-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-2.4.23-29.88.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-doc-2.4.23-29.88.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-example-pages-2.4.23-29.88.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-prefork-2.4.23-29.88.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-utils-2.4.23-29.88.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-worker-2.4.23-29.88.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-2.4.23-29.88.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-doc-2.4.23-29.88.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-example-pages-2.4.23-29.88.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-prefork-2.4.23-29.88.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-utils-2.4.23-29.88.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-worker-2.4.23-29.88.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-2.4.23-29.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-doc-2.4.23-29.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-doc-2.4.23-29.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-example-pages-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-example-pages-2.4.23-29.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-prefork-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-prefork-2.4.23-29.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-utils-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-utils-2.4.23-29.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-worker-2.4.23-29.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-worker-2.4.23-29.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-2.4.23-29.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-doc-2.4.23-29.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-example-pages-2.4.23-29.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-prefork-2.4.23-29.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-utils-2.4.23-29.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-worker-2.4.23-29.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-doc / apache2-example-pages / apache2-prefork / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:55:27", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0928-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:0928-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0928-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159129", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0928-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159129);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0928-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:0928-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0928-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23943\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010496.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?664feb4c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-2.4.51-35.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-devel-2.4.51-35.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-doc-2.4.51-35.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-example-pages-2.4.51-35.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-prefork-2.4.51-35.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-utils-2.4.51-35.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-worker-2.4.51-35.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-devel-2.4.51-35.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'apache2-2.4.51-35.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-doc-2.4.51-35.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-example-pages-2.4.51-35.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-prefork-2.4.51-35.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-utils-2.4.51-35.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-worker-2.4.51-35.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-devel / apache2-doc / apache2-example-pages / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:17", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.53. It is, therefore, affected by multiple vulnerabilities:\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. (CVE-2022-22719)\n\n - A HTTP Request Smuggling vulnerability exists due earlier fails to close inbound connection when errors are encountered discarding the request body. (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. (CVE-2022-22721)\n\n - An out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. (CVE-2022-23943)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-14T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.53 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113194", "href": "https://www.tenable.com/plugins/was/113194", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:34", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-29T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2022-2180)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-07-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2022-2180.NASL", "href": "https://www.tenable.com/plugins/nessus/163618", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163618);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/29\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2022-2180)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2180\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf8e7784\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-24.h13.eulerosv2r9\",\n \"httpd-filesystem-2.4.34-24.h13.eulerosv2r9\",\n \"httpd-tools-2.4.34-24.h13.eulerosv2r9\",\n \"mod_ssl-2.4.34-24.h13.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:43:57", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5333-2 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-18T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Apache HTTP Server vulnerabilities (USN-5333-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-07-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "p-cpe:/a:canonical:ubuntu_linux:apache2-data", "p-cpe:/a:canonical:ubuntu_linux:apache2-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-macro", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-html"], "id": "UBUNTU_USN-5333-2.NASL", "href": "https://www.tenable.com/plugins/nessus/159058", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5333-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159058);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"USN\", value:\"5333-2\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Apache HTTP Server vulnerabilities (USN-5333-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5333-2 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5333-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-macro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-html\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'apache2', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-mpm-event', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-mpm-itk', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-mpm-prefork', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-mpm-worker', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-suexec', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'apache2.2-bin', 'pkgver': '2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'libapache2-mod-macro', 'pkgver': '1:2.4.7-1ubuntu4.22+esm4'},\n {'osver': '14.04', 'pkgname': 'libapache2-mod-proxy-html', 'pkgver': '1:2.4.7-1ubuntu4.22+esm4'},\n {'osver': '16.04', 'pkgname': 'apache2', 'pkgver': '2.4.18-2ubuntu3.17+esm5'},\n {'osver': '16.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.18-2ubuntu3.17+esm5'},\n {'osver': '16.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.18-2ubuntu3.17+esm5'},\n {'osver': '16.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.18-2ubuntu3.17+esm5'},\n {'osver': '16.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.18-2ubuntu3.17+esm5'},\n {'osver': '16.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.18-2ubuntu3.17+esm5'},\n {'osver': '16.