ID 9FFF8DC8-7AA7-11DA-BF72-00123F589060 Type freebsd Reporter FreeBSD Modified 2009-01-23T00:00:00
Description
The Apache HTTP Server Project reports:
A flaw in mod_imap when using the Referer directive with
image maps. In certain site configurations a remote
attacker could perform a cross-site scripting attack if a
victim can be forced to visit a malicious URL using
certain web browsers.
{"cve": [{"lastseen": "2021-02-02T05:24:39", "description": "Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.", "edition": 6, "cvss3": {}, "published": "2005-12-13T20:03:00", "title": "CVE-2005-3352", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3352"], "modified": "2018-10-19T15:35:00", "cpe": ["cpe:/a:apache:http_server:2.0.40", "cpe:/a:apache:http_server:2.0.39", "cpe:/a:apache:http_server:1.3.27", "cpe:/a:apache:http_server:1.3.3", "cpe:/a:apache:http_server:1.3.24", "cpe:/a:apache:http_server:2.0.34", "cpe:/a:apache:http_server:1.3.22", "cpe:/a:apache:http_server:1.3.17", "cpe:/a:apache:http_server:2.0.32", "cpe:/a:apache:http_server:2.0.38", "cpe:/a:apache:http_server:2.0.35", "cpe:/a:apache:http_server:2.0.49", "cpe:/a:apache:http_server:1.3.10", "cpe:/a:apache:http_server:2.0", "cpe:/a:apache:http_server:2.0.53", "cpe:/a:apache:http_server:2.0.50", "cpe:/a:apache:http_server:1.3.16", "cpe:/a:apache:http_server:2.0.9", "cpe:/a:apache:http_server:1.3.6", "cpe:/a:apache:http_server:1.3.30", "cpe:/a:apache:http_server:2.0.55", "cpe:/a:apache:http_server:2.0.28", "cpe:/a:apache:http_server:1.3.28", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:apache:http_server:1.3.14", "cpe:/a:apache:http_server:2.0.46", "cpe:/a:apache:mod_imap:*", "cpe:/a:apache:http_server:1.3.1", "cpe:/a:apache:http_server:1.3.20", "cpe:/a:apache:http_server:1.3.19", "cpe:/a:apache:http_server:2.0.45", "cpe:/a:apache:http_server:1.3.25", "cpe:/a:apache:http_server:2.0.41", "cpe:/a:apache:http_server:1.3.5", "cpe:/a:apache:http_server:2.0.44", "cpe:/a:apache:http_server:1.3.4", "cpe:/a:apache:http_server:1.3.0", "cpe:/a:apache:http_server:1.3.12", "cpe:/a:apache:http_server:1.3.7", "cpe:/a:apache:http_server:1.3.8", "cpe:/a:apache:http_server:1.3.26", "cpe:/a:apache:http_server:1.3.13", "cpe:/a:apache:http_server:1.3", "cpe:/a:apache:http_server:1.3.11", "cpe:/a:apache:http_server:2.0.37", "cpe:/a:apache:http_server:1.3.31", "cpe:/a:apache:http_server:2.0.54", "cpe:/a:apache:http_server:1.3.32", "cpe:/a:apache:http_server:2.0.43", "cpe:/a:apache:http_server:2.0.47", "cpe:/a:apache:http_server:2.0.36", "cpe:/a:apache:http_server:1.3.15", "cpe:/a:apache:http_server:2.0.42", "cpe:/a:apache:http_server:1.3.18", "cpe:/a:apache:http_server:1.3.2", "cpe:/a:apache:http_server:1.3.23", "cpe:/a:apache:http_server:1.3.29", "cpe:/a:apache:http_server:2.0.52", "cpe:/a:apache:http_server:2.0.51", "cpe:/a:apache:http_server:1.3.9"], "id": "CVE-2005-3352", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3352", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.24:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.12:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.25:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.14:*:mac_os:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.23:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.22:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.13:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.26:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.15:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.20:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:mod_imap:*:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.16:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.14:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.11:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*"]}], "slackware": [{"lastseen": "2020-10-25T16:36:15", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3352"], "description": "New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352\n\nIn addition, new mod_ssl packages for Apache 1.3.35 are available for\nall of these versions of Slackware, and new versions of PHP are\navailable for Slackware -current. These additional packages do not\nfix security issues, but may be required on your system depending on\nyour Apache setup.\n\nOne more note about this round of updates: the packages have been given\nbuild versions that indicate which version of Slackware they are meant\nto patch, such as -1_slack8.1, or -1_slack9.0, etc. This should help to\navoid some of the issues with automatic upgrade tools by providing a\nunique package name when the same fix is deployed across multiple\nSlackware versions. Only patches applied to -current will have the\nsimple build number, such as -1.\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/apache-1.3.35-i486-1_slack10.2.tgz:\n Upgraded to apache-1.3.35.\n From the official announcement:\n Of particular note is that 1.3.35 addresses and fixes 1 potential\n security issue: CVE-2005-3352 (cve.mitre.org)\n mod_imap: Escape untrusted referer header before outputting in HTML\n to avoid potential cross-site scripting. Change also made to\n ap_escape_html so we escape quotes. Reported by JPCERT\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352\n (* Security fix *)\npatches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz:\n Upgraded to mod_ssl-2.8.26-1.3.35.\n This is an updated version designed for Apache 1.3.35.\n\nWhere to find the new packages:\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.35-i386-1_slack8.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.26_1.3.35-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.35-i386-1_slack9.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.26_1.3.35-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.35-i486-1_slack9.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/apache-1.3.35-i486-1_slack10.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/apache-1.3.35-i486-1_slack10.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/apache-1.3.35-i486-1_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.35-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.26_1.3.35-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.4.2-i486-4.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 packages:\n208bbe94a46f8d05e15f1ccdb38f9a91 apache-1.3.35-i386-1_slack8.1.tgz\n9172a6d347df033d024a7ba786c47bfe mod_ssl-2.8.26_1.3.35-i386-1_slack8.1.tgz\n\nSlackware 9.0 packages:\n0482ca192a7b94c254421c717634e628 apache-1.3.35-i386-1_slack9.0.tgz\n913763c2e12d6d2a101ce4a539f060f3 mod_ssl-2.8.26_1.3.35-i386-1_slack9.0.tgz\n\nSlackware 9.1 packages:\nd96044932ab33623425c328862a3750f apache-1.3.35-i486-1_slack9.1.tgz\nae58ab559c60a475330514dca689d735 mod_ssl-2.8.26_1.3.35-i486-1_slack9.1.tgz\n\nSlackware 10.0 packages:\n2beb7c88f4f28adbe61e13d79889a27e apache-1.3.35-i486-1_slack10.0.tgz\n403f1297bcc9cff0df3f9afcb16d69b6 mod_ssl-2.8.26_1.3.35-i486-1_slack10.0.tgz\n\nSlackware 10.1 packages:\n4a0b68ddf002a300e536e584c3eb2923 apache-1.3.35-i486-1_slack10.1.tgz\nf24d6776f221cc61f2b0b98cd1fc1ae9 mod_ssl-2.8.26_1.3.35-i486-1_slack10.1.tgz\n\nSlackware 10.2 packages:\nbbaed7e942e5f1c7380b3def44d54d74 apache-1.3.35-i486-1_slack10.2.tgz\ne70a300f5c4333ae1d31e8d852b89dc3 mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz\n\nSlackware -current packages:\nb662f564f048ace17eaafc7e50bed7b2 apache-1.3.35-i486-1.tgz\nc7d403fc891e210d1f1a71c559939cd5 mod_ssl-2.8.26_1.3.35-i486-1.tgz\nfb78ce30aece8d8718ed722be319dd2b php-4.4.2-i486-4.tgz\n\n\nInstallation instructions:\n\nFirst, stop apache:\n\n > apachectl stop\n\nThen, upgrade the apache package:\n\n > upgradepkg apache-1.3.35-i486-1_slack10.2.tgz\n\nIf you use mod_ssl, you'll also need to upgrade that package. The\nupgrade should save the important config files for mod_ssl,\nnevertheless it's a good idea to backup any keys/certificates you wish\nto save for mod_ssl (in /etc/apache/ssl.*), then upgrade mod_ssl:\n\n > upgradepkg mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz\n\nIf necessary, restore any mod_ssl config files.\n\nIf you are using PHP on Slackware -current, upgrade the PHP package.\n\nFinally, restart apache:\n\n > apachectl start\n\nOr, if you use mod_ssl:\n\n > apachectl startssl", "modified": "2006-05-09T22:19:21", "published": "2006-05-09T22:19:21", "id": "SSA-2006-129-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483", "type": "slackware", "title": "[slackware-security] Apache httpd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3352"], "description": "The Apache HTTP Server is a popular and freely-available Web server. \r\n\r\nA flaw in mod_imap when using the Referer directive with image maps was\r\ndiscovered. With certain site configurations, a remote attacker could\r\nperform a cross-site scripting attack if a victim can be forced to visit a\r\nmalicious URL using certain web browsers. The Common Vulnerabilities and\r\nExposures project assigned the name CVE-2005-3352 to this issue.\r\n\r\nUsers of apache should upgrade to these updated packages, which contain\r\na backported patch to correct this issue.", "modified": "2018-03-14T19:27:35", "published": "2006-01-17T05:00:00", "id": "RHSA-2006:0158", "href": "https://access.redhat.com/errata/RHSA-2006:0158", "type": "redhat", "title": "(RHSA-2006:0158) apache security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2970", "CVE-2005-3352", "CVE-2005-3357"], "description": "The Apache HTTP Server is a popular and freely-available Web server.\r\n\r\nA memory leak in the worker MPM could allow remote attackers to cause a\r\ndenial of service (memory consumption) via aborted connections, which\r\nprevents the memory for the transaction pool from being reused for other\r\nconnections. The Common Vulnerabilities and Exposures project assigned the\r\nname CVE-2005-2970 to this issue. This vulnerability only affects users\r\nwho are using the non-default worker MPM.\r\n\r\nA flaw in mod_imap when using the Referer directive with image maps was\r\ndiscovered. With certain site configurations, a remote attacker could\r\nperform a cross-site scripting attack if a victim can be forced to visit a\r\nmalicious URL using certain web browsers. (CVE-2005-3352)\r\n\r\nA NULL pointer dereference flaw in mod_ssl was discovered affecting server\r\nconfigurations where an SSL virtual host is configured with access control\r\nand a custom 400 error document. A remote attacker could send a carefully\r\ncrafted request to trigger this issue which would lead to a crash. This\r\ncrash would only be a denial of service if using the non-default worker\r\nMPM. (CVE-2005-3357)\r\n\r\nUsers of httpd should update to these erratum packages which contain\r\nbackported patches to correct these issues along with some additional bugs.", "modified": "2017-09-08T12:12:11", "published": "2006-01-05T05:00:00", "id": "RHSA-2006:0159", "href": "https://access.redhat.com/errata/RHSA-2006:0159", "type": "redhat", "title": "(RHSA-2006:0159) httpd security update", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}], "jvn": [{"lastseen": "2019-05-29T17:21:35", "bulletinFamily": "info", "cvelist": ["CVE-2005-3352"], "description": "\n ## Description\n\n ## Impact\n\nA remote attacker could execute a malicious script on the web browser of a user who accessed a web page where mod_imap or mod_imagemap is used. \n\n ## Solution\n\n ## Products Affected\n\n * For more information, refer to the vendor's website.\n", "edition": 4, "modified": "2008-05-21T00:00:00", "published": "2005-12-15T00:00:00", "id": "JVN:06045169", "href": "http://jvn.jp/en/jp/JVN06045169/index.html", "title": "JVN#06045169 mod_imap cross-site scripting vulnerability", "type": "jvn", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:18", "bulletinFamily": "software", "cvelist": ["CVE-2005-3352"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?uid=swg24012511)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc)\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1167)\n[Vendor Specific Advisory URL](http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html)\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1)\n[Vendor Specific Advisory URL](http://itrc.hp.com/service/cki/docDisplay.do?docId=c00797078)\n[Vendor Specific Advisory URL](http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2005/0074/)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1)\nSecurity Tracker: 1015344\n[Secunia Advisory ID:18333](https://secuniaresearch.flexerasoftware.com/advisories/18333/)\n[Secunia Advisory ID:18339](https://secuniaresearch.flexerasoftware.com/advisories/18339/)\n[Secunia Advisory ID:18429](https://secuniaresearch.flexerasoftware.com/advisories/18429/)\n[Secunia Advisory ID:18743](https://secuniaresearch.flexerasoftware.com/advisories/18743/)\n[Secunia Advisory ID:22388](https://secuniaresearch.flexerasoftware.com/advisories/22388/)\n[Secunia Advisory ID:18008](https://secuniaresearch.flexerasoftware.com/advisories/18008/)\n[Secunia Advisory ID:18340](https://secuniaresearch.flexerasoftware.com/advisories/18340/)\n[Secunia Advisory ID:20046](https://secuniaresearch.flexerasoftware.com/advisories/20046/)\n[Secunia Advisory ID:21744](https://secuniaresearch.flexerasoftware.com/advisories/21744/)\n[Secunia Advisory ID:18526](https://secuniaresearch.flexerasoftware.com/advisories/18526/)\n[Secunia Advisory ID:18517](https://secuniaresearch.flexerasoftware.com/advisories/18517/)\n[Secunia Advisory ID:22368](https://secuniaresearch.flexerasoftware.com/advisories/22368/)\n[Secunia Advisory ID:22669](https://secuniaresearch.flexerasoftware.com/advisories/22669/)\n[Secunia Advisory ID:23260](https://secuniaresearch.flexerasoftware.com/advisories/23260/)\n[Secunia Advisory ID:18585](https://secuniaresearch.flexerasoftware.com/advisories/18585/)\n[Secunia Advisory ID:19012](https://secuniaresearch.flexerasoftware.com/advisories/19012/)\n[Secunia Advisory ID:20670](https://secuniaresearch.flexerasoftware.com/advisories/20670/)\n[Secunia Advisory ID:22140](https://secuniaresearch.flexerasoftware.com/advisories/22140/)\n[Secunia Advisory ID:25239](https://secuniaresearch.flexerasoftware.com/advisories/25239/)\nRedHat RHSA: RHSA-2006:0159\nRedHat RHSA: RHSA-2006:0158\nRedHat RHSA: RHSA-2006:0692\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-241-1\nOther Advisory URL: http://www.apacheweek.com/features/security-13\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0089.html\nKeyword: 4012511\nKeyword: HPSBUX02172,SSRT061269\nFrSIRT Advisory: ADV-2005-2870\n[CVE-2005-3352](https://vulners.com/cve/CVE-2005-3352)\nBugtraq ID: 15834\n", "modified": "2005-12-13T14:32:28", "published": "2005-12-13T14:32:28", "href": "https://vulners.com/osvdb/OSVDB:21705", "id": "OSVDB:21705", "title": "Apache HTTP Server mod_imap Image Map Referer XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2019-12-20T18:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3352"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0158-01\n\n\nThe Apache HTTP Server is a popular and freely-available Web server. \r\n\r\nA flaw in mod_imap when using the Referer directive with image maps was\r\ndiscovered. With certain site configurations, a remote attacker could\r\nperform a cross-site scripting attack if a victim can be forced to visit a\r\nmalicious URL using certain web browsers. The Common Vulnerabilities and\r\nExposures project assigned the name CVE-2005-3352 to this issue.