{"id": "7B81FC47-239F-11D9-814E-0001020EED82", "bulletinFamily": "unix", "title": "apache2 -- SSL remote DoS", "description": "\nThe Apache HTTP Server 2.0.51 release notes report that the\n\t following issues have been fixed:\n\nA segfault in mod_ssl which can be triggered by a\n\t malicious remote server, if proxying to SSL servers has\n\t been configured. [CAN-2004-0751]\nA potential infinite loop in mod_ssl which could be\n\t triggered given particular timing of a connection\n\t abort. [CAN-2004-0748]\n\n", "published": "2004-07-07T00:00:00", "modified": "2004-07-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/7b81fc47-239f-11d9-814e-0001020eed82.html", "reporter": "FreeBSD", "references": ["http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322", "http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964", "http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134"], "cvelist": ["CVE-2004-0748", "CVE-2004-0751"], "type": "freebsd", "lastseen": "2019-05-29T18:35:10", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "apache", "packageVersion": "2.0.51"}], "bulletinFamily": "unix", "cvelist": ["CVE-2004-0748", "CVE-2004-0751"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "\nThe Apache HTTP Server 2.0.51 release notes report that the\n\t following issues have been fixed:\n\nA segfault in mod_ssl which can be triggered by a\n\t malicious remote server, if proxying to SSL servers has\n\t been configured. [CAN-2004-0751]\nA potential infinite loop in mod_ssl which could be\n\t triggered given particular timing of a connection\n\t abort. [CAN-2004-0748]\n\n", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "99eb7961d5ff03aa224a957ddc265a943e6b3c0a3e890ebfa83e8431bb12b233", "hashmap": [{"hash": "1b2835b98f0731b1068c34485795e450", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "24b675b65121c70e43341bf2119099f1", "key": "published"}, {"hash": "427f26b621f5254c15494bd24876d6e9", "key": "cvelist"}, {"hash": "5da14f8235a600172e8fe03220fb154e", "key": "href"}, {"hash": "803519bb0c597577300e5c85fa5a220f", "key": "description"}, {"hash": "24b675b65121c70e43341bf2119099f1", "key": "modified"}, {"hash": "39ec263cdcbbc870d6d943f9c8355a79", "key": "title"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "90864bfe12a71d82a767a51a3ee24883", "key": "affectedPackage"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/7b81fc47-239f-11d9-814e-0001020eed82.html", "id": "7B81FC47-239F-11D9-814E-0001020EED82", "lastseen": "2016-09-26T17:25:19", "modified": "2004-07-07T00:00:00", "objectVersion": "1.2", "published": "2004-07-07T00:00:00", "references": ["http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322", "http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964", "http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134"], "reporter": "FreeBSD", "title": "apache2 -- SSL remote DoS", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:25:19"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "apache", "packageVersion": "2.0.51"}], "bulletinFamily": "unix", "cvelist": ["CVE-2004-0748", "CVE-2004-0751"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "\nThe Apache HTTP Server 2.0.51 release notes report that the\n\t following issues have been fixed:\n\nA segfault in mod_ssl which can be triggered by a\n\t malicious remote server, if proxying to SSL servers has\n\t been configured. [CAN-2004-0751]\nA potential infinite loop in mod_ssl which could be\n\t triggered given particular timing of a connection\n\t abort. [CAN-2004-0748]\n\n", "edition": 3, "enchantments": {"dependencies": {"modified": "2018-08-31T01:16:07", "references": [{"idList": ["OPENVAS:136141256231065230", "OPENVAS:65230", "OPENVAS:52331", "OPENVAS:835139", "OPENVAS:54677", "OPENVAS:1361412562310835139"], "type": "openvas"}, {"idList": ["CVE-2004-0748", "CVE-2004-0751"], "type": "cve"}, {"idList": ["OSVDB:9523", "OSVDB:9742"], "type": "osvdb"}, {"idList": ["GLSA-200409-21"], "type": "gentoo"}, {"idList": ["RHSA-2004:463", "RHSA-2004:349"], "type": "redhat"}, {"idList": ["HTTPD:46E4810FE9B02B1970314436CCC68D9E", "HTTPD:ADA53FF2000B93BFBCB76EBB3D13E717", "HTTPD:487D0EA099E1DDD952E017875A57C907", "HTTPD:13C285F77BE7E2D2180BC3CD56ACD3DE"], "type": "httpd"}, {"idList": ["EDB-ID:24590"], "type": "exploitdb"}, {"idList": ["SECURITYVULNS:DOC:6814", "SECURITYVULNS:DOC:6813"], "type": "securityvulns"}, {"idList": ["APACHE_2_0_51.NASL", "MACOSX_SECUPD20041202.NASL", "SUSE_SA_2004_030.NASL", "REDHAT-RHSA-2004-463.NASL", "FREEBSD_PKG_7B81FC47239F11D9814E0001020EED82.NASL", "FREEBSD_APACHE_2051.NASL", "MANDRAKE_MDKSA-2004-096.NASL", "APACHE_INPUT_HEADER_FOLDING_DOS.NASL", "GENTOO_GLSA-200409-21.NASL", "REDHAT-RHSA-2004-349.NASL"], "type": "nessus"}, {"idList": ["SUSE-SA:2004:030"], "type": "suse"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "99eb7961d5ff03aa224a957ddc265a943e6b3c0a3e890ebfa83e8431bb12b233", "hashmap": [{"hash": "1b2835b98f0731b1068c34485795e450", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "24b675b65121c70e43341bf2119099f1", "key": "published"}, {"hash": "427f26b621f5254c15494bd24876d6e9", "key": "cvelist"}, {"hash": "5da14f8235a600172e8fe03220fb154e", "key": "href"}, {"hash": "803519bb0c597577300e5c85fa5a220f", "key": "description"}, {"hash": "24b675b65121c70e43341bf2119099f1", "key": "modified"}, {"hash": "39ec263cdcbbc870d6d943f9c8355a79", "key": "title"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "90864bfe12a71d82a767a51a3ee24883", "key": "affectedPackage"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/7b81fc47-239f-11d9-814e-0001020eed82.html", "id": "7B81FC47-239F-11D9-814E-0001020EED82", "lastseen": "2018-08-31T01:16:07", "modified": "2004-07-07T00:00:00", "objectVersion": "1.3", "published": "2004-07-07T00:00:00", "references": ["http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322", "http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964", "http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134"], "reporter": "FreeBSD", "title": "apache2 -- SSL remote DoS", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-31T01:16:07"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "apache", "packageVersion": "2.0.51"}], "bulletinFamily": "unix", "cvelist": ["CVE-2004-0748", "CVE-2004-0751"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nThe Apache HTTP Server 2.0.51 release notes report that the\n\t following issues have been fixed:\n\nA segfault in mod_ssl which can be triggered by a\n\t malicious remote server, if proxying to SSL servers has\n\t been configured. [CAN-2004-0751]\nA potential infinite loop in mod_ssl which could be\n\t triggered given particular timing of a connection\n\t abort. [CAN-2004-0748]\n\n", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "11c33a9fac0408d3917ca9259a5247d12daf419af6bb45441237a97188f4201a", "hashmap": [{"hash": "1b2835b98f0731b1068c34485795e450", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "24b675b65121c70e43341bf2119099f1", "key": "published"}, {"hash": "427f26b621f5254c15494bd24876d6e9", "key": "cvelist"}, {"hash": "5da14f8235a600172e8fe03220fb154e", "key": "href"}, {"hash": "803519bb0c597577300e5c85fa5a220f", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "24b675b65121c70e43341bf2119099f1", "key": "modified"}, {"hash": "39ec263cdcbbc870d6d943f9c8355a79", "key": "title"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "90864bfe12a71d82a767a51a3ee24883", "key": "affectedPackage"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/7b81fc47-239f-11d9-814e-0001020eed82.html", "id": "7B81FC47-239F-11D9-814E-0001020EED82", "lastseen": "2018-08-30T19:16:31", "modified": "2004-07-07T00:00:00", "objectVersion": "1.3", "published": "2004-07-07T00:00:00", "references": ["http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322", "http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964", "http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134"], "reporter": "FreeBSD", "title": "apache2 -- SSL remote DoS", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:16:31"}], "edition": 4, "hashmap": [{"key": "affectedPackage", "hash": "90864bfe12a71d82a767a51a3ee24883"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "427f26b621f5254c15494bd24876d6e9"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "description", "hash": "803519bb0c597577300e5c85fa5a220f"}, {"key": "href", "hash": "5da14f8235a600172e8fe03220fb154e"}, {"key": "modified", "hash": "24b675b65121c70e43341bf2119099f1"}, {"key": "published", "hash": "24b675b65121c70e43341bf2119099f1"}, {"key": "references", "hash": "1b2835b98f0731b1068c34485795e450"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "39ec263cdcbbc870d6d943f9c8355a79"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "cf9a095109b36c63f78baa9ad61c00119809a2717d16aae41fb88196c23a6f4c", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0751", "CVE-2004-0748"]}, {"type": "openvas", "idList": ["OPENVAS:65230", "OPENVAS:136141256231065230", "OPENVAS:52331", "OPENVAS:54677", "OPENVAS:835139", "OPENVAS:1361412562310835139"]}, {"type": "nessus", "idList": ["SUSE_SA_2004_030.NASL", "FREEBSD_PKG_7B81FC47239F11D9814E0001020EED82.NASL", "REDHAT-RHSA-2004-349.NASL", "FREEBSD_APACHE_2051.NASL", "GENTOO_GLSA-200409-21.NASL", "APACHE_2_0_51.NASL", "FEDORA_2004-313.NASL", "MANDRAKE_MDKSA-2004-096.NASL", "APACHE_INPUT_HEADER_FOLDING_DOS.NASL", "REDHAT-RHSA-2004-463.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6814", "SECURITYVULNS:DOC:6813"]}, {"type": "gentoo", "idList": ["GLSA-200409-21"]}, {"type": "httpd", "idList": ["HTTPD:46E4810FE9B02B1970314436CCC68D9E", "HTTPD:13C285F77BE7E2D2180BC3CD56ACD3DE", "HTTPD:487D0EA099E1DDD952E017875A57C907", "HTTPD:ADA53FF2000B93BFBCB76EBB3D13E717"]}, {"type": "osvdb", "idList": ["OSVDB:9742", "OSVDB:9523"]}, {"type": "exploitdb", "idList": ["EDB-ID:24590"]}, {"type": "redhat", "idList": ["RHSA-2004:349", "RHSA-2004:463"]}, {"type": "suse", "idList": ["SUSE-SA:2004:030"]}], "modified": "2019-05-29T18:35:10"}, "score": {"value": 6.6, "vector": "NONE", "modified": "2019-05-29T18:35:10"}, "vulnersScore": 6.6}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "apache", "packageVersion": "2.0.51"}], "scheme": null}