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.18-2ubuntu3.17+esm5'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:55:45", "description": "The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1031-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-30T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2022:1031-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1031-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159336", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1031-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159336);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1031-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2022:1031-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by\nmultiple vulnerabilities as referenced in the SUSE-SU-2022:1031-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23943\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010563.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?19e70d6f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'apache2-devel-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'apache2-doc-2.4.51-150200.3.42.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'apache2-worker-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'apache2-devel-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'apache2-doc-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'apache2-worker-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'apache2-devel-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'apache2-devel-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'apache2-doc-2.4.51-150200.3.42.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'apache2-worker-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'apache2-worker-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-devel-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-devel-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-doc-2.4.51-150200.3.42.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-worker-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-worker-2.4.51-150200.3.42.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-devel-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-doc-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-worker-2.4.51-150200.3.42.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'apache2-2.4.51-150200.3.42.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'apache2-devel-2.4.51-150200.3.42.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'apache2-prefork-2.4.51-150200.3.42.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'apache2-utils-2.4.51-150200.3.42.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'apache2-worker-2.4.51-150200.3.42.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-devel / apache2-doc / apache2-prefork / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:30:50", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-06-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1867)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1867.NASL", "href": "https://www.tenable.com/plugins/nessus/162259", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162259);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/15\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1867)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1867\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f3cde065\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-24.h13.eulerosv2r9\",\n \"httpd-filesystem-2.4.34-24.h13.eulerosv2r9\",\n \"httpd-tools-2.4.34-24.h13.eulerosv2r9\",\n \"mod_ssl-2.4.34-24.h13.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-16T14:47:51", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0929-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-23T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:0929-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0929-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159177", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0929-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159177);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0929-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:0929-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0929-1 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23943\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010499.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f2de02e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-doc-2.4.33-150000.3.66.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-doc-2.4.33-150000.3.66.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-doc-2.4.33-150000.3.66.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-doc-2.4.33-150000.3.66.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-doc-2.4.33-150000.3.66.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-doc-2.4.33-150000.3.66.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-2.4.33-150000.3.66.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'apache2-devel-2.4.33-150000.3.66.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-150000.3.66.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'apache2-utils-2.4.33-150000.3.66.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'apache2-worker-2.4.33-150000.3.66.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-devel / apache2-doc / apache2-prefork / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:57", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-053 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-09-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-core", "p-cpe:/a:amazon:linux:httpd-core-debuginfo", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-debugsource", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-filesystem", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:httpd-tools-debuginfo", "p-cpe:/a:amazon:linux:mod_ldap", "p-cpe:/a:amazon:linux:mod_ldap-debuginfo", "p-cpe:/a:amazon:linux:mod_lua", "p-cpe:/a:amazon:linux:mod_lua-debuginfo", "p-cpe:/a:amazon:linux:mod_proxy_html", "p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo", "p-cpe:/a:amazon:linux:mod_session", "p-cpe:/a:amazon:linux:mod_session-debuginfo", "p-cpe:/a:amazon:linux:mod_ssl", "p-cpe:/a:amazon:linux:mod_ssl-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-053.NASL", "href": "https://www.tenable.com/plugins/nessus/164751", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-053.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164751);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/06\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-053)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-053 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-053.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22720.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22721.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23943.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update --releasever=2022.0.20220419 httpd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'httpd-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.53-3.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.53-3.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.53-3.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-core / httpd-core-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:36", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2960 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-22T00:00:00", "type": "nessus", "title": "Debian DLA-2960-1 : apache2 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-bin", "p-cpe:/a:debian:debian_linux:apache2-data", "p-cpe:/a:debian:debian_linux:apache2-dbg", "p-cpe:/a:debian:debian_linux:apache2-dev", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-ssl-dev", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-suexec-pristine", "p-cpe:/a:debian:debian_linux:apache2-utils", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2960.NASL", "href": "https://www.tenable.com/plugins/nessus/159141", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2960. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159141);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"Debian DLA-2960-1 : apache2 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2960 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/apache2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-2960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-22719\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-22721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-23943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/apache2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the apache2 packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.4.25-3+deb9u13.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-ssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-pristine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'apache2', 'reference': '2.4.25-3+deb9u13'},\n {'release': '9.0', 'prefix': 'apache2-bin', 'reference': '2.4.25-3+deb9u13'},\n {'release': '9.0', 'prefix': 'apache2-data', 'reference': '2.4.25-3+deb9u13'},\n {'release': '9.0', 'prefix': 'apache2-dbg', 'reference': '2.4.25-3+deb9u13'},\n {'release': '9.0', 'prefix': 'apache2-dev', 'reference': '2.4.25-3+deb9u13'},\n {'release': '9.0', 'prefix': 'apache2-doc', 'reference': '2.4.25-3+deb9u13'},\n {'release': '9.0', 'prefix': 'apache2-ssl-dev', 'reference': '2.4.25-3+deb9u13'},\n {'release': '9.0', 'prefix': 'apache2-suexec-custom', 'reference': '2.4.25-3+deb9u13'},\n {'release': '9.0', 'prefix': 'apache2-suexec-pristine', 'reference': '2.4.25-3+deb9u13'},\n {'release': '9.0', 'prefix': 'apache2-utils', 'reference': '2.4.25-3+deb9u13'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dbg / apache2-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:20", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-06-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1790)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1790.NASL", "href": "https://www.tenable.com/plugins/nessus/161855", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161855);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/06\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1790)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1790\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dffc698\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-filesystem-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-tools-2.4.43-4.h14.eulerosv2r10\",\n \"mod_ssl-2.4.43-4.h14.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:08", "description": "The version of httpd installed on the remote host is prior to 2.4.53-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1783 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-27T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : httpd (ALAS-2022-1783)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-13T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-filesystem", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ldap", "p-cpe:/a:amazon:linux:mod_md", "p-cpe:/a:amazon:linux:mod_proxy_html", "p-cpe:/a:amazon:linux:mod_session", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1783.NASL", "href": "https://www.tenable.com/plugins/nessus/160260", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1783.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160260);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n script_xref(name:\"ALAS\", value:\"2022-1783\");\n\n script_name(english:\"Amazon Linux 2 : httpd (ALAS-2022-1783)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of httpd installed on the remote host is prior to 2.4.53-1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2022-1783 advisory.\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1783.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22720.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22721.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23943.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update httpd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'httpd-2.4.53-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.53-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.53-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.53-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.53-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.53-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.53-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.53-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.53-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.53-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.53-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.53-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.53-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.53-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.53-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.53-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.53-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.4.53-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.4.53-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.4.53-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.53-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.53-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.53-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.53-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.53-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.53-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.53-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.53-1.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.53-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:36", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-1569)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2022-06-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1569.NASL", "href": "https://www.tenable.com/plugins/nessus/160178", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160178);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-1569)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1569\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?534ec76c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-8.h24.eulerosv2r8\",\n \"httpd-devel-2.4.34-8.h24.eulerosv2r8\",\n \"httpd-filesystem-2.4.34-8.h24.eulerosv2r8\",\n \"httpd-manual-2.4.34-8.h24.eulerosv2r8\",\n \"httpd-tools-2.4.34-8.h24.eulerosv2r8\",\n \"mod_session-2.4.34-8.h24.eulerosv2r8\",\n \"mod_ssl-2.4.34-8.h24.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:01", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : httpd (EulerOS-SA-2022-1730)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-04-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1730.NASL", "href": "https://www.tenable.com/plugins/nessus/161557", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161557);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : httpd (EulerOS-SA-2022-1730)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1730\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a10c7799\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-45.0.1.4.h26\",\n \"httpd-devel-2.4.6-45.0.1.4.h26\",\n \"httpd-manual-2.4.6-45.0.1.4.h26\",\n \"httpd-tools-2.4.6-45.0.1.4.h26\",\n \"mod_ssl-2.4.6-45.0.1.4.h26\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:09", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2022-2053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-04-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-2053.NASL", "href": "https://www.tenable.com/plugins/nessus/163204", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163204);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2022-2053)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2053\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3db9cdcc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-filesystem-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-tools-2.4.43-4.h14.