\r\n\r\nUsers of apache should upgrade to these updated packages, which contain\r\na backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024641.html\n\n**Affected packages:**\napache\napache-devel\napache-manual\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 5, "modified": "2006-01-30T00:50:54", "published": "2006-01-30T00:50:54", "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/024641.html", "id": "CESA-2006:0158-01", "title": "apache security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:24:12", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2970", "CVE-2005-3357", "CVE-2005-3352"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0159\n\n\nThe Apache HTTP Server is a popular and freely-available Web server.\r\n\r\nA memory leak in the worker MPM could allow remote attackers to cause a\r\ndenial of service (memory consumption) via aborted connections, which\r\nprevents the memory for the transaction pool from being reused for other\r\nconnections. The Common Vulnerabilities and Exposures project assigned the\r\nname CVE-2005-2970 to this issue. This vulnerability only affects users\r\nwho are using the non-default worker MPM.\r\n\r\nA flaw in mod_imap when using the Referer directive with image maps was\r\ndiscovered. With certain site configurations, a remote attacker could\r\nperform a cross-site scripting attack if a victim can be forced to visit a\r\nmalicious URL using certain web browsers. (CVE-2005-3352)\r\n\r\nA NULL pointer dereference flaw in mod_ssl was discovered affecting server\r\nconfigurations where an SSL virtual host is configured with access control\r\nand a custom 400 error document. A remote attacker could send a carefully\r\ncrafted request to trigger this issue which would lead to a crash. This\r\ncrash would only be a denial of service if using the non-default worker\r\nMPM. (CVE-2005-3357)\r\n\r\nUsers of httpd should update to these erratum packages which contain\r\nbackported patches to correct these issues along with some additional bugs.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024575.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024576.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024577.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024578.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024579.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024580.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024581.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024582.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-January/024583.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-suexec\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0159.html", "edition": 4, "modified": "2006-01-06T01:29:35", "published": "2006-01-05T21:38:50", "href": "http://lists.centos.org/pipermail/centos-announce/2006-January/024575.html", "id": "CESA-2006:0159", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:15", "bulletinFamily": "software", "cvelist": ["CVE-2005-3352"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n________________________________________________________________________\r\n\r\nOpenPKG Security Advisory The OpenPKG Project\r\nhttp://www.openpkg.org/security.html http://www.openpkg.org\r\nopenpkg-security@openpkg.org openpkg@openpkg.org\r\nOpenPKG-SA-2005.029 14-Dec-2005\r\n________________________________________________________________________\r\n\r\nPackage: apache\r\nVulnerability: cross site scripting\r\nOpenPKG Specific: no\r\n\r\nAffected Releases: Affected Packages: Corrected Packages:\r\nOpenPKG CURRENT <= apache-1.3.34-20051205 >= apache-1.3.34-20051214\r\nOpenPKG 2.5 <= apache-1.3.33-2.5.4 >= apache-1.3.33-2.5.5\r\nOpenPKG 2.4 <= apache-1.3.33-2.4.4 >= apache-1.3.33-2.4.5\r\nOpenPKG 2.3 <= apache-1.3.33-2.3.6 >= apache-1.3.33-2.3.7\r\n\r\nDescription:\r\n According to vendor information [0], a Cross-Site Scripting (XSS)\r\n vulnerability exists in the Apache HTTP server [1]. The flaw exists in\r\n the "mod_imap" extension module and occurs when using the "Referer"\r\n directive with image maps. In certain configurations a remote attacker\r\n could perform an XSS attack if a victim can be forced to visit a\r\n malicious URL using certain web browsers. The Common Vulnerabilities\r\n and Exposures (CVE) project assigned the id CVE-2005-3352 [2] to the\r\n problem.\r\n________________________________________________________________________\r\n\r\nReferences:\r\n [0] http://issues.apache.org/bugzilla/show_bug.cgi?id=37874 \r\n [1] http://httpd.apache.org/\r\n [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352\r\n________________________________________________________________________\r\n\r\nFor security reasons, this advisory was digitally signed with the\r\nOpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the\r\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\r\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/\r\nfor details on how to verify the integrity of this advisory.\r\n________________________________________________________________________\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nComment: OpenPKG <openpkg@openpkg.org>\r\n\r\niD8DBQFDoH90gHWT4GPEy58RAhdVAJ0VS9ZdblzdeFoUppzby5/Rvb3LwgCghRcF\r\nGhKY6XK9mxxKkpwTUtSF+V4=\r\n=vbUz\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2005-12-16T00:00:00", "published": "2005-12-16T00:00:00", "id": "SECURITYVULNS:DOC:10660", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:10660", "title": "[OpenPKG-SA-2005.029] OpenPKG Security Advisory (apache)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "description": " About the security content of Security Update 2008-003 / Mac OS X 10.5.3\r\n\r\n * Last Modified: May 28, 2008\r\n * Article: HT1897\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2008-003 / Mac OS X 10.5.3, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nSecurity\r\nSecurity Update 2008-003 / Mac OS X v10.5.3\r\n\r\n * AFP Server\r\n\r\n CVE-ID: CVE-2008-1027\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Files that are not designated for sharing may be accessed remotely\r\n\r\n Description: AFP Server did not check that a file or directory to be served was inside a folder designated for sharing. A connected user or guest may access any files or folders for which they have permission, even if not contained in folders designated for sharing. This update addresses the issue by denying access to files and folders that are not inside a folder designated for sharing. Credit to Alex deVries and Robert Rich for reporting this issue.\r\n\r\n * Apache\r\n\r\n CVE-ID: CVE-2005-3352, CVE-2005-3357, CVE-2006-3747, CVE-2007-1863, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388\r\n\r\n Available for: Mac OS X Server v10.4.11\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.0.55\r\n\r\n Description: Apache is updated to version 2.0.63 to address several vulnerabilities, the most serious of which may lead to cross-site scripting. Further information is available via the Apache web site at http://httpd.apache.org. Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x. The issues that affected Apache 2.2.x were addressed in Security Update 2008-002 for Mac OS X v10.5.2 and Mac OS X Server v10.5.2.\r\n\r\n * AppKit\r\n\r\n CVE-ID: CVE-2008-1028\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Opening a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An implementation issue exists in AppKit's processing of document files. Opening a maliciously crafted file in an editor that uses AppKit, such as TextEdit, may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of document files. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Rosyna of Unsanity for reporting this issue.\r\n\r\n * Apple Pixlet Video\r\n\r\n CVE-ID: CVE-2008-1577\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the handling of files using the Pixlet codec. Opening a maliciously crafted movie file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n * ATS\r\n\r\n CVE-ID: CVE-2008-1575\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Printing a PDF document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the Apple Type Services server's handling of embedded fonts in PDF files. Printing a PDF document containing a maliciously crafted font may lead to arbitrary code execution. This update addresses the issue by performing additional validation of embedded fonts. This issue does not affect systems prior to Mac OS X v10.5. Credit to Melissa O'Neill of Harvey Mudd College for reporting this issue.\r\n\r\n * CFNetwork\r\n\r\n CVE-ID: CVE-2008-1580\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information\r\n\r\n Description: An information disclosure issue exists in Safari's SSL client certificate handling. When a web server issues a client certificate request, the first client certificate found in the keychain is automatically sent, which may lead to the disclosure of the information contained in the certificate. This update addresses the issue by prompting the user before sending the certificate.\r\n\r\n * CoreFoundation\r\n\r\n CVE-ID: CVE-2008-1030\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Applications' use of the CFData API in certain ways may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow in CoreFoundation's handling of CFData objects may result in a heap buffer overflow. An application calling CFDataReplaceBytes with an with invalid length argument may unexpectedly terminate or lead to arbitrary code execution. This update addresses the issue by performing additional validation of length parameters.\r\n\r\n * CoreGraphics\r\n\r\n CVE-ID: CVE-2008-1031\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized variable issue exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through proper initialization of pointers.\r\n\r\n * CoreTypes\r\n\r\n CVE-ID: CVE-2008-1032\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Users are not warned before opening certain potentially unsafe content types\r\n\r\n Description: This update extends the system's list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system's ability to notify users before handling content types used by Automator, Help, Safari, and Terminal. On Mac OS X v10.4 this functionality is provided by the Download Validation feature. On Mac OS X v10.5 this functionality is provided by the Quarantine feature. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n * CUPS\r\n\r\n CVE-ID: CVE-2008-1033\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information\r\n\r\n Description: An issue exists in the CUPS scheduler's check of the authentication environment variables when debug logging is enabled. This may lead to the disclosure of the username, domain, and password when printing to a password-protected printer. This update addresses the issue by properly validating environment variables. This issue does not affect systems prior to Mac OS X v10.5 with Security Update 2008-002 installed.\r\n\r\n * Flash Player Plug-in\r\n\r\n CVE-ID: CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening maliciously crafted Flash content may lead to arbitrary code execution\r\n\r\n Description: Multiple issues exist in Adobe Flash Player Plug-in, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 9.0.124.0. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb08-11.html\r\n\r\n * Help Viewer\r\n\r\n CVE-ID: CVE-2008-1034\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: A malicious help:topic URL may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in Help Viewer's handling of help:topic URLs may result in a buffer overflow. Accessing a malicious help:topic URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Paul Haddad of PTH Consulting for reporting this issue.\r\n\r\n * iCal\r\n\r\n CVE-ID: CVE-2008-1035\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use-after-free issue exists in the iCal application's handling of iCalendar (usually ".ics") files. Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by improving reference counting in the affected code. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rodrigo Carvalho of Core Security Technologies for reporting this issue.\r\n\r\n * International Components for Unicode\r\n\r\n CVE-ID: CVE-2008-1036\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Visiting certain web sites may result in the disclosure of sensitive information\r\n\r\n Description: A conversion issue exists in ICU's handling of certain character encodings. Particular invalid character sequences may not appear in the converted output, and this can affect content filters. Visiting a maliciously crafted web site may lead to cross site scripting and the disclosure of sensitive information. This update addresses the issue by replacing invalid character sequences with a fallback character.\r\n\r\n * Image Capture\r\n\r\n CVE-ID: CVE-2008-1571\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Accessing a maliciously crafted URL may lead to information disclosure\r\n\r\n Description: A path traversal issue exists in Image Capture's embedded web server. This may lead to the disclosure of local files on the server system. This update addresses the issue through improved URL handling. This issue does not affect systems running Mac OS X v10.5 or later.\r\n\r\n * Image Capture\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1572\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: A local user may manipulate files with the privileges of another user running Image Capture\r\n\r\n Description: An insecure file operation exists in Image Capture's handling of temporary files. This could allow a local user to overwrite files with the privileges of another user running Image Capture, or to access the contents of images being resized. This update addresses the issue through improved handling of temporary files. This issue does not affect systems running Mac OS X v10.5 or later.\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1573\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Viewing a maliciously crafted BMP or GIF image may lead to information disclosure\r\n\r\n Description: An out-of-bounds memory read may occur in the BMP and GIF image decoding engine, which may lead to the disclosure of content in memory. This update addresses the issue by performing additional validation of BMP and GIF images. Credit to Gynvael Coldwind of Hispasec for reporting this issue.\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-5266, CVE-2007-5268, CVE-2007-5269\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.18\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.18, the most serious of which may lead to a remote denial of service. This update addresses the issue by updating to version 1.2.24. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1574\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow in the handling of JPEG2000 image files may result in a heap buffer overflow. Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of JPEG2000 images.\r\n\r\n * Kernel\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-0177\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may be able to cause to an unexpected system shutdown\r\n\r\n Description: An undetected failure condition exists in the handling of packets with an IPComp header. By sending a maliciously crafted packet to a system configured to use IPSec or IPv6, an attacker may cause an unexpected system shutdown. This update addresses the issue by properly detecting the failure condition.\r\n\r\n * Kernel\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-6359\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A local user may be able to cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference exists in the kernel's handling of code signatures in the cs_validate_page function. This may allow a local user to cause an unexpected system shutdown. This update addresses the issue by performing additional validation of code signatures. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n * LoginWindow\r\n\r\n \r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Managed Client preferences may not be applied\r\n\r\n Description: This update addresses a non-security issue introduced in Security Update 2007-004. Due to a race condition, LoginWindow may fail to apply certain preferences to fail on systems managed by Managed Client for Mac OS X (MCX). This update addresses the issue by eliminating the race condition in the handling of managed preferences. This issue does not affect systems running Mac OS X v10.5.\r\n\r\n * Mail\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1576\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Sending mail through an SMTP server over IPv6 may lead to an unexpected application termination, information disclosure, or arbitrary code execution\r\n\r\n Description: An uninitialized buffer issue exists in Mail. When sending mail through an SMTP server over IPv6, Mail may use a buffer containing partially uninitialized memory, which could result in the disclosure of sensitive information to message recipients and mail server administrators. This could also potentially lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by properly initializing the variable. This issue does not affect systems running Mac OS X v10.5 or later. Credit to Derek Morr of The Pennsylvania State University for reporting this issue.\r\n\r\n * ruby\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-6612\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may be able to read arbitrary files\r\n\r\n Description: Mongrel is updated to version 1.1.4 to address a directory traversal issue in DirHandler which may lead to the disclosure of sensitive information. Further information is available via the Mongrel web site at http://mongrel.rubyforge.org\r\n\r\n * Single Sign-On\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1578\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Passwords supplied to sso_util are exposed to other local users\r\n\r\n Description: The sso_util command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users, administrators, and the KDC administration password. This update makes the password parameter optional, and sso_util will prompt for the password if needed. Credit to Geoff Franks of Hauptman Woodward Institute for reporting this issue.\r\n\r\n * Wiki Server\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1579\r\n\r\n Available for: Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may determine valid user names on servers with the Wiki Server enabled\r\n\r\n Description: An information disclosure issue exists in Wiki Server when a nonexistent blog is accessed. Using the information in the error message, an attacker may deduce the existence of local user names. This update addresses the issue through improved handling of error messages. This issue does not affect systems prior to Mac OS X v10.5. Credit to Don Rainwater of the University of Cincinnati for reporting this issue.\r\n\r\n \r\n\r\nImportant: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.", "edition": 1, "modified": "2008-05-30T00:00:00", "published": "2008-05-30T00:00:00", "id": "SECURITYVULNS:DOC:19937", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19937", "title": " About the security content of Security Update 2008-003 / Mac OS X 10.5.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-3769", "CVE-2013-3824", "CVE-2013-3774", "CVE-2013-3749", "CVE-2013-3819", "CVE-2013-3778", "CVE-2013-3788", "CVE-2013-3809", "CVE-2013-3818", "CVE-2013-3799", "CVE-2010-0434", "CVE-2010-0425", "CVE-2013-3783", "CVE-2013-3791", "CVE-2013-3768", "CVE-2013-3807", "CVE-2013-3823", "CVE-2013-3755", "CVE-2013-3753", "CVE-2011-0419", "CVE-2013-3786", "CVE-2008-2364", "CVE-2013-3771", "CVE-2013-3782", "CVE-2013-3760", "CVE-2012-2687", "CVE-2013-3756", "CVE-2013-3789", "CVE-2013-3767", "CVE-2013-3811", "CVE-2013-3776", "CVE-2013-3746", "CVE-2013-3777", "CVE-2013-3750", "CVE-2013-3770", "CVE-2013-3772", "CVE-2013-3757", "CVE-2013-3787", "CVE-2013-3808", "CVE-2013-1861", "CVE-2013-3813", "CVE-2013-3775", "CVE-2013-3800", "CVE-2013-3765", "CVE-2013-3784", "CVE-2013-3759", "CVE-2013-3803", "CVE-2013-2461", "CVE-2013-3806", "CVE-2013-3745", "CVE-2013-3780", "CVE-2006-5752", "CVE-2013-3794", "CVE-2013-3758", "CVE-2010-2068", "CVE-2013-3816", "CVE-2013-3763", "CVE-2013-3810", "CVE-2013-3754", "CVE-2007-3847", "CVE-2013-3748", "CVE-2013-0398", "CVE-2013-3751", "CVE-2007-6388", "CVE-2013-3752", "CVE-2013-3764", "CVE-2013-3773", "CVE-2013-3812", "CVE-2007-5000", "CVE-2013-3781", "CVE-2013-3805", "CVE-2005-3352", "CVE-2013-3795", "CVE-2013-3820", "CVE-2013-3821", "CVE-2013-3822", "CVE-2013-3761", "CVE-2013-3804", "CVE-2011-3348", "CVE-2013-3779", "CVE-2013-3825", "CVE-2013-3797", "CVE-2013-3802", "CVE-2013-3790", "CVE-2013-3796", "CVE-2013-3793", "CVE-2013-3747", "CVE-2013-3798", "CVE-2013-3801"], "description": "Quarterly CPU fixes 89 dufferent vulnerabilities.", "edition": 1, "modified": "2013-08-12T00:00:00", "published": "2013-08-12T00:00:00", "id": "SECURITYVULNS:VULN:13214", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13214", "title": "Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-15T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:56067", "href": "http://plugins.openvas.org/nasl.php?oid=56067", "type": "openvas", "title": "FreeBSD Ports: apache", "sourceData": "#\n#VID 9fff8dc8-7aa7-11da-bf72-00123f589060\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n apache\n apache+mod_perl\n apache_fp\n apache+ipv6\n ru-apache\n ru-apache+mod_ssl\n apache+ssl\n apache+mod_ssl\n apache+mod_ssl+ipv6\n apache+mod_ssl+mod_accel\n apache+mod_ssl+mod_accel+ipv6\n apache+mod_ssl+mod_accel+mod_deflate\n apache+mod_ssl+mod_accel+mod_deflate+ipv6\n apache+mod_ssl+mod_deflate\n apache+mod_ssl+mod_deflate+ipv6\n apache+mod_ssl+mod_snmp\n apache+mod_ssl+mod_snmp+mod_accel\n apache+mod_ssl+mod_snmp+mod_accel+ipv6\n apache+mod_ssl+mod_snmp+mod_deflate\n apache+mod_ssl+mod_snmp+mod_deflate+ipv6\n apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6\n\nCVE-2005-3352\nCross-site scripting (XSS) vulnerability in the mod_imap module allows\nremote attackers to inject arbitrary web script or HTML via the\nReferer when using image maps.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.apacheweek.com/features/security-13\nhttp://www.apacheweek.com/features/security-20\nhttp://www.vuxml.org/freebsd/9fff8dc8-7aa7-11da-bf72-00123f589060.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56067);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-3352\");\n script_bugtraq_id(15834);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3\")>=0 && revcomp(a:bver, b:\"1.3.34_3\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.35\")>=0 && revcomp(a:bver, b:\"2.0.55_2\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2.1\")>=0 && revcomp(a:bver, b:\"2.1.9_3\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2.2\")>=0 && revcomp(a:bver, b:\"2.2.0_3\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_perl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34_1\")<0) {\n txt += 'Package apache+mod_perl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache_fp\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package apache_fp version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>=0) {\n txt += 'Package apache+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+30.22_1\")<0) {\n txt += 'Package ru-apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+30.22+2.8.25_1\")<0) {\n txt += 'Package ru-apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.0\")>=0 && revcomp(a:bver, b:\"1.3.33.1.55_2\")<0) {\n txt += 'Package apache+ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_accel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_accel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_accel+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_accel+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_accel+mod_deflate\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_accel+mod_deflate version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_accel+mod_deflate+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_accel+mod_deflate+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_deflate\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_deflate version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_deflate+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_deflate+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_snmp\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_snmp version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_snmp+mod_accel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_snmp+mod_accel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_snmp+mod_accel+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_snmp+mod_accel+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_snmp+mod_deflate\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_snmp+mod_deflate version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_snmp+mod_deflate+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_snmp+mod_deflate+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.34+2.8.25_1\")<0) {\n txt += 'Package apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-devel\n mod_ssl\n apache\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015908 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65472", "href": "http://plugins.openvas.org/nasl.php?oid=65472", "type": "openvas", "title": "SLES9: Security update for Apache", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015908.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Apache\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-devel\n mod_ssl\n apache\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015908 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65472);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~1.3.29~71.24\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-129-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:56731", "href": "http://plugins.openvas.org/nasl.php?oid=56731", "type": "openvas", "title": "Slackware Advisory SSA:2006-129-01 Apache httpd", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_129_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\n\nIn addition, new mod_ssl packages for Apache 1.3.35 are available for\nall of these versions of Slackware, and new versions of PHP are\navailable for Slackware -current. These additional packages do not\nfix security issues, but may be required on your system depending on\nyour Apache setup.\n\nOne more note about this round of updates: the packages have been given\nbuild versions that indicate which version of Slackware they are meant\nto patch, such as -1_slack8.1, or -1_slack9.0, etc. This should help to\navoid some of the issues with automatic upgrade tools by providing a\nunique package name when the same fix is deployed across multiple\nSlackware versions. Only patches applied to -current will have the\nsimple build number, such as -1.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-129-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-129-01\";\n \nif(description)\n{\n script_id(56731);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_bugtraq_id(15834);\n script_cve_id(\"CVE-2005-3352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-129-01 Apache httpd \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-129-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231056731", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231056731", "type": "openvas", "title": "Slackware Advisory SSA:2006-129-01 Apache httpd", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_129_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.56731\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_bugtraq_id(15834);\n script_cve_id(\"CVE-2005-3352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-129-01 Apache httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-129-01\");\n\n script_tag(name:\"insight\", value:\"New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\n\nIn addition, new mod_ssl packages for Apache 1.3.35 are available for\nall of these versions of Slackware, and new versions of PHP are\navailable for Slackware -current. These additional packages do not\nfix security issues, but may be required on your system depending on\nyour Apache setup.\n\nOne more note about this round of updates: the packages have been given\nbuild versions that indicate which version of Slackware they are meant\nto patch, such as -1_slack8.1, or -1_slack9.0, etc. This should help to\navoid some of the issues with automatic upgrade tools by providing a\nunique package name when the same fix is deployed across multiple\nSlackware versions. Only patches applied to -current will have the\nsimple build number, such as -1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-129-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.35-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.26_1.3.35-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-04-06T11:37:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-devel\n mod_ssl\n apache\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015908 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065472", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065472", "type": "openvas", "title": "SLES9: Security update for Apache", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015908.