{"cve": [{"lastseen": "2019-08-27T06:23:58", "bulletinFamily": "NVD", "description": "The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).", "modified": "2017-10-11T01:29:00", "id": "CVE-2004-0751", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0751", "published": "2004-10-20T04:00:00", "title": "CVE-2004-0751", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-27T06:23:58", "bulletinFamily": "NVD", "description": "mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.", "modified": "2018-05-03T01:29:00", "id": "CVE-2004-0748", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0748", "published": "2004-10-20T04:00:00", "title": "CVE-2004-0748", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-26T08:55:18", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-devel\n apache2-prefork\n apache2-worker\n apache2-doc\n apache2\n apache2-example-pages\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013408 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65230", "id": "OPENVAS:65230", "title": "SLES9: Security update for Apache 2", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5013408.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-devel\n apache2-prefork\n apache2-worker\n apache2-doc\n apache2\n apache2-example-pages\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013408 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65230);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0748\", \"CVE-2004-0751\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.49~27.11\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-15T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52331", "id": "OPENVAS:52331", "title": "FreeBSD Ports: apache", "type": "openvas", "sourceData": "#\n#VID 7b81fc47-239f-11d9-814e-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apache\n\nCVE-2004-0748\nmod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause\na denial of service (CPU consumption) by aborting an SSL connection in\na way that causes an Apache child process to enter an infinite loop.\n\nCVE-2004-0751\nThe char_buffer_read function in the mod_ssl module for Apache 2.x,\nwhen using reverse proxying to an SSL server, allows remote attackers\nto cause a denial of service (segmentation fault).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964\nhttp://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134\nhttp://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322\nhttp://www.vuxml.org/freebsd/7b81fc47-239f-11d9-814e-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52331);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0748\", \"CVE-2004-0751\");\n script_bugtraq_id(11094,11154);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0\")>0 && revcomp(a:bver, b:\"2.0.51\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:34", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-devel\n apache2-prefork\n apache2-worker\n apache2-doc\n apache2\n apache2-example-pages\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013408 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065230", "id": "OPENVAS:136141256231065230", "title": "SLES9: Security update for Apache 2", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5013408.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-devel\n apache2-prefork\n apache2-worker\n apache2-doc\n apache2\n apache2-example-pages\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013408 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65230\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0748\", \"CVE-2004-0751\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.49~27.11\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:44", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200409-21.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54677", "id": "OPENVAS:54677", "title": "Gentoo Security Advisory GLSA 200409-21 (apache)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in Apache 2 and mod_dav for Apache\n1.3 which could allow a remote attacker to cause a Denial of Service or a\nlocal user to get escalated privileges.\";\ntag_solution = \"All Apache 2 users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=net-www/apache-2.0.51'\n # emerge '>=net-www/apache-2.0.51'\n\nAll mod_dav users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=net-www/mod_dav-1.0.3-r2'\n # emerge '>=net-www/mod_dav-1.0.3-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-21\nhttp://bugs.gentoo.org/show_bug.cgi?id=62626\nhttp://bugs.gentoo.org/show_bug.cgi?id=63948\nhttp://bugs.gentoo.org/show_bug.cgi?id=64145\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200409-21.\";\n\n \n\nif(description)\n{\n script_id(54677);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200409-21 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/apache\", unaffected: make_list(\"ge 2.0.51\", \"lt 2.0\"), vulnerable: make_list(\"lt 2.0.51\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/mod_dav\", unaffected: make_list(\"ge 1.0.3-r2\"), vulnerable: make_list(\"le 1.0.3-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:41", "bulletinFamily": "scanner", "description": "Check for the Version of Apache with PHP", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835139", "id": "OPENVAS:1361412562310835139", "title": "HP-UX Update for Apache with PHP HPSBUX01090", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache with PHP HPSBUX01090\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote denial of service\n local increase in privilege\";\ntag_affected = \"Apache with PHP on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the currently supported \n versions of hpuxwsAPACHE HP-UX\";\ntag_insight = \"Several potential security vulnerabilities have been identified inApache Web \n Server and PHP running on HP-UX where a remoteuser may be able to cause a \n Denial of Service (DoS), obtainlocal elevation of privileges or gain \n unauthorized access torestricted resources.<br\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00901851-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835139\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01090\");\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\", \"CVE-2004-0811\");\n script_name( \"HP-UX Update for Apache with PHP HPSBUX01090\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache with PHP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.52.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.52.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.52.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.52.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:28", "bulletinFamily": "scanner", "description": "Check for the Version of Apache with PHP", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835139", "id": "OPENVAS:835139", "title": "HP-UX Update for Apache with PHP HPSBUX01090", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache with PHP HPSBUX01090\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote denial of service\n local increase in privilege\";\ntag_affected = \"Apache with PHP on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the currently supported \n versions of hpuxwsAPACHE HP-UX\";\ntag_insight = \"Several potential security vulnerabilities have been identified inApache Web \n Server and PHP running on HP-UX where a remoteuser may be able to cause a \n Denial of Service (DoS), obtainlocal elevation of privileges or gain \n unauthorized access torestricted resources.<br\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00901851-2\");\n script_id(835139);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01090\");\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\", \"CVE-2004-0811\");\n script_name( \"HP-UX Update for Apache with PHP HPSBUX01090\");\n\n script_summary(\"Check for the Version of Apache with PHP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.52.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.52.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.52.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.52.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-03T12:18:09", "bulletinFamily": "scanner", "description": "The remote host is missing the patch for the advisory SUSE-SA:2004:030 (apache2).\n\n\nThe mod_ssl apache module, as part of our apache2 package, enables\nthe apache webserver to handle the HTTPS protocol.\nWithin the mod_ssl module, two Denial of Service conditions in the\ninput filter have been found. The CVE project assigned the identifiers\nCVE-2004-0748 and CVE-2004-0751 to these issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SA_2004_030.NASL", "href": "https://www.tenable.com/plugins/nessus/14667", "published": "2004-09-06T00:00:00", "title": "SUSE-SA:2004:030: apache2", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:030\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(14667);\n script_version (\"1.14\");\n script_cve_id(\"CVE-2004-0748\", \"CVE-2004-0751\");\n script_bugtraq_id(11154);\n \n name[\"english\"] = \"SUSE-SA:2004:030: apache2\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2004:030 (apache2).