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:47", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2022-2025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-04-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2022-2025.NASL", "href": "https://www.tenable.com/plugins/nessus/163151", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163151);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2022-2025)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2025\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84447ff8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-filesystem-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-tools-2.4.43-4.h14.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:45:20", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities:\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow (CVE-2021-26691)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-11T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2023-0011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26691", "CVE-2021-34798", "CVE-2021-39275", "CVE-2021-40438", "CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-04-11T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:httpd", "p-cpe:/a:zte:cgsl_core:httpd-debuginfo", "p-cpe:/a:zte:cgsl_core:httpd-devel", "p-cpe:/a:zte:cgsl_core:httpd-manual", "p-cpe:/a:zte:cgsl_core:httpd-tools", "p-cpe:/a:zte:cgsl_core:mod_ldap", "p-cpe:/a:zte:cgsl_core:mod_proxy_html", "p-cpe:/a:zte:cgsl_core:mod_session", "p-cpe:/a:zte:cgsl_core:mod_ssl", "p-cpe:/a:zte:cgsl_main:httpd", "p-cpe:/a:zte:cgsl_main:httpd-debuginfo", "p-cpe:/a:zte:cgsl_main:httpd-devel", "p-cpe:/a:zte:cgsl_main:httpd-manual", "p-cpe:/a:zte:cgsl_main:httpd-tools", "p-cpe:/a:zte:cgsl_main:mod_ldap", "p-cpe:/a:zte:cgsl_main:mod_proxy_html", "p-cpe:/a:zte:cgsl_main:mod_session", "p-cpe:/a:zte:cgsl_main:mod_ssl", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2023-0011_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/174053", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2023-0011. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174053);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/11\");\n\n script_cve_id(\n \"CVE-2021-26691\",\n \"CVE-2021-34798\",\n \"CVE-2021-39275\",\n \"CVE-2021-40438\",\n \"CVE-2021-44790\",\n \"CVE-2022-22720\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/12/15\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2023-0011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by\nmultiple vulnerabilities:\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server\n could cause a heap overflow (CVE-2021-26691)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP\n Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the\n remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2023-0011\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-26691\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-34798\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-39275\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-40438\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2022-22720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar os_release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(os_release) || os_release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (os_release !~ \"CGSL CORE 5.05\" &&\n os_release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'httpd-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-debuginfo-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-devel-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-manual-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-tools-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_ldap-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_proxy_html-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_session-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_ssl-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66'\n ],\n 'CGSL MAIN 5.05': [\n 'httpd-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-debuginfo-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-devel-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-manual-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-tools-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_ldap-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_proxy_html-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_session-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_ssl-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66'\n ]\n};\nvar pkg_list = pkgs[os_release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:51:14", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1389 advisory.\n\n - libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)\n\n - libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)\n\n - libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)\n\n - libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537)\n\n - libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)\n\n - openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\n - libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-21T00:00:00", "type": "nessus", "title": "RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 (RHSA-2022:1389)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-3541", "CVE-2022-0778", "CVE-2022-22720", "CVE-2022-23308"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-chil", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-pkcs11", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static"], "id": "REDHAT-RHSA-2022-1389.NASL", "href": "https://www.tenable.com/plugins/nessus/160030", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1389. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160030);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2021-3516\",\n \"CVE-2021-3517\",\n \"CVE-2021-3518\",\n \"CVE-2021-3537\",\n \"CVE-2021-3541\",\n \"CVE-2022-0778\",\n \"CVE-2022-22720\",\n \"CVE-2022-23308\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1389\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"IAVA\", value:\"2021-A-0482\");\n script_xref(name:\"IAVA\", value:\"2022-A-0038\");\n script_xref(name:\"IAVA\", value:\"2022-A-0121-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 (RHSA-2022:1389)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1389 advisory.\n\n - libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516)\n\n - libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517)\n\n - libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518)\n\n - libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode\n (CVE-2021-3537)\n\n - libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)\n\n - openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\n - libxml2: Use-after-free of ID and IDREF attributes (CVE-2022-23308)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1950515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2056913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2062202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 416, 444, 476, 787, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-apr-util-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-ap24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_jk-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_security\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-nghttp2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-chil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/jbcs/1/debug',\n 'content/dist/layered/rhel8/x86_64/jbcs/1/os',\n 'content/dist/layered/rhel8/x86_64/jbcs/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jbcs-httpd24-apr-util-1.6.1-91.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-devel-1.6.1-91.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-ldap-1.6.1-91.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-mysql-1.6.1-91.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-nss-1.6.1-91.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-odbc-1.6.1-91.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-openssl-1.6.1-91.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-pgsql-1.6.1-91.