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Apache\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-devel\n mod_ssl\n apache\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015908 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65472\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~1.3.29~71.24\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3357", "CVE-2005-3352"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-prefork\n apache2-worker\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012004 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065017", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065017", "type": "openvas", "title": "SLES9: Security update for Apache 2", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012004.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-prefork\n apache2-worker\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012004 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65017\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.0.49~27.45\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3357", "CVE-2005-3352"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-prefork\n apache2-worker\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012004 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65017", "href": "http://plugins.openvas.org/nasl.php?oid=65017", "type": "openvas", "title": "SLES9: Security update for Apache 2", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5012004.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-prefork\n apache2-worker\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5012004 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65017);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES9: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.0.49~27.45\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3357", "CVE-2005-3352"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200602-03.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:56246", "href": "http://plugins.openvas.org/nasl.php?oid=56246", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200602-03 (Apache)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Apache can be exploited for cross-site scripting attacks and is vulnerable\nto a Denial of Service attack.\";\ntag_solution = \"All Apache users should upgrade to the latest version, depending on whether\nthey still use the old configuration style (/etc/apache/conf/*.conf) or the\nnew one (/etc/apache2/httpd.conf).\n\n2.0.x users, new style config:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-www/apache-2.0.55-r1'\n\n2.0.x users, old style config:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '=net-www/apache-2.0.54-r16'\n\n1.x users, new style config:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '=net-www/apache-1.3.34-r11'\n\n1.x users, old style config:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '=net-www/apache-1.3.34-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200602-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=115324\nhttp://bugs.gentoo.org/show_bug.cgi?id=118875\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200602-03.\";\n\n \n\nif(description)\n{\n script_id(56246);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\");\n script_tag(name:\"cvss_base\", value:\"5.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200602-03 (Apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/apache\", unaffected: make_list(\"ge 2.0.55-r1\", \"rge 2.0.54-r16\", \"eq 1.3.34-r2\", \"rge 1.3.34-r11\"), vulnerable: make_list(\"lt 2.0.55-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3747", "CVE-2005-3352"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2\n apache2-prefork\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021257 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065142", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065142", "type": "openvas", "title": "SLES9: Security update for Apache2", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021257.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Apache2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2\n apache2-prefork\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021257 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65142\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3747\", \"CVE-2005-3352\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Apache2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.49~27.51\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2005-3352"], "description": "The remote host is missing an update to apache\nannounced via advisory DSA 1167-1.\n\nSeveral remote vulnerabilities have been discovered in the Apache, the\nworlds most popular webserver, which may lead to the execution of arbitrary\nweb script. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2005-3352\n\nA cross-site scripting (XSS) flaw exists in the mod_imap component of\nthe Apache server.\n\nCVE-2006-3918\n\nApache does not sanitize the Expect header from an HTTP request when\nit is reflected back in an error message, which might allow cross-site\nscripting (XSS) style attacks.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:57335", "href": "http://plugins.openvas.org/nasl.php?oid=57335", "type": "openvas", "title": "Debian Security Advisory DSA 1167-1 (apache)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1167_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1167-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.33-6sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.3.34-3.\n\nWe recommend that you upgrade your apache package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201167-1\";\ntag_summary = \"The remote host is missing an update to apache\nannounced via advisory DSA 1167-1.\n\nSeveral remote vulnerabilities have been discovered in the Apache, the\nworlds most popular webserver, which may lead to the execution of arbitrary\nweb script. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2005-3352\n\nA cross-site scripting (XSS) flaw exists in the mod_imap component of\nthe Apache server.\n\nCVE-2006-3918\n\nApache does not sanitize the Expect header from an HTTP request when\nit is reflected back in an error message, which might allow cross-site\nscripting (XSS) style attacks.\";\n\n\nif(description)\n{\n script_id(57335);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-3918\", \"CVE-2005-3352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1167-1 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache-dev\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-doc\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-utils\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-common\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-dbg\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-perl\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-ssl\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache-mod-perl\", ver:\"1.29.0.3-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-17T14:02:12", "description": "This update includes a missed security update for Apache 1.3. The\nproblem is already fixed for our Apache2 packages.\n\n - mod_imap: Escape untrusted Referer header before\n outputting in HTML to avoid potential cross-site\n scripting. A change was also made to ap_escape_html so\n we escape quotes. (CVE-2005-3352)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : Apache (YOU Patch Number 11489)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_11489.NASL", "href": "https://www.tenable.com/plugins/nessus/41124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41124);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-3352\");\n\n script_name(english:\"SuSE9 Security Update : Apache (YOU Patch Number 11489)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes a missed security update for Apache 1.3. The\nproblem is already fixed for our Apache2 packages.\n\n - mod_imap: Escape untrusted Referer header before\n outputting in HTML to avoid potential cross-site\n scripting. A change was also made to ap_escape_html so\n we escape quotes. (CVE-2005-3352)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2005-3352.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 11489.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-1.3.29-71.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-devel-1.3.29-71.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mod_ssl-2.8.16-71.24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T09:10:17", "description": "New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, and -current to fix a bug with Apache 1.3.35 and glibc\nthat breaks wildcards in Include directives. It may not occur with all\nversions of glibc, but it has been verified on -current (using an\nInclude within a file already Included causes a crash), so better to\npatch it and reissue these packages just to be sure. My apologies if\nthe last batch of updates caused anyone undue grief... they worked\nhere with my (too simple?) config files. Note that if you use mod_ssl,\nyou'll also require the mod_ssl package that was part of yesterday's\nrelease, and on -current you'll need the newest PHP package (if you\nuse PHP). Thanks to Francesco Gringoli for bringing this issue to my\nattention.", "edition": 24, "published": "2006-05-13T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd redux (SSA:2006-130-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "modified": "2006-05-13T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.2", "p-cpe:/a:slackware:slackware_linux:apache"], "id": "SLACKWARE_SSA_2006-130-01.NASL", "href": "https://www.tenable.com/plugins/nessus/21346", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-130-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21346);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-3352\");\n script_xref(name:\"SSA\", value:\"2006-130-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd redux (SSA:2006-130-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, and -current to fix a bug with Apache 1.3.35 and glibc\nthat breaks wildcards in Include directives. It may not occur with all\nversions of glibc, but it has been verified on -current (using an\nInclude within a file already Included causes a crash), so better to\npatch it and reissue these packages just to be sure. My apologies if\nthe last batch of updates caused anyone undue grief... they worked\nhere with my (too simple?) config files. Note that if you use mod_ssl,\nyou'll also require the mod_ssl package that was part of yesterday's\nrelease, and on -current you'll need the newest PHP package (if you\nuse PHP). Thanks to Francesco Gringoli for bringing this issue to my\nattention.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?269cdf3c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i386\", pkgnum:\"2_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i386\", pkgnum:\"2_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"2_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"2_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"2_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"2_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T09:10:17", "description": "New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, and -current to fix security issues.", "edition": 24, "published": "2006-05-13T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd (SSA:2006-129-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "modified": "2006-05-13T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1", "p-cpe:/a:slackware:slackware_linux:php", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.2", "p-cpe:/a:slackware:slackware_linux:apache", "p-cpe:/a:slackware:slackware_linux:mod_ssl"], "id": "SLACKWARE_SSA_2006-129-01.NASL", "href": "https://www.tenable.com/plugins/nessus/21344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2006-129-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21344);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-3352\");\n script_bugtraq_id(15834);\n script_xref(name:\"SSA\", value:\"2006-129-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd (SSA:2006-129-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e7a2e36\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache, mod_ssl and / or php packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:php\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\nif (slackware_check(osver:\"8.1\", pkgname:\"mod_ssl\", pkgver:\"2.8.26_1.3.35\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\nif (slackware_check(osver:\"9.0\", pkgname:\"mod_ssl\", pkgver:\"2.8.26_1.3.35\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\nif (slackware_check(osver:\"9.1\", pkgname:\"mod_ssl\", pkgver:\"2.8.26_1.3.35\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\nif (slackware_check(osver:\"10.0\", pkgname:\"mod_ssl\", pkgver:\"2.8.26_1.3.35\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"mod_ssl\", pkgver:\"2.8.26_1.3.35\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"mod_ssl\", pkgver:\"2.8.26_1.3.35\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"apache\", pkgver:\"1.3.35\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"mod_ssl\", pkgver:\"2.8.26_1.3.35\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", pkgname:\"php\", pkgver:\"4.4.2\", pkgarch:\"i486\", pkgnum:\"4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:48:37", "description": "The Apache HTTP Server Project reports :\n\nA flaw in mod_imap when using the Referer directive with image maps.\nIn certain site configurations a remote attacker could perform a\ncross-site scripting attack if a victim can be forced to visit a\nmalicious URL using certain web browsers.", "edition": 24, "published": "2006-05-13T00:00:00", "title": "FreeBSD : apache -- mod_imap XSS flaw (9fff8dc8-7aa7-11da-bf72-00123f589060)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "modified": "2006-05-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache+mod_ssl+ipv6", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_deflate", "p-cpe:/a:freebsd:freebsd:ru-apache", "p-cpe:/a:freebsd:freebsd:apache+mod_perl", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_deflate+ipv6", "p-cpe:/a:freebsd:freebsd:apache_fp", "p-cpe:/a:freebsd:freebsd:ru-apache+mod_ssl", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_accel+ipv6", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:apache+ipv6", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_accel+ipv6", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_accel", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_accel+mod_deflate+ipv6", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_deflate", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_deflate+ipv6", "p-cpe:/a:freebsd:freebsd:apache+ssl", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_accel", "p-cpe:/a:freebsd:freebsd:apache", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_accel+mod_deflate"], "id": "FREEBSD_PKG_9FFF8DC87AA711DABF7200123F589060.NASL", "href": "https://www.tenable.com/plugins/nessus/21487", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21487);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-3352\");\n script_bugtraq_id(15834);\n\n script_name(english:\"FreeBSD : apache -- mod_imap XSS flaw (9fff8dc8-7aa7-11da-bf72-00123f589060)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache HTTP Server Project reports :\n\nA flaw in mod_imap when using the Referer directive with image maps.