\n\n\nThe mod_ssl apache module, as part of our apache2 package, enables\nthe apache webserver to handle the HTTPS protocol.\nWithin the mod_ssl module, two Denial of Service conditions in the\ninput filter have been found. The CVE project assigned the identifiers\nCVE-2004-0748 and CVE-2004-0751 to these issues.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2004_30_apache2.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/06\");\n script_cvs_date(\"Date: 2019/10/25 13:36:28\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the apache2 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"apache2-2.0.48-135\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.48-135\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.48-135\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.48-135\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.48-135\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.48-135\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libapr0-2.0.48-135\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.48-135\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.48-135\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.48-135\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libapr0-2.0.48-135\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.49-27.11\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.49-27.11\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.49-27.11\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libapr0-2.0.49-27.11\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"apache2-\", release:\"SUSE8.1\")\n || rpm_exists(rpm:\"apache2-\", release:\"SUSE8.2\")\n || rpm_exists(rpm:\"apache2-\", release:\"SUSE9.0\")\n || rpm_exists(rpm:\"apache2-\", release:\"SUSE9.1\") )\n{\n set_kb_item(name:\"CVE-2004-0748\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0751\", value:TRUE);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:38:45", "bulletinFamily": "scanner", "description": "The Apache HTTP Server 2.0.51 release notes report that the following\nissues have been fixed :\n\nA segfault in mod_ssl which can be triggered by a malicious remote\nserver, if proxying to SSL servers has been configured.\n[CAN-2004-0751]\n\nA potential infinite loop in mod_ssl which could be triggered given\nparticular timing of a connection abort. [CAN-2004-0748]", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_7B81FC47239F11D9814E0001020EED82.NASL", "href": "https://www.tenable.com/plugins/nessus/37076", "published": "2009-04-23T00:00:00", "title": "FreeBSD : apache2 -- SSL remote DoS (7b81fc47-239f-11d9-814e-0001020eed82)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37076);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/08/02 13:32:36\");\n\n script_cve_id(\"CVE-2004-0748\", \"CVE-2004-0751\");\n script_bugtraq_id(11094, 11154);\n\n script_name(english:\"FreeBSD : apache2 -- SSL remote DoS (7b81fc47-239f-11d9-814e-0001020eed82)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache HTTP Server 2.0.51 release notes report that the following\nissues have been fixed :\n\nA segfault in mod_ssl which can be triggered by a malicious remote\nserver, if proxying to SSL servers has been configured.\n[CAN-2004-0751]\n\nA potential infinite loop in mod_ssl which could be triggered given\nparticular timing of a connection abort. [CAN-2004-0748]\"\n );\n # http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=109527608022322\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=apache-httpd-announce&m=109527608022322\"\n );\n # https://vuxml.freebsd.org/freebsd/7b81fc47-239f-11d9-814e-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0896b138\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache>2.0<2.0.51\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-09-26T17:24:20", "bulletinFamily": "scanner", "description": "The following package needs to be updated: apache", "modified": "2011-10-03T00:00:00", "published": "2004-10-27T00:00:00", "id": "FREEBSD_APACHE_2051.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15575", "type": "nessus", "title": "FreeBSD : apache2 -- SSL remote DoS (16)", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_7b81fc47239f11d9814e0001020eed82.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(15575);\n script_version(\"$Revision: 1.11 $\");\n script_bugtraq_id(11154);\n script_bugtraq_id(11094);\n script_cve_id(\"CVE-2004-0751\");\n script_cve_id(\"CVE-2004-0748\");\n\n script_name(english:\"FreeBSD : apache2 -- SSL remote DoS (16)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: apache');\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://bugs.libgd.org/?do=details&amp;task_id=89\nhttp://bugs.libgd.org/?do=details&amp;task_id=94\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457\nhttp://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964\nhttp://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134\nhttp://secunia.com/advisories/11608\nhttp://www.ethereal.com/appnotes/enpa-sa-00014.html\nhttp://www.frsirt.com/english/advisories/2007/2336\nhttp://www.libgd.org/ReleaseNote020035\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html\nhttp://www.mozilla.org/security/announce/mfsa2005-46.html\nhttp://www.mozilla.org/security/announce/mfsa2005-47.html\nhttp://www.squirrelmail.org/security/issue/2005-01-14');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/7b81fc47-239f-11d9-814e-0001020eed82.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/10/27\");\n script_cvs_date(\"$Date: 2011/10/03 00:48:25 $\");\n script_end_attributes();\n script_summary(english:\"Check for apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #37076 (freebsd_pkg_7b81fc47239f11d9814e0001020eed82.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=5;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"apache>2.0<2.0.51\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-11-01T03:20:09", "bulletinFamily": "scanner", "description": "Updated httpd packages that include a security fix for mod_ssl and\nvarious enhancements are now available.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn input filter bug in mod_ssl was discovered in Apache httpd version\n2.0.50 and earlier. A remote attacker could force an SSL connection to\nbe aborted in a particular state and cause an Apache child process to\nenter an infinite loop, consuming CPU resources. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0748 to this issue.\n\nAdditionally, this update includes the following enhancements and bug\nfixes :\n\n - included an improved version of the mod_cgi module that\n correctly handles concurrent output on stderr and stdout\n\n - included support for direct lookup of SSL variables\n using %{SSL:...} from mod_rewrite, or using %{...}s from\n mod_headers\n\n - restored support for use of SHA1-encoded passwords\n\n - added the mod_ext_filter module\n\nUsers of the Apache HTTP server should upgrade to these updated\npackages, which contain backported patches that address these issues.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2004-349.NASL", "href": "https://www.tenable.com/plugins/nessus/14624", "published": "2004-09-01T00:00:00", "title": "RHEL 3 : httpd (RHSA-2004:349)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:349. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14624);\n script_version (\"1.29\");\n script_cvs_date(\"Date: 2019/10/25 13:36:10\");\n\n script_cve_id(\"CVE-2004-0748\", \"CVE-2004-0751\");\n script_xref(name:\"RHSA\", value:\"2004:349\");\n\n script_name(english:\"RHEL 3 : httpd (RHSA-2004:349)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that include a security fix for mod_ssl and\nvarious enhancements are now available.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn input filter bug in mod_ssl was discovered in Apache httpd version\n2.0.50 and earlier. A remote attacker could force an SSL connection to\nbe aborted in a particular state and cause an Apache child process to\nenter an infinite loop, consuming CPU resources. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0748 to this issue.\n\nAdditionally, this update includes the following enhancements and bug\nfixes :\n\n - included an improved version of the mod_cgi module that\n correctly handles concurrent output on stderr and stdout\n\n - included support for direct lookup of SSL variables\n using %{SSL:...} from mod_rewrite, or using %{...}s from\n mod_headers\n\n - restored support for use of SHA1-encoded passwords\n\n - added the mod_ext_filter module\n\nUsers of the Apache HTTP server should upgrade to these updated\npackages, which contain backported patches that address these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:349\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd, httpd-devel and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:349\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-38.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-38.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-38.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:40:12", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200409-21\n(Apache 2, mod_dav: Multiple vulnerabilities)\n\n A potential infinite loop has been found in the input filter of mod_ssl\n (CAN-2004-0748) as well as a possible segmentation fault in the\n char_buffer_read function if reverse proxying to a SSL server is being used\n (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or\n mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can\n be triggered remotely (CAN-2004-0809). The third issue is an input\n validation error found in the IPv6 URI parsing routines within the apr-util\n library (CAN-2004-0786). Additionally a possible buffer overflow has been\n reported when expanding environment variables during the parsing of\n configuration files (CAN-2004-0747).