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-sqlite-1.6.1-91.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-curl-7.78.0-3.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-80.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-80.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-manual-2.4.37-80.el8jbcs', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-80.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-80.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-7.78.0-3.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-devel-7.78.0-3.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.15.7-22.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-ap24-1.2.48-29.redhat_1.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-manual-1.2.48-29.redhat_1.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-80.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_md-2.0.8-41.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-80.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_security-2.9.2-68.GA.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-80.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-80.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-1.39.2-41.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-devel-1.39.2-41.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-1.1.1g-11.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-chil-1.0.0-11.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-devel-1.1.1g-11.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-libs-1.1.1g-11.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-perl-1.1.1g-11.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-pkcs11-0.4.10-26.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-static-1.1.1g-11.el8jbcs', 'cpu':'x86_64', 'release':'8', 'el_string':'el8jbcs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jbcs/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'jbcs-httpd24-apr-util-1.6.1-91.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-devel-1.6.1-91.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-ldap-1.6.1-91.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-mysql-1.6.1-91.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-nss-1.6.1-91.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-odbc-1.6.1-91.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-openssl-1.6.1-91.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-pgsql-1.6.1-91.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-apr-util-sqlite-1.6.1-91.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-curl-7.78.0-3.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-2.4.37-80.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-devel-2.4.37-80.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-manual-2.4.37-80.jbcs.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-selinux-2.4.37-80.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-httpd-tools-2.4.37-80.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-7.78.0-3.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-libcurl-devel-7.78.0-3.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_cluster-native-1.3.16-10.Final_redhat_2.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_http2-1.15.7-22.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-ap24-1.2.48-29.redhat_1.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_jk-manual-1.2.48-29.redhat_1.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ldap-2.4.37-80.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_md-2.0.8-41.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_proxy_html-2.4.37-80.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_security-2.9.2-68.GA.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_session-2.4.37-80.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-mod_ssl-2.4.37-80.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-1.39.2-41.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-nghttp2-devel-1.39.2-41.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-1.1.1g-11.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-chil-1.0.0-11.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-devel-1.1.1g-11.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-libs-1.1.1g-11.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-perl-1.1.1g-11.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-pkcs11-0.4.10-26.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'jbcs-httpd24'},\n {'reference':'jbcs-httpd24-openssl-static-1.1.1g-11.jbcs.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'jbcs-httpd24'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jbcs-httpd24-apr-util / jbcs-httpd24-apr-util-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:47:27", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-05-07T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.0 : httpd (EulerOS-SA-2023-1737)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522"], "modified": "2023-05-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2023-1737.NASL", "href": "https://www.tenable.com/plugins/nessus/175200", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175200);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/07\");\n\n script_cve_id(\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.0 : httpd (EulerOS-SA-2023-1737)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1737\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?084417e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-80.1.h17\",\n \"httpd-tools-2.4.6-80.1.h17\",\n \"mod_ssl-2.4.6-80.1.h17\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:23", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2022-2506)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522"], "modified": "2023-04-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2022-2506.NASL", "href": "https://www.tenable.com/plugins/nessus/165921", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165921);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2022-2506)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2506\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf285a56\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-80.1.h17.eulerosv2r7\",\n \"httpd-devel-2.4.6-80.1.h17.eulerosv2r7\",\n \"httpd-manual-2.4.6-80.1.h17.eulerosv2r7\",\n \"httpd-tools-2.4.6-80.1.h17.eulerosv2r7\",\n \"mod_session-2.4.6-80.1.h17.eulerosv2r7\",\n \"mod_ssl-2.4.6-80.1.h17.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:47", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2022-2564)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31813"], "modified": "2023-04-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-2564.NASL", "href": "https://www.tenable.com/plugins/nessus/165955", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165955);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\",\n \"CVE-2022-30556\",\n \"CVE-2022-31813\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2022-2564)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point\n past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on\n client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on\n the origin server/application. (CVE-2022-31813)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2564\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92bc760b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31813\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-8.h25.eulerosv2r8\",\n \"httpd-devel-2.4.34-8.h25.eulerosv2r8\",\n \"httpd-filesystem-2.4.34-8.h25.eulerosv2r8\",\n \"httpd-manual-2.4.34-8.h25.eulerosv2r8\",\n \"httpd-tools-2.4.34-8.h25.eulerosv2r8\",\n \"mod_session-2.4.34-8.h25.eulerosv2r8\",\n \"mod_ssl-2.4.34-8.h25.