\nIn certain site configurations a remote attacker could perform a\ncross-site scripting attack if a victim can be forced to visit a\nmalicious URL using certain web browsers.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apacheweek.com/features/security-13\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apacheweek.com/features/security-20\"\n );\n # https://vuxml.freebsd.org/freebsd/9fff8dc8-7aa7-11da-bf72-00123f589060.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?518ae251\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_accel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_accel+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_accel+mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_accel+mod_deflate+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_deflate+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_accel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_accel+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+mod_snmp+mod_deflate+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache_fp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-apache+mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache>=1.3<1.3.34_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache>=2.0.35<2.0.55_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache>=2.1<2.1.9_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache>=2.2<2.2.0_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_perl<1.3.34_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache_fp>=0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+ipv6<1.3.37\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-apache<1.3.34+30.22_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-apache+mod_ssl<1.3.34+30.22+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+ssl>=1.3.0<1.3.33.1.55_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+ipv6<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_accel<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_accel+ipv6<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_accel+mod_deflate<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_accel+mod_deflate+ipv6<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_deflate<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_deflate+ipv6<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_snmp<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_snmp+mod_accel<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_snmp+mod_accel+ipv6<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_snmp+mod_deflate<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_snmp+mod_deflate+ipv6<1.3.34+2.8.25_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6<1.3.34+2.8.25_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T04:07:53", "description": "The remote Apache web server has the module 'mod_imap' (or\n'mod_imagemap') installed. The remote version of this module is\nvulnerable to a cross-site scripting issue related to the handling of\nthe 'referrer' field of the remote server.", "edition": 25, "published": "2008-03-25T00:00:00", "title": "Apache mod_imap Image Map Referer XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "modified": "2021-03-02T00:00:00", "cpe": [], "id": "MOD_IMAP_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/31647", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(31647);\n script_version (\"1.19\");\n script_cve_id(\"CVE-2005-3352\");\n script_bugtraq_id(15834);\n\n script_name(english: \"Apache mod_imap Image Map Referer XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a module vulnerable to a cross-site\nscripting attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote Apache web server has the module 'mod_imap' (or\n'mod_imagemap') installed. The remote version of this module is\nvulnerable to a cross-site scripting issue related to the handling of\nthe 'referrer' field of the remote server.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache 1.3.35, 2.0.56 or 2.2.6.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/12/13\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n script_summary(english: \"Uses the results of webmirror.nasl\");\n script_category(ACT_GATHER_INFO); \n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english: \"Web Servers\");\n script_dependencie(\"webmirror.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\",80);\n script_require_keys(\"www/apache\");\n exit(0);\n}\n\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\nbanner = get_http_banner(port:port);\nif ( \"Apache\" >!< banner ) exit(0);\nlist = get_kb_list(\"www/\" + port + \"/content/extensions/map\");\nif ( isnull(list) ) exit(0);\nlist = make_list(list);\nforeach item ( list )\n{\n w = http_send_recv3(method:\"GET\", item:item + \"?0,0\", port: port, add_headers:\n make_array(\"Referer\", \"<script>window.alert(bar)</script>\"));\n if (isnull(w)) exit(1, \"the web server did not answer\");\n res = w[2];\n if ( '<a href=\"<script>window.alert(bar)' >< res )\n\t{\n\t security_warning(port:port, extra:'\\nSending a malformed request to ' + item + ' yields :\\n\\n' + res);\n\t set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\t exit(0);\n\t}\n\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:05:34", "description": "Updated Apache httpd packages that correct a security issue are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw in mod_imap when using the Referer directive with image maps\nwas discovered. With certain site configurations, a remote attacker\ncould perform a cross-site scripting attack if a victim can be forced\nto visit a malicious URL using certain web browsers. The Common\nVulnerabilities and Exposures project assigned the name CVE-2005-3352\nto this issue.\n\nUsers of apache should upgrade to these updated packages, which\ncontain a backported patch to correct this issue.", "edition": 27, "published": "2006-01-17T00:00:00", "title": "RHEL 2.1 : apache (RHSA-2006:0158)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3352"], "modified": "2006-01-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:apache", "p-cpe:/a:redhat:enterprise_linux:apache-manual", "p-cpe:/a:redhat:enterprise_linux:apache-devel"], "id": "REDHAT-RHSA-2006-0158.NASL", "href": "https://www.tenable.com/plugins/nessus/20733", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0158. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20733);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-3352\");\n script_bugtraq_id(15834);\n script_xref(name:\"RHSA\", value:\"2006:0158\");\n\n script_name(english:\"RHEL 2.1 : apache (RHSA-2006:0158)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that correct a security issue are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw in mod_imap when using the Referer directive with image maps\nwas discovered. With certain site configurations, a remote attacker\ncould perform a cross-site scripting attack if a victim can be forced\nto visit a malicious URL using certain web browsers. The Common\nVulnerabilities and Exposures project assigned the name CVE-2005-3352\nto this issue.\n\nUsers of apache should upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0158\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected apache, apache-devel and / or apache-manual\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0158\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-1.3.27-10.ent\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-devel-1.3.27-10.ent\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-manual-1.3.27-10.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache / apache-devel / apache-manual\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T15:28:01", "description": "The 'mod_imap' module (which provides support for image maps) did not\nproperly escape the 'referer' URL which rendered it vulnerable against\na cross-site scripting attack. A malicious web page (or HTML email)\ncould trick a user into visiting a site running the vulnerable\nmod_imap, and employ cross-site-scripting techniques to gather\nsensitive user information from that site. (CVE-2005-3352)\n\nHartmut Keil discovered a Denial of Service vulnerability in the SSL\nmodule ('mod_ssl') that affects SSL-enabled virtual hosts with a\ncustomized error page for error 400. By sending a specially crafted\nrequest to the server, a remote attacker could crash the server. This\nonly affects Apache 2, and only if the 'worker' implementation\n(apache2-mpm-worker) is used. (CVE-2005-3357).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2006-01-21T00:00:00", "title": "Ubuntu 4.10 / 5.04 / 5.10 : apache2, apache vulnerabilities (USN-241-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3357", "CVE-2005-3352"], "modified": "2006-01-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild", "p-cpe:/a:canonical:ubuntu_linux:apache-ssl", "p-cpe:/a:canonical:ubuntu_linux:apache-utils", "p-cpe:/a:canonical:ubuntu_linux:apache", "p-cpe:/a:canonical:ubuntu_linux:apache-dev", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:libapr0", "p-cpe:/a:canonical:ubuntu_linux:apache-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:libapr0-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:apache-dbg", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "p-cpe:/a:canonical:ubuntu_linux:apache-perl", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-doc", "p-cpe:/a:canonical:ubuntu_linux:apache2-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "p-cpe:/a:canonical:ubuntu_linux:libapache-mod-perl", "p-cpe:/a:canonical:ubuntu_linux:apache-doc"], "id": "UBUNTU_USN-241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20788", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-241-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20788);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\");\n script_xref(name:\"USN\", value:\"241-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : apache2, apache vulnerabilities (USN-241-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 'mod_imap' module (which provides support for image maps) did not\nproperly escape the 'referer' URL which rendered it vulnerable against\na cross-site scripting attack. A malicious web page (or HTML email)\ncould trick a user into visiting a site running the vulnerable\nmod_imap, and employ cross-site-scripting techniques to gather\nsensitive user information from that site. (CVE-2005-3352)\n\nHartmut Keil discovered a Denial of Service vulnerability in the SSL\nmodule ('mod_ssl') that affects SSL-enabled virtual hosts with a\ncustomized error page for error 400. By sending a specially crafted\nrequest to the server, a remote attacker could crash the server. This\nonly affects Apache 2, and only if the 'worker' implementation\n(apache2-mpm-worker) is used. (CVE-2005-3357).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-common\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-dbg\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-dev\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-doc\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-perl\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-ssl\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-utils\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-common\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-doc\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-threadpool\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapache-mod-perl\", pkgver:\"1.29.0.2.0-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapr0\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapr0-dev\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-common\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-dbg\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-dev\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-doc\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-perl\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-ssl\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-utils\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-common\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-doc\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-threadpool\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-utils\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapache-mod-perl\", pkgver:\"1.29.0.3-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapr0\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapr0-dev\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-common\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-dbg\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-dev\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-doc\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-perl\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-ssl\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-utils\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-common\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-doc\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-mpm-threadpool\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-utils\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache-mod-perl\", pkgver:\"1.29.0.3-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapr0\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapr0-dev\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache / apache-common / apache-dbg / apache-dev / apache-doc / etc\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:14:48", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:043 (apache,apache2).\n\n\nThe following security problem was fixed in the Apache and Apache 2\nweb servers:\n\nmod_rewrite: Fix an off-by-one security problem in the ldap scheme\nhandling. For some RewriteRules this could lead to a pointer being\nwritten out of bounds. Depending on stack alignment this could be\nused to potentially execute code.\n\nThe mod_rewrite module is not enabled per default in our packages.\n\nThis problem is tracked by the Mitre CVE ID CVE-2006-3747.\n\nA more detailed description of this problem is available in:\n\n\t http://www.apache.org/dist/httpd/Announcement2.0.html\n\nFor SUSE Linux 10.0, 10.1 and SUSE Linux Enterprise 10 additionally\na old bug was fixed that we missed to forward port to the Apache 2.2\npackages:\n\nmod_imap: Fixes a cross-site-scripting bug in the imagemap module.\nThis issue is tracked by the Mitre CVE ID CVE-2005-3352.", "edition": 6, "published": "2007-02-18T00:00:00", "title": "SUSE-SA:2006:043: apache,apache2", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3747", "CVE-2005-3352"], "modified": "2007-02-18T00:00:00", "cpe": [], "id": "SUSE_SA_2006_043.NASL", "href": "https://www.tenable.com/plugins/nessus/24423", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:043\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24423);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:043: apache,apache2\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:043 (apache,apache2).