\n \nImpact :\n\n A remote attacker could cause a Denial of Service either by aborting a SSL\n connection in a special way, resulting in CPU consumption, by exploiting\n the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker\n could also crash a httpd child process by sending a specially crafted URI.\n The last vulnerability could be used by a local user to gain the privileges\n of a httpd child, if the server parses a carefully prepared .htaccess file.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-200409-21.NASL", "href": "https://www.tenable.com/plugins/nessus/14766", "published": "2004-09-17T00:00:00", "title": "GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200409-21.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14766);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:41\");\n\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_xref(name:\"GLSA\", value:\"200409-21\");\n\n script_name(english:\"GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200409-21\n(Apache 2, mod_dav: Multiple vulnerabilities)\n\n A potential infinite loop has been found in the input filter of mod_ssl\n (CAN-2004-0748) as well as a possible segmentation fault in the\n char_buffer_read function if reverse proxying to a SSL server is being used\n (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or\n mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can\n be triggered remotely (CAN-2004-0809). The third issue is an input\n validation error found in the IPv6 URI parsing routines within the apr-util\n library (CAN-2004-0786). Additionally a possible buffer overflow has been\n reported when expanding environment variables during the parsing of\n configuration files (CAN-2004-0747).\n \nImpact :\n\n A remote attacker could cause a Denial of Service either by aborting a SSL\n connection in a special way, resulting in CPU consumption, by exploiting\n the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker\n could also crash a httpd child process by sending a specially crafted URI.\n The last vulnerability could be used by a local user to gain the privileges\n of a httpd child, if the server parses a carefully prepared .htaccess file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200409-21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache 2 users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=www-servers/apache-2.0.51'\n # emerge '>=www-servers/apache-2.0.51'\n All mod_dav users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=net-www/mod_dav-1.0.3-r2'\n # emerge '>=net-www/mod_dav-1.0.3-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-www/mod_dav\", unaffected:make_list(\"ge 1.0.3-r2\"), vulnerable:make_list(\"le 1.0.3-r1\"))) flag++;\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.0.51\", \"lt 2.0\"), vulnerable:make_list(\"lt 2.0.51\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache 2 / mod_dav\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:14:36", "bulletinFamily": "scanner", "description": "According to its Server response header, the remote host is running a\nversion of Apache 2.0.x prior to 2.0.51. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An input validation issue in apr-util can be triggered\n by malformed IPv6 literal addresses and result in a \n buffer overflow (CVE-2004-0786).\n\n - There is a buffer overflow that can be triggered when\n expanding environment variables during configuration\n file parsing (CVE-2004-0747).\n\n - A segfault in mod_dav_ds when handling an indirect lock\n refresh can lead to a process crash (CVE-2004-0809).\n\n - A segfault in the SSL input filter can be triggered\n if using ", "modified": "2019-11-02T00:00:00", "id": "APACHE_2_0_51.NASL", "href": "https://www.tenable.com/plugins/nessus/14748", "published": "2004-09-16T00:00:00", "title": "Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(14748);\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n script_version(\"1.30\");\n\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_bugtraq_id(11185, 11187);\n\n script_name(english:\"Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its Server response header, the remote host is running a\nversion of Apache 2.0.x prior to 2.0.51. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An input validation issue in apr-util can be triggered\n by malformed IPv6 literal addresses and result in a \n buffer overflow (CVE-2004-0786).\n\n - There is a buffer overflow that can be triggered when\n expanding environment variables during configuration\n file parsing (CVE-2004-0747).\n\n - A segfault in mod_dav_ds when handling an indirect lock\n refresh can lead to a process crash (CVE-2004-0809).\n\n - A segfault in the SSL input filter can be triggered\n if using 'speculative' mode by, for instance, a proxy\n request to an SSL server (CVE-2004-0751).\n\n - There is the potential for an infinite loop in mod_ssl\n (CVE-2004-0748).\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=31183\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.0\" );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache 2.0.51 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/16\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/07/08\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks version of Apache\";\n \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Web Servers\");\n script_dependencie(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor\n# was used\nif (version =~ '^2(\\\\.0)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^2\\\\.0' && ver_compare(ver:version, fix:'2.0.51') == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.51\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:26:28", "bulletinFamily": "scanner", "description": " - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.7\n\n - ap_rgetline_core fix from Rici Lake\n\n - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.6\n\n - fix 2.0.51 regression in Satisfy merging (CVE-2004-0811)\n\n - Thu Sep 16 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.5\n\n - mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade\n from 2.0.50\n\n - revert mod_ldap/mod_auth_ldap changes likewise\n\n - Wed Sep 15 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.1\n\n - update to 2.0.51, including security fixes for :\n\n - core: CVE-2004-0747\n\n - mod_dav_fs: CVE-2004-0809\n\n - mod_ssl: CVE-2004-0751, CVE-2004-0748\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2004-313.NASL", "href": "https://www.tenable.com/plugins/nessus/14807", "published": "2004-09-24T00:00:00", "title": "Fedora Core 2 : httpd-2.0.51-2.7 (2004-313)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-313.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14807);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:23\");\n\n script_cve_id(\"CVE-2004-0811\");\n script_xref(name:\"FEDORA\", value:\"2004-313\");\n\n script_name(english:\"Fedora Core 2 : httpd-2.0.51-2.7 (2004-313)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.7\n\n - ap_rgetline_core fix from Rici Lake\n\n - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.6\n\n - fix 2.0.51 regression in Satisfy merging (CVE-2004-0811)\n\n - Thu Sep 16 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.5\n\n - mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade\n from 2.0.50\n\n - revert mod_ldap/mod_auth_ldap changes likewise\n\n - Wed Sep 15 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.1\n\n - update to 2.0.51, including security fixes for :\n\n - core: CVE-2004-0747\n\n - mod_dav_fs: CVE-2004-0809\n\n - mod_ssl: CVE-2004-0751, CVE-2004-0748\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-September/000303.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eabde590\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"httpd-2.0.51-2.7\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"httpd-debuginfo-2.0.51-2.7\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"httpd-devel-2.0.51-2.7\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"httpd-manual-2.0.51-2.7\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"mod_ssl-2.0.51-2.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:54:56", "bulletinFamily": "scanner", "description": "Two Denial of Service conditions were discovered in the input filter\nof mod_ssl, the module that enables apache to handle HTTPS requests.\n\nAnother vulnerability was discovered by the ASF security team using\nthe Codenomicon HTTP Test Tool. This vulnerability, in the apr-util\nlibrary, can possibly lead to arbitrary code execution if certain\nnon-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK\ndefine).\n\nAs well, the SITIC have discovered a buffer overflow when Apache\nexpands environment variables in configuration files such as .htaccess\nand httpd.conf, which can lead to possible privilege escalation. This\ncan only be done, however, if an attacker is able to place malicious\nconfiguration files on the server.\n\nFinally, a crash condition was discovered in the mod_dav module by\nJulian Reschke, where sending a LOCK refresh request to an indirectly\nlocked resource could crash the server.\n\nThe updated packages have been patched to protect against these\nvulnerabilities.", "modified": "2019-11-02T00:00:00", "id": "MANDRAKE_MDKSA-2004-096.NASL", "href": "https://www.tenable.com/plugins/nessus/14752", "published": "2004-09-16T00:00:00", "title": "Mandrake Linux Security Advisory : apache2 (MDKSA-2004:096)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:096. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14752);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2019/08/02 13:32:47\");\n\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0783\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_xref(name:\"MDKSA\", value:\"2004:096\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache2 (MDKSA-2004:096)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two Denial of Service conditions were discovered in the input filter\nof mod_ssl, the module that enables apache to handle HTTPS requests.\n\nAnother vulnerability was discovered by the ASF security team using\nthe Codenomicon HTTP Test Tool. This vulnerability, in the apr-util\nlibrary, can possibly lead to arbitrary code execution if certain\nnon-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK\ndefine).\n\nAs well, the SITIC have discovered a buffer overflow when Apache\nexpands environment variables in configuration files such as .htaccess\nand httpd.conf, which can lead to possible privilege escalation. This\ncan only be done, however, if an attacker is able to place malicious\nconfiguration files on the server.\n\nFinally, a crash condition was discovered in the mod_dav module by\nJulian Reschke, where sending a LOCK refresh request to an indirectly\nlocked resource could crash the server.\n\nThe updated packages have been patched to protect against these\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.uniras.gov.uk/vuls/2004/403518/index.htm\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64apr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-common-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-devel-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-manual-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_cache-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_dav-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_deflate-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_disk_cache-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_file_cache-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ldap-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_mem_cache-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_proxy-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ssl-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-modules-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-source-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64apr0-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libapr0-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-common-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-devel-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-manual-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_cache-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_dav-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_deflate-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_disk_cache-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_file_cache-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_ldap-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_mem_cache-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_proxy-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_ssl-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-modules-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-source-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64apr0-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libapr0-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:14:37", "bulletinFamily": "scanner", "description": "The remote host appears to be running a version of Apache 2.x that is\nprior to 2.0.50. It is, therefore, affected by a denial of service\nvulnerability that can be triggered by sending a specially crafted\nHTTP request, which results in the consumption of an arbitrary amount\nof memory. On 64-bit systems with more than 4GB virtual memory, this\nmay lead to a heap based buffer overflow.\n\nThere is also a denial of service vulnerability in mod_ssl", "modified": "2019-11-02T00:00:00", "id": "APACHE_INPUT_HEADER_FOLDING_DOS.NASL", "href": "https://www.tenable.com/plugins/nessus/12293", "published": "2004-06-29T00:00:00", "title": "Apache 2.x < 2.0.50 Multiple Remote DoS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(12293);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\"CVE-2004-0493\", \"CVE-2004-0748\");\n script_bugtraq_id(10619, 12877);\n \n script_name(english:\"Apache 2.x < 2.0.50 Multiple Remote DoS\");\n script_summary(english:\"Checks for version of Apache\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a denial of service.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running a version of Apache 2.x that is\nprior to 2.0.50. It is, therefore, affected by a denial of service\nvulnerability that can be triggered by sending a specially crafted\nHTTP request, which results in the consumption of an arbitrary amount\nof memory. On 64-bit systems with more than 4GB virtual memory, this\nmay lead to a heap based buffer overflow.\n\nThere is also a denial of service vulnerability in mod_ssl's\n'ssl_io_filter_cleanup' function. By sending a request to a vulnerable\nserver over SSL and closing the connection before the server can send\na response, an attacker can cause a memory violation that crashes the\nserver.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.guninski.com/httpd1.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache 2.0.50 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/06/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/28\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Web Servers\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\nbanner = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n \nif(pgrep(pattern:\"^Server:.*Apache(-AdvancedExtranetServer)?/2\\.0\\.(([0-9][^0-9])([0-3][0-9][^0-9])|(4[0-9][^0-9])).*\", string:banner))\n{\n security_warning(port);\n exit(0);\n}\n\naudit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-01T03:20:09", "bulletinFamily": "scanner", "description": "Updated httpd packages that include fixes for security issues are now\navailable.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nFour issues have been discovered affecting releases of the Apache HTTP\n2.0 Server, up to and including version 2.0.50 :\n\nTesting using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util\nlibrary. If a remote attacker sent a request including a carefully\ncrafted URI, an httpd child process could be made to crash. This issue\nis not believed to allow arbitrary code execution on Red Hat\nEnterprise Linux. This issue also does not represent a significant\ndenial of service attack as requests will continue to be handled by\nother Apache child processes. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0786 to this\nissue.\n\nThe Swedish IT Incident Centre (SITIC) reported a buffer overflow in\nthe expansion of environment variables during configuration file\nparsing. This issue could allow a local user to gain ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2004-463.NASL", "href": "https://www.tenable.com/plugins/nessus/14736", "published": "2004-09-15T00:00:00", "title": "RHEL 3 : httpd (RHSA-2004:463)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:463. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14736);\n script_version (\"1.28\");\n script_cvs_date(\"Date: 2019/10/25 13:36:10\");\n\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_xref(name:\"RHSA\", value:\"2004:463\");\n\n script_name(english:\"RHEL 3 : httpd (RHSA-2004:463)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that include fixes for security issues are now\navailable.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nFour issues have been discovered affecting releases of the Apache HTTP\n2.0 Server, up to and including version 2.0.50 :\n\nTesting using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util\nlibrary. If a remote attacker sent a request including a carefully\ncrafted URI, an httpd child process could be made to crash. This issue\nis not believed to allow arbitrary code execution on Red Hat\nEnterprise Linux. This issue also does not represent a significant\ndenial of service attack as requests will continue to be handled by\nother Apache child processes. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0786 to this\nissue.\n\nThe Swedish IT Incident Centre (SITIC) reported a buffer overflow in\nthe expansion of environment variables during configuration file\nparsing. This issue could allow a local user to gain 'apache'\nprivileges if an httpd process can be forced to parse a carefully\ncrafted .htaccess file written by a local user. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0747 to this issue.\n\nAn issue was discovered in the mod_ssl module which could be triggered\nif the server is configured to allow proxying to a remote SSL server.\nA malicious remote SSL server could force an httpd child process to\ncrash by sending a carefully crafted response header. This issue is\nnot believed to allow execution of arbitrary code. This issue also\ndoes not represent a significant Denial of Service attack as requests\nwill continue to be handled by other Apache child processes. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0751 to this issue.