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:48:12", "description": "The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple vulnerabilities:\n\n - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. (CVE-2018-17199)\n\n - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. (CVE-2019-0196)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this issue. (CVE-2019-0197)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVE-2019-10082)\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above info will mitigate this vulnerability for unpatched servers. (CVE-2020-11993)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVE-2020-1927)\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVE-2021-26690)\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow (CVE-2021-26691)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-25T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2023-1001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-17189", "CVE-2018-17199", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10092", "CVE-2020-11993", "CVE-2020-1927", "CVE-2021-26690", "CVE-2021-26691", "CVE-2021-39275", "CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-04-26T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:httpd", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2023-1001_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/174760", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2023-1001. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174760);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/26\");\n\n script_cve_id(\n \"CVE-2018-17189\",\n \"CVE-2018-17199\",\n \"CVE-2019-0196\",\n \"CVE-2019-0197\",\n \"CVE-2019-10081\",\n \"CVE-2019-10082\",\n \"CVE-2019-10092\",\n \"CVE-2020-1927\",\n \"CVE-2020-11993\",\n \"CVE-2021-26690\",\n \"CVE-2021-26691\",\n \"CVE-2021-39275\",\n \"CVE-2021-44790\",\n \"CVE-2022-22720\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0203\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2023-1001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple\nvulnerabilities:\n\n - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain\n resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming\n data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before\n decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since\n the expiry time is loaded when the session is decoded. (CVE-2018-17199)\n\n - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2\n request handling could be made to access freed memory in string comparison when determining the method of\n a request and thus process the request incorrectly. (CVE-2019-0196)\n\n - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host\n or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not\n the first request on a connection could lead to a misconfiguration and crash. Server that never enabled\n the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this\n issue. (CVE-2019-0197)\n\n - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead\n to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of\n the configured push link header values, not data supplied by the client. (CVE-2019-10081)\n\n - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made\n to read memory after being freed, during connection shutdown. (CVE-2019-10082)\n\n - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the\n mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point\n to a page of their choice. This would only be exploitable where a server was set up with proxying enabled\n but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)\n\n - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on\n certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent\n use of memory pools. Configuring the LogLevel of mod_http2 above info will mitigate this vulnerability\n for unpatched servers. (CVE-2020-11993)\n\n - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be\n self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within\n the request URL. (CVE-2020-1927)\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can\n cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVE-2021-26690)\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server\n could cause a heap overflow (CVE-2021-26691)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/notice/NS-SA-2023-1001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2018-17189\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2018-17199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-0196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-0197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-10081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-10082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2019-10092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2020-11993\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2020-1927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2021-26690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2021-26691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2021-39275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gd-linux.com/info/CVE-2022-22720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar os_release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(os_release) || os_release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (os_release !~ \"CGSL MAIN 6.06\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.06');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.06': [\n 'httpd-2.4.37-47.0.1.zncgsl6'\n ]\n};\nvar pkg_list = pkgs[os_release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:37", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-202 advisory.\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. (CVE-2022-28330)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-04T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28330", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31813"], "modified": "2023-04-03T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-core", "p-cpe:/a:amazon:linux:httpd-core-debuginfo", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-debugsource", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-filesystem", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:httpd-tools-debuginfo", "p-cpe:/a:amazon:linux:mod_ldap", "p-cpe:/a:amazon:linux:mod_ldap-debuginfo", "p-cpe:/a:amazon:linux:mod_lua", "p-cpe:/a:amazon:linux:mod_lua-debuginfo", "p-cpe:/a:amazon:linux:mod_proxy_html", "p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo", "p-cpe:/a:amazon:linux:mod_session", "p-cpe:/a:amazon:linux:mod_session-debuginfo", "p-cpe:/a:amazon:linux:mod_ssl", "p-cpe:/a:amazon:linux:mod_ssl-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-202.NASL", "href": "https://www.tenable.com/plugins/nessus/167004", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-202.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167004);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/03\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28330\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\",\n \"CVE-2022-30556\",\n \"CVE-2022-31813\"\n );\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-202)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-202 advisory.\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process\n requests with the mod_isapi module. (CVE-2022-28330)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point\n past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on\n client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on\n the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-202.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28614.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28615.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29404.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-30522.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-30556.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-31813.