\n\n\nThe following security problem was fixed in the Apache and Apache 2\nweb servers:\n\nmod_rewrite: Fix an off-by-one security problem in the ldap scheme\nhandling. For some RewriteRules this could lead to a pointer being\nwritten out of bounds. Depending on stack alignment this could be\nused to potentially execute code.\n\nThe mod_rewrite module is not enabled per default in our packages.\n\nThis problem is tracked by the Mitre CVE ID CVE-2006-3747.\n\nA more detailed description of this problem is available in:\n\n\t http://www.apache.org/dist/httpd/Announcement2.0.html\n\nFor SUSE Linux 10.0, 10.1 and SUSE Linux Enterprise 10 additionally\na old bug was fixed that we missed to forward port to the Apache 2.2\npackages:\n\nmod_imap: Fixes a cross-site-scripting bug in the imagemap module.\nThis issue is tracked by the Mitre CVE ID CVE-2005-3352.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_43_apache.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the apache,apache2 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"apache2-2.0.54-10.5\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.54-10.5\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.54-10.5\", release:\"SUSE10.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.50-7.14\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.50-7.14\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.50-7.14\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.53-9.12\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.53-9.12\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.53-9.12\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:01", "description": "The remote host is affected by the vulnerability described in GLSA-200602-03\n(Apache: Multiple vulnerabilities)\n\n Apache's mod_imap fails to properly sanitize the 'Referer' directive of\n imagemaps in some cases, leaving the HTTP Referer header unescaped. A\n flaw in mod_ssl can lead to a NULL pointer dereference if the site uses\n a custom 'Error 400' document. These vulnerabilities were reported by\n Marc Cox and Hartmut Keil, respectively.\n \nImpact :\n\n A remote attacker could exploit mod_imap to inject arbitrary HTML or\n JavaScript into a user's browser to gather sensitive information.\n Attackers could also cause a Denial of Service on hosts using the SSL\n module (Apache 2.0.x only).\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2006-02-10T00:00:00", "title": "GLSA-200602-03 : Apache: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3357", "CVE-2005-3352"], "modified": "2006-02-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:apache"], "id": "GENTOO_GLSA-200602-03.NASL", "href": "https://www.tenable.com/plugins/nessus/20874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200602-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20874);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\");\n script_bugtraq_id(15834, 16152);\n script_xref(name:\"GLSA\", value:\"200602-03\");\n\n script_name(english:\"GLSA-200602-03 : Apache: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200602-03\n(Apache: Multiple vulnerabilities)\n\n Apache's mod_imap fails to properly sanitize the 'Referer' directive of\n imagemaps in some cases, leaving the HTTP Referer header unescaped. A\n flaw in mod_ssl can lead to a NULL pointer dereference if the site uses\n a custom 'Error 400' document. These vulnerabilities were reported by\n Marc Cox and Hartmut Keil, respectively.\n \nImpact :\n\n A remote attacker could exploit mod_imap to inject arbitrary HTML or\n JavaScript into a user's browser to gather sensitive information.\n Attackers could also cause a Denial of Service on hosts using the SSL\n module (Apache 2.0.x only).\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200602-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache users should upgrade to the latest version, depending on\n whether they still use the old configuration style\n (/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).\n 2.0.x users, new style config:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.0.55-r1'\n 2.0.x users, old style config:\n # emerge --sync\n # emerge --ask --oneshot --verbose '=www-servers/apache-2.0.54-r16'\n 1.x users, new style config:\n # emerge --sync\n # emerge --ask --oneshot --verbose '=www-servers/apache-1.3.34-r11'\n 1.x users, old style config:\n # emerge --sync\n # emerge --ask --oneshot --verbose '=www-servers/apache-1.3.34-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/02/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.0.55-r1\", \"rge 2.0.54-r16\", \"eq 1.3.34-r2\", \"rge 1.3.34-r11\", \"rge 1.3.37\"), vulnerable:make_list(\"lt 2.0.55-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:43:08", "description": "This update fixes security problems in the Apache2 webserver :\n\nmod_rewrite: Fixed an off-by-one security problem in the ldap scheme\nhandling. For some RewriteRules this could lead to a pointer being\nwritten out of bounds. (CVE-2006-3747)\n\nFor SUSE Linux Enterprise Server 10 additionally an old security\nproblem was fixed: mod_imap: Fixes a cross-site scripting bug in the\nimagemap module. (CVE-2005-3352)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : Apache2 (ZYPP Patch Number 1906)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3747", "CVE-2005-3352"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-1906.NASL", "href": "https://www.tenable.com/plugins/nessus/29372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29372);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2006-3747\");\n\n script_name(english:\"SuSE 10 Security Update : Apache2 (ZYPP Patch Number 1906)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes security problems in the Apache2 webserver :\n\nmod_rewrite: Fixed an off-by-one security problem in the ldap scheme\nhandling. For some RewriteRules this could lead to a pointer being\nwritten out of bounds. (CVE-2006-3747)\n\nFor SUSE Linux Enterprise Server 10 additionally an old security\nproblem was fixed: mod_imap: Fixes a cross-site scripting bug in the\nimagemap module. (CVE-2005-3352)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2005-3352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3747.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 1906.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Module mod_rewrite LDAP Protocol Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"apache2-2.2.0-21.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"apache2-prefork-2.2.0-21.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"apache2-worker-2.2.0-21.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "httpd": [{"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2005-3352"], "description": "\n\nA flaw in mod_imap when using the Referer directive with image maps.\nIn certain site configurations a remote attacker could perform a cross-site\nscripting attack if a victim can be forced to visit a malicious \nURL using certain web browsers. \n\n", "edition": 1, "modified": "2006-05-01T00:00:00", "published": "2005-11-01T00:00:00", "id": "HTTPD:6A6D246162DDA1D862484083299ECC4C", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.58: mod_imap Referer Cross-Site Scripting", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-12-24T14:26:52", "bulletinFamily": "software", "cvelist": ["CVE-2005-3352"], "description": "\n\nA flaw in mod_imap when using the Referer directive with image maps.\nIn certain site configurations a remote attacker could perform a cross-site\nscripting attack if a victim can be forced to visit a malicious \nURL using certain web browsers. \n\n", "edition": 5, "modified": "2005-12-12T00:00:00", "published": "2005-11-01T00:00:00", "id": "HTTPD:585431E03431E2BD4D1F7D6E61204BB9", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: mod_imap Referer Cross-Site Scripting", "type": "httpd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2005-3352"], "description": "\n\nA flaw in mod_imap when using the Referer directive with image maps.\nIn certain site configurations a remote attacker could perform a cross-site\nscripting attack if a victim can be forced to visit a malicious \nURL using certain web browsers. \n\n", "edition": 1, "modified": "2006-05-01T00:00:00", "published": "2005-11-01T00:00:00", "id": "HTTPD:02D2F96F0155C694CF1295A7E79268B4", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 1.3.35: mod_imap Referer Cross-Site Scripting", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2005-3352"], "description": "\n\nA flaw in mod_imap when using the Referer directive with image maps.\nIn certain site configurations a remote attacker could perform a cross-site\nscripting attack if a victim can be forced to visit a malicious \nURL using certain web browsers. \n\n", "edition": 1, "modified": "2006-05-01T00:00:00", "published": "2005-11-01T00:00:00", "id": "HTTPD:86B13C85F68E8D147B32F80CDEF73D8E", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.2.2: mod_imap Referer Cross-Site Scripting", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:56:37", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3747", "CVE-2005-3352"], "description": "The following security problem was fixed in the Apache and Apache 2 web servers:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-07-28T14:21:14", "published": "2006-07-28T14:21:14", "id": "SUSE-SA:2006:043", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-07/msg00019.html", "title": "remote denial of service in apache,apache2", "type": "suse", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3357", "CVE-2005-3352"], "edition": 1, "description": "### Background\n\nThe Apache HTTP server is one of the most popular web servers on the Internet. mod_imap provides support for server-side image maps; mod_ssl provides secure HTTP connections. \n\n### Description\n\nApache's mod_imap fails to properly sanitize the \"Referer\" directive of imagemaps in some cases, leaving the HTTP Referer header unescaped. A flaw in mod_ssl can lead to a NULL pointer dereference if the site uses a custom \"Error 400\" document. These vulnerabilities were reported by Marc Cox and Hartmut Keil, respectively. \n\n### Impact\n\nA remote attacker could exploit mod_imap to inject arbitrary HTML or JavaScript into a user's browser to gather sensitive information. Attackers could also cause a Denial of Service on hosts using the SSL module (Apache 2.0.x only). \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Apache users should upgrade to the latest version, depending on whether they still use the old configuration style (/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf). \n\n2.0.x users, new style config: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.0.55-r1\"\n\n2.0.x users, old style config: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"=www-servers/apache-2.0.54-r16\"\n\n1.x users, new style config: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"=www-servers/apache-1.3.34-r11\"\n\n1.x users, old style config: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"=www-servers/apache-1.3.34-r2\"", "modified": "2007-12-30T00:00:00", "published": "2006-02-06T00:00:00", "id": "GLSA-200602-03", "href": "https://security.gentoo.org/glsa/200602-03", "type": "gentoo", "title": "Apache: Multiple vulnerabilities", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:22:12", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918", "CVE-2005-3352"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1167-1 security@debian.org\nhttp://www.debian.org/security/ Steve Kemp\nSeptember 4th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : apache\nVulnerability : missing input sanitising \nProblem-Type : remote\nDebian-specific: no \nCVE ID : CVE-2006-3918 CVE-2005-3352\nDebian Bug : 381381 343466\n\nSeveral remote vulnerabilities have been discovered in the Apache, the\nworlds most popular webserver, which may lead to the execution of arbitrary\nweb script. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2005-3352\n\n A cross-site scripting (XSS) flaw exists in the mod_imap component of\n the Apache server.\n\nCVE-2006-3918\n\n Apache does not sanitize the Expect header from an HTTP request when \n it is reflected back in an error message, which might allow cross-site \n scripting (XSS) style attacks.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.33-6sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.3.34-3.\n\nWe recommend that you upgrade your apache package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.dsc\n Size/MD5 checksum: 1119 38df6fe54a784dfcbf3e1510e099865e\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.diff.gz\n Size/MD5 checksum: 373584 2af62cfb3d6523134bf52d32567d396a\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz\n Size/MD5 checksum: 3105683 1a34f13302878a8713a2ac760d9b6da8\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge3_all.deb\n Size/MD5 checksum: 334696 494bae0fb839c498146119864a215a45\n http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge3_all.deb\n Size/MD5 checksum: 1333060 d580b14b6d0dcd625d2e5d8cd052e172\n http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge3_all.deb\n Size/MD5 checksum: 212750 62b603132ddffa8f1d209e25efaf710b\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_alpha.deb\n Size/MD5 checksum: 428394 f046f50e83b2001911b075426a00496e\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_alpha.deb\n Size/MD5 checksum: 904410 11ab4e174f28b2ad55a4b8fe9164ec70\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_alpha.deb\n Size/MD5 checksum: 9223374 18af7b52030a8235808f758c9adc2233\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_alpha.deb\n Size/MD5 checksum: 569796 3df0cdde9f4293b732b00535e288638d\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_alpha.deb\n Size/MD5 checksum: 542832 a76d1fe52c6c7b604a4406b09b553dfb\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb\n Size/MD5 checksum: 505212 cd448b4a36c588e832fb3450ee568383\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_amd64.deb\n Size/MD5 checksum: 401596 25172b26459154f43f6d6a30ca984223\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_amd64.deb\n Size/MD5 checksum: 876800 90566c369fb5bd3aef95cb1a982c4673\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_amd64.deb\n Size/MD5 checksum: 9163050 0039650aceb91734f4d28d71ed03b0b7\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_amd64.deb\n Size/MD5 checksum: 524552 974a82bc6cad36fceca1beb7e6e8a751\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_amd64.deb\n Size/MD5 checksum: 513922 cee41d6c34a440aa2641c6298afaec78\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_amd64.deb\n Size/MD5 checksum: 492634 a42522ddd4b1b0df67c214fe8fe30702\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_arm.deb\n Size/MD5 checksum: 384426 562d9db8c2d0c08e8ef3a5ac3c066991\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_arm.deb\n Size/MD5 checksum: 841502 b59f5bd9cd60afad9511e8d32234b605\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_arm.deb\n