\n\nAn issue was discovered in the mod_dav module which could be triggered\nfor a location where WebDAV authoring access has been configured. A\nmalicious remote client which is authorized to use the LOCK method\ncould force an httpd child process to crash by sending a particular\nsequence of LOCK requests. This issue does not allow execution of\narbitrary code. This issue also does not represent a significant\nDenial of Service attack as requests will continue to be handled by\nother Apache child processes. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0809 to this\nissue.\n\nUsers of the Apache HTTP server should upgrade to these updated\npackages, which contain backported patches that address these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:463\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd, httpd-devel and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:463\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-40.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nThe Apache Software Foundation and the The Apache HTTP Server Project\r\nare pleased to announce the release of version 2.0.51 of the Apache\r\nHTTP Server &#40;&quot;Apache&quot;&#41;. This Announcement notes the significant\r\nchanges in 2.0.51 as compared to 2.0.50.\r\n\r\nThis version of Apache is principally a bug fix release. Of\r\nparticular note is that 2.0.51 addresses five security\r\nvulnerabilities:\r\n\r\n An input validation issue in IPv6 literal address parsing which\r\n can result in a negative length parameter being passed to memcpy.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786]\r\n\r\n A buffer overflow in configuration file parsing could allow a\r\n local user to gain the privileges of a httpd child if the server\r\n can be forced to parse a carefully crafted .htaccess file.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747]\r\n\r\n A segfault in mod_ssl which can be triggered by a malicious\r\n remote server, if proxying to SSL servers has been configured.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751]\r\n\r\n A potential infinite loop in mod_ssl which could be triggered\r\n given particular timing of a connection abort.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748]\r\n\r\n A segfault in mod_dav_fs which can be remotely triggered by an\r\n indirect lock refresh request.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809]\r\n\r\nThe Apache HTTP Server Project would like to thank Codenomicon for\r\nsupplying copies of their &quot;HTTP Test Tool&quot; used to discover\r\nCAN-2004-0786, and to SITIC for reporting the discovery of\r\nCAN-2004-0747.\r\n\r\nThis release is compatible with modules compiled for 2.0.42 and\r\nlater versions. We consider this release to be the best version of\r\nApache available and encourage users of all prior versions to\r\nupgrade.\r\n\r\nApache HTTP Server 2.0.51 is available for download from\r\n\r\n http://httpd.apache.org/download.cgi?update=200409150645\r\n\r\nPlease see the CHANGES_2.0 file, linked from the above page, for\r\na full list of changes.\r\n\r\nApache 2.0 offers numerous enhancements, improvements, and performance\r\nboosts over the 1.3 codebase. For an overview of new features introduced\r\nafter 1.3 please see\r\n\r\n http://httpd.apache.org/docs-2.0/new_features_2_0.html\r\n\r\nWhen upgrading or installing this version of Apache, please keep\r\nin mind the following:\r\nIf you intend to use Apache with one of the threaded MPMs, you must\r\nensure that the modules &#40;and the libraries they depend on&#41; that you\r\nwill be using are thread-safe. Please contact the vendors of these\r\nmodules to obtain this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.3 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFBSIdJZjW2wN6IXdMRAqbGAJsFz8XbVkQvpmreh8sHE3DeACXUKwCeJkpF\r\ngxDK5D1j00qUCzksg872i1c=\r\n=ghiQ\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2004-09-16T00:00:00", "published": "2004-09-16T00:00:00", "id": "SECURITYVULNS:DOC:6814", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6814", "title": "[ANNOUNCE] Apache HTTP Server 2.0.51 Released", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandrakelinux Security Update Advisory\r\n _______________________________________________________________________\r\n\r\n Package name: apache2\r\n Advisory ID: MDKSA-2004:096\r\n Date: September 15th, 2004\r\n\r\n Affected versions: 10.0, 9.2\r\n ______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Two Denial of Service conditions were discovered in the input filter\r\n of mod_ssl, the module that enables apache to handle HTTPS requests.\r\n \r\n Another vulnerability was discovered by the ASF security team using\r\n the Codenomicon HTTP Test Tool. This vulnerability, in the apr-util\r\n library, can possibly lead to arbitray code execution if certain\r\n non-default conditions are met &#40;enabling the AP_ENABLE_EXCEPTION_HOOK\r\n define&#41;.\r\n \r\n As well, the SITIC have discovered a buffer overflow when Apache\r\n expands environment variables in configuration files such as .htaccess\r\n and httpd.conf, which can lead to possible privilege escalation. This\r\n can only be done, however, if an attacker is able to place malicious\r\n configuration files on the server.\r\n \r\n Finally, a crash condition was discovered in the mod_dav module by\r\n Julian Reschke, where sending a LOCK refresh request to an indirectly\r\n locked resource could crash the server.\r\n \r\n The updated packages have been patched to protect against these\r\n vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786\r\n http://www.uniras.gov.uk/vuls/2004/403518/index.htm\r\n ______________________________________________________________________\r\n\r\n Updated Packages:\r\n \r\n Mandrakelinux 10.0:\r\n 577abf316e5d985744e3a55c00ba1ed3 10.0/RPMS/apache2-2.0.48-6.6.100mdk.i586.rpm\r\n 0f57531ce5bfd8034f1d485d55a8dc36 \r\n10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.i586.rpm\r\n 8931749f97b852f34500348a4d1f3ae0 \r\n10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.i586.rpm\r\n abd6661337d00c261462d9dc4a7e7a27 \r\n10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.i586.rpm\r\n d4ece1caa7d12cdcad37fc179a3a507a \r\n10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.i586.rpm\r\n b33b960cc734861a8b12f157c2754d37 \r\n10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.i586.rpm\r\n c49321208ca8c4e3f867acf481b56aea \r\n10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.i586.rpm\r\n f03a0281374080c36351c6994ca83fef \r\n10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.i586.rpm\r\n e6d2e946c1a4006d7da12e0d4970efdf \r\n10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.i586.rpm\r\n 4b121a7f3ac76c4d6d47b3b2dd303afc \r\n10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.i586.rpm\r\n fabdc95624a9d4863ce6a0773ba41769 \r\n10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.i586.rpm\r\n 386f4203719e4dbed7ec22c2b2416a6f \r\n10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.i586.rpm\r\n 39fb6ee3fb9a25fe9fef386b10908300 \r\n10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.i586.rpm\r\n 8769f679dd2ff3fbc61a8d53bf7e1e95 \r\n10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.i586.rpm\r\n 22cdca5e2d82338cd0cf9fb2494f93e5 \r\n10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.i586.rpm\r\n 6110769acb534f25eb2eca0240dc59c0 10.0/RPMS/libapr0-2.0.48-6.6.100mdk.i586.rpm\r\n a95799fa3e80c91b9c213e6938894004 10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm\r\n\r\n Mandrakelinux 10.0/AMD64:\r\n 6147e89235b66d584b49aa29b1bdd48f \r\namd64/10.0/RPMS/apache2-2.0.48-6.6.100mdk.amd64.rpm\r\n 43227a23672e9e794ab9c2fdbfdc29af \r\namd64/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.amd64.rpm\r\n 0f4a26910cb8d3cef4f0c6990e2dd89a \r\namd64/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.amd64.rpm\r\n 939b4a808c3d4d4aeec7353873fe70d2 \r\namd64/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.amd64.rpm\r\n 636cb8f74e0fd9955924de1b8c9bcd33 \r\namd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.amd64.rpm\r\n 84440eadc0ca8e45caf80cc1c5a110ec \r\namd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.amd64.rpm\r\n bb8fc55c43ed023f41b2c9134b22112b \r\namd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.amd64.rpm\r\n 059c1ded4088a77ca1379b37bf488d8a \r\namd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.amd64.rpm\r\n 21e5578866e52cafb66a8810b80bb8ee \r\namd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.amd64.rpm\r\n b772fc49e45ba69cf54befd0c43b0478 \r\namd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.amd64.rpm\r\n 8ab329afc0a8114022c2989f0da114e5 \r\namd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.amd64.rpm\r\n 3dd9a74509e65083895a38a40b5737e8 \r\namd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.amd64.rpm\r\n dd8c9c7a029a409f1a9c0498e9bdb0d4 \r\namd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.amd64.rpm\r\n 9823808a0fd99a4285a742bc843f2a7f \r\namd64/10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.amd64.rpm\r\n 6a801d9aa2cd2b4b2702541a29b21adc \r\namd64/10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.amd64.rpm\r\n c5b670cc38bfe405e581a4d82bfbc49d \r\namd64/10.0/RPMS/lib64apr0-2.0.48-6.6.100mdk.amd64.rpm\r\n a95799fa3e80c91b9c213e6938894004 \r\namd64/10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm\r\n\r\n Mandrakelinux 9.2:\r\n a5022c41292c79824da685f40a84088f 9.2/RPMS/apache2-2.0.47-6.9.92mdk.i586.rpm\r\n f7bb47cfbaaed2b59cb75c1fd19334ba \r\n9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.i586.rpm\r\n 1f71d90ac568f5e8f6ab1dfaa98cf4c3 \r\n9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.i586.rpm\r\n 5494d0648be5a27178b810980cb7f3e8 \r\n9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.i586.rpm\r\n 42f46e37fe2242947dceda9e0455bdfc \r\n9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.i586.rpm\r\n 70b913fa54ddcfa696c1bd4251a79945 \r\n9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.i586.rpm\r\n 5000116dac10fd53b04153b7380528a9 \r\n9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.i586.rpm\r\n 102a388f55bc59ad824e94913893bb97 \r\n9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.i586.rpm\r\n 4e80f75066f180226812ab89256ed651 \r\n9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.i586.rpm\r\n 67c4d53ee756149485ee98fb4a0a3f98 \r\n9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.i586.rpm\r\n 5d33dc3247dee2d598534564245534e7 \r\n9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.i586.rpm\r\n 82d6c628240e4529555f5234f61ae465 \r\n9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.i586.rpm\r\n 162af1842efde8e25cee655c9a6074d8 \r\n9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.i586.rpm\r\n 57cfc8ec7a4f0748df2512a8cab871c1 \r\n9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.i586.rpm\r\n d2b611bd99ed5f0de8a211058ea5c9b3 \r\n9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.i586.rpm\r\n 732529e90ba322a1af3e8cc52ed3b35d 9.2/RPMS/libapr0-2.0.47-6.9.92mdk.i586.rpm\r\n 0a407de570da4a4fa87f0ff01209e6cb 9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm\r\n\r\n Mandrakelinux 9.2/AMD64:\r\n d38ea5529d580f08fd41e5d60e0e27f3 \r\namd64/9.2/RPMS/apache2-2.0.47-6.9.92mdk.amd64.rpm\r\n 71b971bfa2ee3c9892c474b52d25d013 \r\namd64/9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.amd64.rpm\r\n 271807bfedd2e488fe8612c1eeac884c \r\namd64/9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.amd64.rpm\r\n 956499b5a87b862eba2a6cad34acbe73 \r\namd64/9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.amd64.rpm\r\n 385ba3c32e876db596afddc5e6115904 \r\namd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.amd64.rpm\r\n 7ae05ee04cb1a28e028fd6bae59ba2e8 \r\namd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.amd64.rpm\r\n 7c2a5dce49f994d8535344e284342a84 \r\namd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.amd64.rpm\r\n 43540961c80877d932bbb71a21be2e96 \r\namd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.amd64.rpm\r\n 1a0333f97501803238053c8bf0d1a536 \r\namd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.amd64.rpm\r\n df9db8eda897070aa85b9c39552ec353 \r\namd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.amd64.rpm\r\n bda589312c97917e3febd6315d403533 \r\namd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.amd64.rpm\r\n 93c3f05ab21020651aa2f3ec8dee77eb \r\namd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.amd64.rpm\r\n 0184016e442847ca432a78ee488c14da \r\namd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.amd64.rpm\r\n 2e73a720242ea4010cc783afd8eb30d8 \r\namd64/9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.amd64.rpm\r\n e33488dc979fc75ff33e82b4749ac87e \r\namd64/9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.amd64.rpm\r\n cc7bc30bd8cc09da849d981701a96f6c \r\namd64/9.2/RPMS/lib64apr0-2.0.47-6.9.92mdk.amd64.rpm\r\n 0a407de570da4a4fa87f0ff01209e6cb \r\namd64/9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrakeUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandrakesoft for security. You can obtain\r\n the GPG public key of the Mandrakelinux Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandrakelinux at:\r\n\r\n http://www.mandrakesoft.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_linux-mandrake.com\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team\r\n &lt;security linux-mandrake.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFBSI5pmqjQ0CJFipgRAlxGAKCpPrt7/HB5YroIdx5J84y6E5opeQCg49dn\r\nNHBQlfivIH+fWpgnCv9/jVY=\r\n=ui8Y\r\n-----END PGP SIGNATURE-----", "modified": "2004-09-16T00:00:00", "published": "2004-09-16T00:00:00", "id": "SECURITYVULNS:DOC:6813", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6813", "title": "MDKSA-2004:096 - Updated apache2 packages fix multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:59", "bulletinFamily": "unix", "description": "### Background\n\nThe Apache HTTP server is one of most popular web servers on the internet. mod_ssl provides SSL v2/v3 and TLS v1 support for it and mod_dav is the Apache module for Distributed Authoring and Versioning (DAV). \n\n### Description\n\nA potential infinite loop has been found in the input filter of mod_ssl (CAN-2004-0748) as well as a possible segmentation fault in the char_buffer_read function if reverse proxying to a SSL server is being used (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can be triggered remotely (CAN-2004-0809). The third issue is an input validation error found in the IPv6 URI parsing routines within the apr-util library (CAN-2004-0786). Additionally a possible buffer overflow has been reported when expanding environment variables during the parsing of configuration files (CAN-2004-0747). \n\n### Impact\n\nA remote attacker could cause a Denial of Service either by aborting a SSL connection in a special way, resulting in CPU consumption, by exploiting the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker could also crash a httpd child process by sending a specially crafted URI. The last vulnerabilty could be used by a local user to gain the privileges of a httpd child, if the server parses a carefully prepared .htaccess file. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Apache 2 users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=www-servers/apache-2.0.51\"\n # emerge \">=www-servers/apache-2.0.51\"\n\nAll mod_dav users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=net-www/mod_dav-1.0.3-r2\"\n # emerge \">=net-www/mod_dav-1.0.3-r2\"", "modified": "2007-12-30T00:00:00", "published": "2004-09-16T00:00:00", "id": "GLSA-200409-21", "href": "https://security.gentoo.org/glsa/200409-21", "type": "gentoo", "title": "Apache 2, mod_dav: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "httpd": [{"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "description": "\n\nAn issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50\nwhich could be triggered if\nthe server is configured to allow proxying to a remote SSL server. A\nmalicious remote SSL server could force an httpd child process to crash by\nsending a carefully crafted response header. This issue is not believed to\nallow execution of arbitrary code and will only result in a denial\nof service where a threaded process model is in use.\n\n", "modified": "2004-09-15T00:00:00", "published": "2004-07-07T00:00:00", "id": "HTTPD:46E4810FE9B02B1970314436CCC68D9E", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.51: Malicious SSL proxy can cause crash", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T17:19:10", "bulletinFamily": "software", "description": "\n\nAn issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50\nwhich could be triggered if\nthe server is configured to allow proxying to a remote SSL server. A\nmalicious remote SSL server could force an httpd child process to crash by\nsending a carefully crafted response header. This issue is not believed to\nallow execution of arbitrary code and will only result in a denial\nof service where a threaded process model is in use.\n\n", "modified": "2004-07-07T00:00:00", "published": "2004-07-07T00:00:00", "id": "HTTPD:13C285F77BE7E2D2180BC3CD56ACD3DE", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: Malicious SSL proxy can cause crash", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "description": "\n\nAn issue was discovered in the mod_ssl module in Apache 2.0. \nA remote attacker who forces an SSL connection to\nbe aborted in a particular state may cause an Apache child process to\nenter an infinite loop, consuming CPU resources.\n\n", "modified": "2004-09-15T00:00:00", "published": "2004-07-07T00:00:00", "id": "HTTPD:ADA53FF2000B93BFBCB76EBB3D13E717", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.51: SSL connection infinite loop", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T17:19:10", "bulletinFamily": "software", "description": "\n\nAn issue was discovered in the mod_ssl module in Apache 2.0. \nA remote attacker who forces an SSL connection to\nbe aborted in a particular state may cause an Apache child process to\nenter an infinite loop, consuming CPU resources.\n\n", "modified": "2004-07-07T00:00:00", "published": "2004-07-07T00:00:00", "id": "HTTPD:487D0EA099E1DDD952E017875A57C907", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: SSL connection infinite loop", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "## Vulnerability Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker aborts an SSL connection in a particular state causing an infinite loop to occur. The flaw occurs in ssl_engine_io.c when using a RewriteRule to do reverse proxying to an SSL server.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: \n\n1. Disable mod_ssl in your Apache configuration file.\n\n2. If your running one of the Redhat Enterprise Operating Systems, you can apply an appropriate RPM from: RHSA link above.\n\n3. There's a workaround available from CVS. It has not been tested and should be considered unstable:\n\n--- httpd-2.0/modules/ssl/ssl_engine_io.c 2004/07/13 18:11:22 1.124\n+++ httpd-2.0/modules/ssl/ssl_engine_io.c 2004/08/11 13:19:24 1.125\n@@ -589,6 +589,10 @@\nwhile (1) {\n\nif (!inctx->filter_ctx->pssl) {\n+ /* Ensure a non-zero error code is returned */\n+ if (inctx->rc == APR_SUCCESS) {\n+ inctx->rc = APR_EGENERAL;\n+ }\nbreak;\n}\n## Short Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker aborts an SSL connection in a particular state causing an infinite loop to occur. The flaw occurs in ssl_engine_io.c when using a RewriteRule to do reverse proxying to an SSL server.