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update httpd --releasever=2022.0.20221102' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31813\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'httpd-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.54-3.amzn2022.0.3', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.54-3.amzn2022.0.3', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-core / httpd-core-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:45:27", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-072 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. (CVE-2022-28330)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28330", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31813"], "modified": "2023-04-21T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-core", "p-cpe:/a:amazon:linux:httpd-core-debuginfo", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-debugsource", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-filesystem", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:httpd-tools-debuginfo", "p-cpe:/a:amazon:linux:mod_ldap", "p-cpe:/a:amazon:linux:mod_ldap-debuginfo", "p-cpe:/a:amazon:linux:mod_lua", "p-cpe:/a:amazon:linux:mod_lua-debuginfo", "p-cpe:/a:amazon:linux:mod_proxy_html", "p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo", "p-cpe:/a:amazon:linux:mod_session", "p-cpe:/a:amazon:linux:mod_session-debuginfo", "p-cpe:/a:amazon:linux:mod_ssl", "p-cpe:/a:amazon:linux:mod_ssl-debuginfo", "cpe:/o:amazon:linux:2023"], "id": "AL2023_ALAS2023-2023-072.NASL", "href": "https://www.tenable.com/plugins/nessus/173084", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-072.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173084);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28330\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\",\n \"CVE-2022-30556\",\n \"CVE-2022-31813\"\n );\n\n script_name(english:\"Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2023 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-072 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process\n requests with the mod_isapi module. (CVE-2022-28330)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point\n past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on\n client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on\n the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2023/ALAS-2023-072.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44224.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44790.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22720.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22721.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23943.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28614.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28615.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29404.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-30522.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-30556.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-31813.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update httpd --releasever=2023.0.20230222 ' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31813\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2023\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2023\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2023\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'httpd-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.54-3.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.54-3.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-core / httpd-core-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:20", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow (CVE-2020-35452)\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVE-2021-26690)\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow (CVE-2021-26691)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-01-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35452", "CVE-2021-26690", "CVE-2021-26691", "CVE-2021-34798", "CVE-2021-39275", "CVE-2021-40438", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-26377", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404"], "modified": "2023-04-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-tools", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2023-1260.NASL", "href": "https://www.tenable.com/plugins/nessus/170842", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170842);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\n \"CVE-2020-35452\",\n \"CVE-2021-26690\",\n \"CVE-2021-26691\",\n \"CVE-2021-34798\",\n \"CVE-2021-39275\",\n \"CVE-2021-40438\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-26377\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/12/15\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in\n mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team\n could create one, though some particular compiler and/or compilation option might make it possible, with\n limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow\n (CVE-2020-35452)\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can\n cause a NULL pointer dereference and crash, leading to a possible Denial Of Service (CVE-2021-26690)\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server\n could cause a heap overflow (CVE-2021-26691)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP\n Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the\n remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1260\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad2722ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"x86\" >!< cpu) audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-80.1.h17.eulerosv2r7\",\n \"httpd-tools-2.4.6-80.1.h17.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-02T15:48:53", "description": "The remote host is affected by the vulnerability described in GLSA-202208-20 (Apache HTTPD: Multiple Vulnerabilities)\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.\n (CVE-2021-41524)\n\n - A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration require all denied, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. (CVE-2021-41773)\n\n - It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration require all denied, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. (CVE-2021-42013)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "GLSA-202208-20 : Apache HTTPD: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33193", "CVE-2021-34798", "CVE-2021-36160", "CVE-2021-39275", "CVE-2021-40438", "CVE-2021-41524", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31813"], "modified": "2023-04-07T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "p-cpe:/a:gentoo:linux:apache-tools", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-20.NASL", "href": "https://www.tenable.com/plugins/nessus/164114", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-20.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164114);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\n \"CVE-2021-33193\",\n \"CVE-2021-34798\",\n \"CVE-2021-36160\",\n \"CVE-2021-39275\",\n \"CVE-2021-40438\",\n \"CVE-2021-41524\",\n \"CVE-2021-41773\",\n \"CVE-2021-42013\",\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\",\n \"CVE-2022-30556\",\n \"CVE-2022-31813\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/12/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0046\");\n\n script_name(english:\"GLSA-202208-20 : Apache HTTPD: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-20 (Apache HTTPD: Multiple Vulnerabilities)\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead\n to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP\n Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and\n crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the\n remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request\n processing, allowing an external source to DoS the server. This requires a specially crafted request. The\n vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.