Size/MD5 checksum: 8986156 f297c94b1571043f0758a114f4cffacb\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_arm.deb\n Size/MD5 checksum: 496134 3b1126c47884892ab32dabd4ee7fa724\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_arm.deb\n Size/MD5 checksum: 489830 06f770b97e273e91684b90b98cb9416c\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_arm.deb\n Size/MD5 checksum: 479416 e1de8c552383fab6a73a2a2a33033392\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_hppa.deb\n Size/MD5 checksum: 406792 500ae39ef6507daec78c6cb98fc5fa6b\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_hppa.deb\n Size/MD5 checksum: 905596 ba4e1b726c573a28cabe4f192ec47a7e\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_hppa.deb\n Size/MD5 checksum: 9100666 3afce64bfeb0d49d87acbebfad937aa2\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_hppa.deb\n Size/MD5 checksum: 536310 0ed71b8af8923bbe73743f87a5b0d15d\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_hppa.deb\n Size/MD5 checksum: 518938 f60b6a4fe07eddc4ae9ad2907e9a10de\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_hppa.deb\n Size/MD5 checksum: 508866 e7166be9bedc95e600b8e6f99c6a0773\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_i386.deb\n Size/MD5 checksum: 386824 316be5f99dbce3d7a99b423bf6aad4f0\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_i386.deb\n Size/MD5 checksum: 860258 a5739eae75197bcdfefb3f88357046fa\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_i386.deb\n Size/MD5 checksum: 9125070 44dac7aa9af92c2d35805600d9942f56\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_i386.deb\n Size/MD5 checksum: 505036 d3507dbad7cc29b5d5f48838d37788f2\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_i386.deb\n Size/MD5 checksum: 493906 6cddd1409210e44d146e562437fe9b0e\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_i386.deb\n Size/MD5 checksum: 486920 7a4ebd8d698d8b27d86cde501b2e37ea\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_ia64.deb\n Size/MD5 checksum: 463582 d6727fb64033b7e9e5fec02c99ddccb4\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_ia64.deb\n Size/MD5 checksum: 972070 993bc5598b3f8d3b323d7142f0af068a\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_ia64.deb\n Size/MD5 checksum: 9356472 4f04357801f9adf640b923ba55141d06\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_ia64.deb\n Size/MD5 checksum: 627670 67723ecb16c6354f9917cfb2994688ce\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_ia64.deb\n Size/MD5 checksum: 586218 9d531536098a6132db6e5e55c8c61f7d\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_ia64.deb\n Size/MD5 checksum: 532970 2b4d80404ec866768b13eea9cccba0c8\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_m68k.deb\n Size/MD5 checksum: 371224 11e27383df4c492e780b602b5a691177\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_m68k.deb\n Size/MD5 checksum: 847290 bda6118d92b6f4266a68e5c769915d77\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_m68k.deb\n Size/MD5 checksum: 8973936 d5f3af955891e755a6f82ad2ddc4251f\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_m68k.deb\n Size/MD5 checksum: 448792 7cc02085c7a8854f7f99bf0486db8ef1\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_m68k.deb\n Size/MD5 checksum: 477488 9f1961a7b2298f33ca700f65b598a575\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_m68k.deb\n Size/MD5 checksum: 489430 2db034e4701a55c718919dad83f2c570\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mips.deb\n Size/MD5 checksum: 403474 c2078bea81d4674b94cc6928c818d91f\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mips.deb\n Size/MD5 checksum: 851594 7adcef101424558b208e458a7f26e5bb\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mips.deb\n Size/MD5 checksum: 9049020 ad184b1edc27be6777add8a2dcee59bb\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mips.deb\n Size/MD5 checksum: 485348 b067dad315f0eb43e35ef310ffcd8f11\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mips.deb\n Size/MD5 checksum: 510036 11237943a107b9e5aab03b164946f192\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mips.deb\n Size/MD5 checksum: 443674 cb61d4a7fb04bdfb149e91e6f162e3a5\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mipsel.deb\n Size/MD5 checksum: 403812 544f672fc2fcc2386f0dfc52270370c2\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mipsel.deb\n Size/MD5 checksum: 850096 1c86bed17e26ab9a0d7fabde05f54496\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mipsel.deb\n Size/MD5 checksum: 9054440 6dfa3da28646f6ef2cda58e6583bd42a\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mipsel.deb\n Size/MD5 checksum: 485576 1e22bdda682380f75e383ef6daa9810d\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mipsel.deb\n Size/MD5 checksum: 510906 e8cc83ab983be776b2b8d5efa966cc93\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mipsel.deb\n Size/MD5 checksum: 443550 df9c83e96b60d05415de5e7437c85c4d\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_powerpc.deb\n Size/MD5 checksum: 398792 fde3379aa1722e4928b0dcebacde8cd3\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_powerpc.deb\n Size/MD5 checksum: 921430 1752e1761d599f75bec0a5440a0c5000\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_powerpc.deb\n Size/MD5 checksum: 9252778 6598265b624c8081d067b51a4a2bd7b2\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_powerpc.deb\n Size/MD5 checksum: 515538 bed60fc9b7535fb76df1dc47b3b75d31\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_powerpc.deb\n Size/MD5 checksum: 510564 c6d6fa3c927fba3205d4d8cd7255f946\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_powerpc.deb\n Size/MD5 checksum: 490806 bd21c1a2c18c159f9be20147bd56a033\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_s390.deb\n Size/MD5 checksum: 403296 cdb74b97915f5bba992d43aa5072bf69\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_s390.deb\n Size/MD5 checksum: 868460 0af306030af56192e6a4a0ddbc857fbd\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_s390.deb\n Size/MD5 checksum: 9183208 92aa1ac6e882540971f228ccb7b8581e\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_s390.deb\n Size/MD5 checksum: 490244 d70328a7357a3f0d0f4750ac44f14b7a\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_s390.deb\n Size/MD5 checksum: 514702 ceb61f369cccf94aa44aa43675eaf715\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_s390.deb\n Size/MD5 checksum: 460598 505caef969194a36e151a2ad11436c09\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_sparc.deb\n Size/MD5 checksum: 385712 1b7269518bb8477b617e80e4441e346c\n http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_sparc.deb\n Size/MD5 checksum: 849494 119987a73dc8781ba2f11db3b38fa32d\n http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_sparc.deb\n Size/MD5 checksum: 9046496 53bb97f85c73563d247165532dac13c5\n http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_sparc.deb\n Size/MD5 checksum: 504378 ca133fd06dd62da415ef8382453cf657\n http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_sparc.deb\n Size/MD5 checksum: 492194 b97d2a3cd2d95a8b77dc9ab54f52bd13\n http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_sparc.deb\n Size/MD5 checksum: 490386 1dca7784debdba341f27d1b388bb0eb2\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2006-09-04T00:00:00", "published": "2006-09-04T00:00:00", "id": "DEBIAN:DSA-1167-1:158F8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00257.html", "title": "[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-09T19:46:32", "bulletinFamily": "unix", "cvelist": ["CVE-2005-3357", "CVE-2005-3352"], "description": "The \"mod_imap\" module (which provides support for image maps) did not \nproperly escape the \"referer\" URL which rendered it vulnerable against \na cross-site scripting attack. A malicious web page (or HTML email) \ncould trick a user into visiting a site running the vulnerable mod_imap, \nand employ cross-site-scripting techniques to gather sensitive user \ninformation from that site. (CVE-2005-3352)\n\nHartmut Keil discovered a Denial of Service vulnerability in the SSL \nmodule (\"mod_ssl\") that affects SSL-enabled virtual hosts with a \ncustomized error page for error 400. By sending a specially crafted \nrequest to the server, a remote attacker could crash the server. This \nonly affects Apache 2, and only if the \"worker\" implementation \n(apache2-mpm-worker) is used. (CVE-2005-3357)", "edition": 5, "modified": "2006-01-13T00:00:00", "published": "2006-01-13T00:00:00", "id": "USN-241-1", "href": "https://ubuntu.com/security/notices/USN-241-1", "title": "Apache vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:43:09", "bulletinFamily": "info", "cvelist": ["CVE-2005-3352", "CVE-2005-3357", "CVE-2006-3747"], "description": "### Overview \n\nA vulnerability in a common Apache HTTP server module, `mod_rewrite`, could allow a remote attacker to execute arbitrary code on an affected web server.\n\n### Description \n\nThe [Apache HTTP server](<http://httpd.apache.org/>) distribution includes a number of supplemental [modules](<http://httpd.apache.org/docs/mod/>) that provide additional functionality to the web server. One of these modules, [`mod_rewrite`](<http://httpd.apache.org/docs/mod/mod_rewrite.html>), provides a rule-based rewriting engine to rewrite requested URLs \"on the fly\" based on regular expressions.\n\nAn off-by-one error exists in the `ldap` scheme handling in `mod_rewrite`. For some `RewriteRules`, specifically those where the remote user can influence the beginning of a rewritten URL and that do not include any of the following flags: Forbidden (`F`), Gone (`G`), or NoEscape (`NE`), this could lead to a pointer being written out of bounds. This flaw causes a remotely exploitable vulnerability on web servers that have `mod_rewrite` enabled (configuration directive \"`RewriteEngine on`\") and configured to use certain rules. For example, rules with this format expose the vulnerability: \n \n`RewriteRule fred/(.*) $1` \n \nWhile rules with this format do not expose the vulnerability: \n \n`RewriteRule fred/(.*) joe/$1` \n \nThe versions of the `mod_rewrite` module supplied with the Apache HTTP server versions \n\n\n * 1.3 branch from 1.3.28\n * 2.0 branch from 2.0.46\n * 2.2 branch from 2.2.0\n \nare vulnerable to this issue but earlier versions are not. The Apache Software Foundation notes that `mod_rewrite` is not enabled and configured as a normal default, however it is a commonly used module and may be provided in a vulnerable configuration by redistributors. \n--- \n \n### Impact \n\nAn attacker may be able to execute arbitrary code in the context of the web server user (e.g., \"`apache`\", \"`httpd`\", \"`nobody`\", \"`SYSTEM`\", etc.). The Apache Software Foundation notes that, due to the nature of the underlying flaw, successful exploitation is dependent upon the stack frame layout of apache running on the target host. \n \n--- \n \n### Solution \n\n**Apply a patch from the vendor** \n \nPatches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details. \n \n--- \n \n**Workarounds**\n\n \nDisable `mod_rewrite` if it is not required in your web server configuration. Instructions for doing this can be found in the [Apache HTTP server documentation](<http://httpd.apache.org/docs/>). Sites, particularly those that are not able to apply the patches, are encouraged to implement this workaround. \n \n--- \n \n### Vendor Information\n\n395412\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apache HTTP Server Project __ Affected\n\nUpdated: August 01, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Apache project has released httpd versions 1.3.37 (for the 1.3 branch), 2.0.59 (for the 2.0 branch), and 2.2.3 (for the 2.2 branch) in response to this issue. Users are encouraged to upgrade to the appropriate version of the software that contains a fix. For more information, see the following Apache announcements:\n\n \n<<http://www.apache.org/dist/httpd/Announcement2.2.html>> \n<<http://www.apache.org/dist/httpd/Announcement2.0.html>> \n<<http://www.apache.org/dist/httpd/Announcement1.3.html>>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23395412 Feedback>).\n\n### Fedora Project __ Affected\n\nUpdated: July 27, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`Vendor statement: Fedora Project \n \nVulnerable \n \nThe ability to exploit this issue is dependent on the stack layout for \na particular compiled version of mod_rewrite. The Fedora project has \nanalyzed Fedora Core 4 and 5 binaries and determined that these \ndistributions are vulnerable to this issue. However this flaw does \nnot affect a default installation of Fedora Core; users who do not \nuse, or have not enabled, the Rewrite module are not affected by this \nissue. \n \nUpdates to correct this issue are available, see \n<http://fedora.redhat.com/Download/updates.html> \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Gentoo Linux __ Affected\n\nNotified: July 26, 2006 Updated: August 01, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Gentoo Security Team has published Gentoo Linux Security Advisory [GLSA 200608-01/apache](<http://www.gentoo.org/security/en/glsa/glsa-200608-01.xml>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23395412 Feedback>).\n\n### Hewlett-Packard Company __ Affected\n\nNotified: July 26, 2006 Updated: September 15, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE-----` \n`Hash: SHA1` \n \n`SUPPORT COMMUNICATION - SECURITY BULLETIN` \n \n`Document ID: c00760969` \n \n`Version: 1` \n \n`HPSBUX02145 SSRT061202 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, ` \n`Denial of Service (DoS), and Unauthorized Access` \n \n`NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.` \n \n`Release Date: 2006-08-25` \n`Last Updated: 2006-08-28` \n \n`Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), ` \n`and unauthorized access.` \n \n`Source: Hewlett-Packard Company, HP Software Security Response Team` \n \n`VULNERABILITY SUMMARY` \n`Potential security vulnerabilities have been identified with Apache running on HP-UX. ` \n`These vulnerabilities could be exploited remotely to allow execution of arbitrary code, ` \n`Denial of Service (DoS), or unauthorized access.` \n \n`References: CVE-2006-3747, CVE-2005-3352, CVE-2005-3357` \n \n`SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.` \n`HP-UX B.11.00, B.11.11, B.11.23 running Apache-based Web Server prior to v.2.0.58.` \n \n`BACKGROUND` \n \n`The following potential security vulnerabilities are resolved in the ` \n`software update listed below:` \n \n`CVE-2006-3747 (cve.mitre.org): Off-by-one error in the ldap scheme handling.` \n`CVE-2005-3352 (cve.mitre.org): mod_ssl NULL pointer dereference.` \n`CVE-2005-3357 (cve.mitre.org): Remote arbitrary code execution.