\n## References:\nVendor URL: http://www.modssl.org/\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2004-463.html)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01090)\n[Vendor Specific Advisory URL](http://issues.apache.org/bugzilla/show_bug.cgi?id=30134)\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2004-349.html)\nSecurity Tracker: 1011213\n[Secunia Advisory ID:12434](https://secuniaresearch.flexerasoftware.com/advisories/12434/)\n[Secunia Advisory ID:13025](https://secuniaresearch.flexerasoftware.com/advisories/13025/)\n[Secunia Advisory ID:12474](https://secuniaresearch.flexerasoftware.com/advisories/12474/)\n[Secunia Advisory ID:12577](https://secuniaresearch.flexerasoftware.com/advisories/12577/)\n[Secunia Advisory ID:12646](https://secuniaresearch.flexerasoftware.com/advisories/12646/)\n[Related OSVDB ID: 9523](https://vulners.com/osvdb/OSVDB:9523)\nOther Advisory URL: http://www.suse.de/de/security/2004_30_apache2.html\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200409-21.xml\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0102.html\n[CVE-2004-0751](https://vulners.com/cve/CVE-2004-0751)\n", "modified": "2004-09-02T00:00:00", "published": "2004-09-02T00:00:00", "id": "OSVDB:9742", "href": "https://vulners.com/osvdb/OSVDB:9742", "title": "Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "description": "## Vulnerability Description\nmod_ssl on Apache 2 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker forces an SSL connection to abort during a particular state causing the ssl_io_input_getline function to enter into an infinite loop, resulting in a loss of availability for the Apache server.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: \n\n1. Disable mod_ssl in your Apache configuration file.\n\n2. Apply appropriate operating system vendor released upgrade.\n\n3. An unstable patch is available.\n## Short Description\nmod_ssl on Apache 2 contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker forces an SSL connection to abort during a particular state causing the ssl_io_input_getline function to enter into an infinite loop, resulting in a loss of availability for the Apache server.\n## References:\nVendor URL: http://www.modssl.org/\nVendor URL: http://httpd.apache.org\nVendor Specific Solution URL: http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.124&r2=1.125\n[Vendor Specific Advisory URL](http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01090)\nSecurity Tracker: 1011340\n[Secunia Advisory ID:12434](https://secuniaresearch.flexerasoftware.com/advisories/12434/)\n[Secunia Advisory ID:12443](https://secuniaresearch.flexerasoftware.com/advisories/12443/)\n[Secunia Advisory ID:13025](https://secuniaresearch.flexerasoftware.com/advisories/13025/)\n[Secunia Advisory ID:12474](https://secuniaresearch.flexerasoftware.com/advisories/12474/)\n[Secunia Advisory ID:12646](https://secuniaresearch.flexerasoftware.com/advisories/12646/)\n[Related OSVDB ID: 9742](https://vulners.com/osvdb/OSVDB:9742)\nRedHat RHSA: RHSA-2004:349-10\nOther Advisory URL: http://www.suse.de/de/security/2004_30_apache2.html\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868\nISS X-Force ID: 17200\n[CVE-2004-0748](https://vulners.com/cve/CVE-2004-0748)\nBugtraq ID: 11094\n", "modified": "2004-07-07T23:50:00", "published": "2004-07-07T23:50:00", "id": "OSVDB:9523", "href": "https://vulners.com/osvdb/OSVDB:9523", "title": "Apache HTTP Server mod_ssl Aborted Connection DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T23:35:49", "bulletinFamily": "exploit", "description": "Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability. CVE-2004-0751. Dos exploit for linux platform", "modified": "2004-09-10T00:00:00", "published": "2004-09-10T00:00:00", "id": "EDB-ID:24590", "href": "https://www.exploit-db.com/exploits/24590/", "type": "exploitdb", "title": "Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/11154/info\r\n\r\nApache 2.x mod_ssl is reported prone to a remote denial of service vulnerability. This issue likely exists because the application fails to handle exceptional conditions. The vulnerability originates in the 'char_buffer_read' function of the 'ssl_engine_io.c' file. \r\n\r\nIt is likely that this issue only results in a denial of service condition in child process. This BID will be updated as more information becomes available.\r\n\r\nApache 2.0.50 is reported to be affected by this issue, however, it is possible that other versions are vulnerable as well.\r\n\r\nWith the following configuration in httpd.conf:\r\nListen 47290\r\nSSLProxyEngine on\r\nRewriteEngine on\r\nRewriteRule /(.*) https://www.example.com/$1 [P]\r\n\r\nThe server may be crashed by issuing the following URI:\r\nhttp://www.example.com:47290/eRoomASP/CookieTest.asp?facility=facility&URL=%2FeRoom%2FFacility%2FRoom%2F0_4242", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/24590/"}], "redhat": [{"lastseen": "2019-08-13T18:47:04", "bulletinFamily": "unix", "description": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn input filter bug in mod_ssl was discovered in Apache httpd version\n2.0.50 and earlier. A remote attacker could force an SSL connection to be\naborted in a particular state and cause an Apache child process to enter an\ninfinite loop, consuming CPU resources. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0748 to\nthis issue.\n\nAdditionally, this update includes the following enhancements and bug fixes:\n\n- included an improved version of the mod_cgi module that correctly handles \n concurrent output on stderr and stdout\n\n- included support for direct lookup of SSL variables using %{SSL:...}\n from mod_rewrite, or using %{...}s from mod_headers\n\n- restored support for use of SHA1-encoded passwords\n\n- added the mod_ext_filter module\n\nUsers of the Apache HTTP server should upgrade to these updated packages,\nwhich contain backported patches that address these issues.", "modified": "2017-07-29T20:36:06", "published": "2004-09-01T04:00:00", "id": "RHSA-2004:349", "href": "https://access.redhat.com/errata/RHSA-2004:349", "type": "redhat", "title": "(RHSA-2004:349) httpd security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "description": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nFour issues have been discovered affecting releases of the Apache HTTP 2.0\nServer, up to and including version 2.0.50:\n\nTesting using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util library. \nIf a remote attacker sent a request including a carefully crafted URI, an\nhttpd child process could be made to crash. This issue is not believed to\nallow arbitrary code execution on Red Hat Enterprise Linux. This issue\nalso does not represent a significant denial of service attack as requests\nwill continue to be handled by other Apache child processes. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0786 to this issue.\n\nThe Swedish IT Incident Centre (SITIC) reported a buffer overflow in the\nexpansion of environment variables during configuration file parsing. This\nissue could allow a local user to gain 'apache' privileges if an httpd\nprocess can be forced to parse a carefully crafted .htaccess file written\nby a local user. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0747 to this issue.\n\nAn issue was discovered in the mod_ssl module which could be triggered if\nthe server is configured to allow proxying to a remote SSL server. A\nmalicious remote SSL server could force an httpd child process to crash by\nsending a carefully crafted response header. This issue is not believed to\nallow execution of arbitrary code. This issue also does not represent a\nsignificant Denial of Service attack as requests will continue to be\nhandled by other Apache child processes. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0751 to\nthis issue.\n\nAn issue was discovered in the mod_dav module which could be triggered for\na location where WebDAV authoring access has been configured. A malicious\nremote client which is authorized to use the LOCK method could force an\nhttpd child process to crash by sending a particular sequence of LOCK\nrequests. This issue does not allow execution of arbitrary code. This\nissue also does not represent a significant Denial of Service attack as\nrequests will continue to be handled by other Apache child processes. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0809 to this issue. \n\nUsers of the Apache HTTP server should upgrade to these updated packages,\nwhich contain backported patches that address these issues.", "modified": "2017-07-29T20:32:43", "published": "2004-09-15T04:00:00", "id": "RHSA-2004:463", "href": "https://access.redhat.com/errata/RHSA-2004:463", "type": "redhat", "title": "(RHSA-2004:463) httpd security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:45:49", "bulletinFamily": "unix", "description": "The mod_ssl apache module, as part of our apache2 package, enables the apache webserver to handle the HTTPS protocol. Within the mod_ssl module, two Denial of Service conditions in the input filter have been found. The CVE project assigned the identifiers CAN-2004-0748 and CAN-2004-0751 to these issues.\n#### Solution\nAs temporary workaround you may disable the mod_ssl module in your apache configuration and restart the apache process without SSL support.", "modified": "2004-09-06T13:51:41", "published": "2004-09-06T13:51:41", "id": "SUSE-SA:2004:030", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00009.html", "title": "remote DoS condition in apache2", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}