\n (CVE-2021-41524)\n\n - A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could\n use a path traversal attack to map URLs to files outside the directories configured by Alias-like\n directives. If files outside of these directories are not protected by the usual default configuration\n require all denied, these requests can succeed. If CGI scripts are also enabled for these aliased\n pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This\n issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found\n to be incomplete, see CVE-2021-42013. (CVE-2021-41773)\n\n - It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker\n could use a path traversal attack to map URLs to files outside the directories configured by Alias-like\n directives. If files outside of these directories are not protected by the usual default configuration\n require all denied, these requests can succeed. If CGI scripts are also enabled for these aliased\n pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache\n 2.4.50 and not earlier versions. (CVE-2021-42013)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point\n past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on\n client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on\n the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-20\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=813429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=816399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=816864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=829722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=835131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=850622\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-servers/apache-2.4.54\n \nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=app-admin/apache-tools-2.4.54\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31813\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"app-admin/apache-tools\",\n 'unaffected' : make_list(\"ge 2.4.54\"),\n 'vulnerable' : make_list(\"lt 2.4.54\")\n },\n {\n 'name' : \"www-servers/apache\",\n 'unaffected' : make_list(\"ge 2.4.54\"),\n 'vulnerable' : make_list(\"lt 2.4.54\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache HTTPD\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T16:32:34", "description": "The version of AOS installed on the remote host is prior to 5.20.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.3.6 advisory.\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. (CVE-2020-25709)\n\n - A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. (CVE-2020-25710)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. (CVE-2021-21996)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. (CVE-2021-4155)\n\n - In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).\n (CVE-2021-45960)\n\n - In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. (CVE-2021-46143)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self- signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22822)\n\n - build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22823)\n\n - defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n (CVE-2022-22824)\n\n - lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22825)\n\n - nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n (CVE-2022-22826)\n\n - storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22827)\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)\n\n - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. (CVE-2022-24407)\n\n - xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. (CVE-2022-25235)\n\n - xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. (CVE-2022-25236)\n\n - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-21T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.3.6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0465", "CVE-2020-0466", "CVE-2020-25709", "CVE-2020-25710", "CVE-2021-0920", "CVE-2021-21996", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3752", "CVE-2021-4155", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-0330", "CVE-2022-0778", "CVE-2022-22720", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-22942", "CVE-2022-23852", "CVE-2022-24407", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_20_3_6.NASL", "href": "https://www.tenable.com/plugins/nessus/165275", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165275);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-25709\",\n \"CVE-2020-25710\",\n \"CVE-2021-0920\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3752\",\n \"CVE-2021-4155\",\n \"CVE-2021-21996\",\n \"CVE-2021-45960\",\n \"CVE-2021-46143\",\n \"CVE-2022-0330\",\n \"CVE-2022-0778\",\n \"CVE-2022-22720\",\n \"CVE-2022-22822\",\n \"CVE-2022-22823\",\n \"CVE-2022-22824\",\n \"CVE-2022-22825\",\n \"CVE-2022-22826\",\n \"CVE-2022-22827\",\n \"CVE-2022-22942\",\n \"CVE-2022-23852\",\n \"CVE-2022-24407\",\n \"CVE-2022-25235\",\n \"CVE-2022-25236\",\n \"CVE-2022-25315\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.3.6)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.20.3.6. It is, therefore, affected by multiple\nvulnerabilities as referenced in the NXSA-AOS-5.20.3.6 advisory.\n\n - In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds\n check. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-162844689References: Upstream kernel (CVE-2020-0465)\n\n - In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege with no additional execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel (CVE-2020-0466)\n\n - A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed\n by OpenLDAP's slapd server, to trigger an assertion failure. The highest threat from this vulnerability is\n to system availability. (CVE-2020-25709)\n\n - A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious\n packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this\n vulnerability is to system availability. (CVE-2020-25710)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and\n source_hash URLs can gain full file system access as root on a salt minion. (CVE-2021-21996)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way\n user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()\n together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),\n hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their\n privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size\n increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS\n filesystem otherwise not accessible to them. (CVE-2021-4155)\n\n - In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in\n xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).\n (CVE-2021-45960)\n\n - In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for\n m_groupSize. (CVE-2021-46143)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop\n forever for non-prime moduli. Internally this function is used when parsing certificates that contain\n elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point\n encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has\n invalid explicit curve parameters. Since certificate parsing happens prior to verification of the\n certificate signature, any process that parses an externally supplied certificate may thus be subject to a\n denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they\n can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients\n consuming server certificates - TLS servers consuming client certificates - Hosting providers taking\n certificates or private keys from customers - Certificate authorities parsing certification requests from\n subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that\n use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS\n issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate\n which makes it slightly harder to trigger the infinite loop. However any operation which requires the\n public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-\n signed certificate to trigger the loop during verification of the certificate signature. This issue\n affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the\n 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected\n 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22822)\n\n - build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22823)\n\n - defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n (CVE-2022-22824)\n\n - lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22825)\n\n - nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n (CVE-2022-22826)\n\n - storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22827)\n\n - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with\n a