` \n \n`AFFECTED VERSIONS` \n \n`For IPv4:` \n`HP-UX B.11.00` \n`HP-UX B.11.11` \n`===========` \n`hpuxwsAPACHE` \n`action: install revision A.2.0.58.00 or subsequent` \n`action: restart Apache` \n \n`For IPv6:` \n`HP-UX B.11.11` \n`===========` \n`hpuxwsAPACHE,revision=B.1.0.00.01` \n`hpuxwsAPACHE,revision=B.1.0.07.01` \n`hpuxwsAPACHE,revision=B.1.0.08.01` \n`hpuxwsAPACHE,revision=B.1.0.09.01` \n`hpuxwsAPACHE,revision=B.1.0.10.01` \n`hpuxwsAPACHE,revision=B.2.0.48.00` \n`hpuxwsAPACHE,revision=B.2.0.49.00` \n`hpuxwsAPACHE,revision=B.2.0.50.00` \n`hpuxwsAPACHE,revision=B.2.0.51.00` \n`hpuxwsAPACHE,revision=B.2.0.52.00` \n`hpuxwsAPACHE,revision=B.2.0.53.00` \n`hpuxwsAPACHE,revision=B.2.0.54.00` \n`hpuxwsAPACHE,revision=B.2.0.55.00` \n`action: install revision B.2.0.58.00 or subsequent` \n`action: restart Apache` \n \n`HP-UX B.11.23` \n`===========` \n`hpuxwsAPACHE` \n`action: install revision B.2.0.58.00 or subsequent` \n`action: restart Apache` \n \n`END AFFECTED VERSIONS` \n \n`RESOLUTION` \n \n`HP has made the following patches and software updates available to resolve the issue.` \n \n`Software updates for the Apache-based Web Server are available from:` \n \n`<http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/>` \n`displayProductInfo.pl?productNumber=HPUXWSSUITE` \n \n`HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server ` \n`v.2.0.58.00 or subsequent.` \n \n`Apache Update Procedure` \n \n`Check for Apache Installation` \n`- ----------------------------` \n`To determine if the Apache web server from HP is installed on your system, ` \n`use Software Distributor's swlist command. All three revisions of the product ` \n`may co-exist on a single system.` \n`For example, the results of the command` \n`swlist -l product | grep -i apache` \n`hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server` \n \n`Stop Apache` \n`- -------------` \n`Before updating, make sure to stop any previous Apache binary. Otherwise, ` \n`the previous binary will continue running, preventing the new one from starting,` \n`although the installation would be successful. After determining which Apache is ` \n`installed, stop Apache with the following commands:` \n`for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop` \n \n`Download and Install Apache` \n`- ---------------------------` \n`Download Apache from Software Depot:` \n \n`<http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/>` \n`displayProductInfo.pl?productNumber=HPUXWSSUITE` \n \n`Verify successful download by comparing the cksum with the value ` \n`specified on the installation web page.` \n \n`Use SD to swinstall the depot.` \n`Installation of this new revision of HP Apache over an existing HP Apache ` \n`installation is supported, while installation over a non-HP Apache is NOT supported.` \n \n`Removing Apache Installation` \n`- ----------------------------` \n`If you prefer to remove Apache from your system instead of installing a newer revision ` \n`to resolve the security problem, use both Software Distributor's \"swremove\" command ` \n`and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables.` \n`%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf` \n \n`MANUAL ACTIONS: Yes - Update plus other actions` \n`Install the revision of the product.` \n \n`PRODUCT SPECIFIC INFORMATION` \n`HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all ` \n`HP-issued Security Bulletins to provide a subset of recommended actions that potentially ` \n`affect a specific HP-UX system. For more information: <http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA>` \n \n`HISTORY: rev.1 - 28 August 2006 Initial Release` \n \n`Support: For further information, contact normal HP Services` \n`support channel.` \n \n`Report: To report a potential security vulnerability with any HP` \n`supported product, send Email to: security-alert@hp.com. It is` \n`strongly recommended that security related information being` \n`communicated to HP be encrypted using PGP, especially exploit` \n`information. To get the security-alert PGP key, please send an` \n`e-mail message as follows:` \n` To: security-alert@hp.com` \n` Subject: get key` \n \n`Subscribe: To initiate a subscription to receive future HP` \n`Security Bulletins via Email:` \n`[http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&](<http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&>)` \n`langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC` \n \n`On the web page: ITRC security bulletins and patch sign-up` \n`Under Step1: your ITRC security bulletins and patches` \n` - check ALL categories for which alerts are required and` \n` continue.` \n`Under Step2: your ITRC operating systems` \n` - verify your operating system selections are checked and` \n` save.` \n \n`To update an existing subscription:` \n`<http://h30046.www3.hp.com/subSignIn.php>` \n`Log in on the web page:` \n` Subscriber's choice for Business: sign-in.` \n`On the web page:` \n` Subscriber's Choice: your profile summary` \n` - use Edit Profile to update appropriate sections.` \n \n`To review previously published Security Bulletins visit:` \n`<http://www.itrc.hp.com/service/cki/secBullArchive.do>` \n \n`* The Software Product Category that this Security Bulletin` \n`relates to is represented by the 5th and 6th characters of the` \n`Bulletin number in the title:` \n \n` GN = HP General SW,` \n` MA = HP Management Agents,` \n` MI = Misc. 3rd party SW,` \n` MP = HP MPE/iX,` \n` NS = HP NonStop Servers,` \n` OV = HP OpenVMS,` \n` PI = HP Printing & Imaging,` \n` ST = HP Storage SW,` \n` TL = HP Trusted Linux,` \n` TU = HP Tru64 UNIX,` \n` UX = HP-UX,` \n` VV = HP Virtual Vault` \n \n \n`System management and security procedures must be reviewed` \n`frequently to maintain system integrity. HP is continually` \n`reviewing and enhancing the security features of software products` \n`to provide customers with current secure solutions.` \n \n`\"HP is broadly distributing this Security Bulletin in order to` \n`bring to the attention of users of the affected HP products the` \n`important security information contained in this Bulletin. HP` \n`recommends that all users determine the applicability of this` \n`information to their individual situations and take appropriate` \n`action. HP does not warrant that this information is necessarily` \n`accurate or complete for all user situations and, consequently, HP` \n`will not be responsible for any damages resulting from user's use` \n`or disregard of the information provided in this Bulletin. To the` \n`extent permitted by law, HP disclaims all warranties, either` \n`express or implied, including the warranties of merchantability` \n`and fitness for a particular purpose, title and non-infringement.\"` \n \n \n`(c)Copyright 2006 Hewlett-Packard Development Company, L.P.` \n`Hewlett-Packard Company shall not be liable for technical or` \n`editorial errors or omissions contained herein. The information` \n`provided is provided \"as is\" without warranty of any kind. To the` \n`extent permitted by law, neither HP nor its affiliates,` \n`subcontractors or suppliers will be liable for incidental, special` \n`or consequential damages including downtime cost; lost profits;` \n`damages relating to the procurement of substitute products or` \n`services; or damages for loss of data, or software restoration.` \n`The information in this document is subject to change without` \n`notice. Hewlett-Packard Company and the names of Hewlett-Packard` \n`products referenced herein are trademarks of Hewlett-Packard` \n`Company in the United States and other countries. Other product` \n`and company names mentioned herein may be trademarks of their` \n`respective owners.` \n`-----BEGIN PGP SIGNATURE-----` \n`Version: PGP 8.1` \n \n`iQA/AwUBRP1TReAfOvwtKn1ZEQLT9ACfWII/AKKvj7mlAZjWvCuL5RR7WjkAn38R` \n`t0wC8YEPUSa3cTZD5UhhZEiW` \n`=30XB` \n`-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Mandriva, Inc. __ Affected\n\nNotified: July 26, 2006 Updated: August 01, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nMandriva has published Mandriva Linux Security Advisory [MDKSA-2006:133](<http://www.mandriva.com/security/advisories?name=MDKSA-2006:133>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23395412 Feedback>).\n\n### OpenPKG __ Affected\n\nUpdated: August 01, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe OpenPKG Project has published OpenPKG Security Advisory [OpenPKG-SA-2006.015](<http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.015-apache.html>) in response to this issue. Users are encouraged to review this advisory and apply the patches that it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23395412 Feedback>).\n\n### Oracle Corporation __ Affected\n\nNotified: July 26, 2006 Updated: October 18, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.oracle.com/technology/deploy/security/critical-patch-updates/public_vuln_to_advisory_mapping.html>.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23395412 Feedback>).\n\n### SUSE Linux __ Affected\n\nNotified: July 26, 2006 Updated: August 01, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSUSE has published SUSE Security Announcement [SUSE-SA:2006:043](<http://www.novell.com/linux/security/advisories/2006_43_apache.html>) in response to this issue. Users are encouraged to review this announcement and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23395412 Feedback>).\n\n### Slackware Linux Inc. __ Affected\n\nNotified: July 26, 2006 Updated: August 01, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSlackware has published Slackware Security Advisory [SSA:2006-209-01](<http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.610131>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23395412 Feedback>).\n\n### Ubuntu __ Affected\n\nNotified: July 26, 2006 Updated: August 01, 2006 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Ubuntu project has published [Ubuntu Security Notice USN-328-1](<http://www.ubuntu.com/usn/usn-328-1>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23395412 Feedback>).\n\n### Apple Computer, Inc. __ Not Affected\n\nNotified: July 26, 2006 Updated: July 27, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Mac OS X and Mac OS X Server do not contain this vulnerability.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu __ Not Affected\n\nNotified: July 26, 2006 Updated: July 27, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`We are investigating this issue. \nNo affected products have been identified.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi __ Not Affected\n\nNotified: July 26, 2006 Updated: July 31, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Hitachi Web Server does NOT support mod_rewrite module \nofficially and is NOT vulnerable to this issue.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Juniper Networks, Inc. __ Not Affected\n\nNotified: July 26, 2006 Updated: July 27, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Juniper Networks products are not susceptible to this vulnerability`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Openwall GNU/*/Linux __ Not Affected\n\nNotified: July 26, 2006 Updated: July 31, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Openwall GNU/*/Linux is not vulnerable. We do not currently ship Apache.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. __ Not Affected\n\nUpdated: July 27, 2006 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Not vulnerable \n \nThis issue does not affect the version of Apache httpd as supplied with \nRed Hat Enterprise Linux 2.1 \n \nThe ability to exploit this issue is dependent on the stack layout for \na particular compiled version of mod_rewrite. If the compiler has \nadded padding to the stack immediately after the buffer being \noverwritten, this issue can not be exploited, and Apache httpd will \ncontinue operating normally. \n \nThe Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 \nand Red Hat Enterprise Linux 4 binaries for all architectures as \nshipped by Red Hat and determined that these versions cannot be \nexploited. We therefore do not plan on providing updates for this \nissue. \n \nFor technical details see: \n<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200219> \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Debian GNU/Linux __ Unknown\n\nNotified: July 26, 2006 Updated: August 03, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Debian project has published [Debian Security Advisory DSA 1132](<http://www.debian.org/security/2006/dsa-1132>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23395412 Feedback>).\n\n### EMC, Inc. (formerly Data General Corporation) Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer __ Unknown\n\nNotified: July 26, 2006 Updated: July 27, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\n`For information related to this and other published CERT Advisories that may \nrelate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) \nplease go to \n[https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=](<https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=>) \n \nIn order to access this information you will require a Resource Link ID. To \nsubscribe to Resource Link go to \n<http://app-06.www.ibm.com/servers/resourcelink> and follow the steps for \nregistration. \n \nAll questions should be referred to servsec@us.ibm.com. \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: July 26, 2006 Updated: July 28, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Trustix Secure Linux Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: July 26, 2006 Updated: July 25, 2006 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 43 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.apache.org/dist/httpd/Announcement2.2.html>\n * <http://www.apache.org/dist/httpd/Announcement2.0.html>\n * <http://www.apache.org/dist/httpd/Announcement1.3.html>\n * <http://secunia.com/advisories/21197/>\n * <http://secunia.com/advisories/21273/>\n * <http://secunia.com/advisories/21245/>\n * <http://secunia.com/advisories/21266/>\n * <http://secunia.com/advisories/21247/>\n * <http://secunia.com/advisories/21307/>\n * <http://secunia.com/advisories/21315/>\n * <http://secunia.com/advisories/21313/>\n * <http://secunia.com/advisories/21284/>\n * <http://www.niscc.gov.uk/niscc/docs/al-20060728-00515.html?lang=en>\n * <http://jvn.jp/cert/JVNVU%23395412/index.html>\n\n### Acknowledgements\n\nThanks to Mark Cox of the Apache Software Foundation for reporting this vulnerability. Mark, in turn, credits Mark Dowd of McAfee AVERT Labs with reporting this issue.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-3747](<http://web.nvd.nist.gov/vuln/detail/CVE-2006-3747>) \n---|--- \n**Severity Metric:** | 6.48 \n**Date Public:** | 2006-07-27 \n**Date First Published:** | 2006-07-28 \n**Date Last Updated: ** | 2006-10-18 12:52 UTC \n**Document Revision: ** | 43 \n", "modified": "2006-10-18T12:52:00", "published": "2006-07-28T00:00:00", "id": "VU:395412", "href": "https://www.kb.cert.org/vuls/id/395412", "type": "cert", "title": "Apache mod_rewrite contains off-by-one error in ldap scheme handling", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:20:57", "bulletinFamily": "software", "cvelist": ["CVE-2013-3769", "CVE-2013-1571", "CVE-2013-3824", "CVE-2013-3774", "CVE-2013-3749", "CVE-2013-2407", "CVE-2013-3819", "CVE-2013-3778", "CVE-2013-3788", "CVE-2013-3809", "CVE-2013-3818", "CVE-2013-3799", "CVE-2010-0434", "CVE-2010-0425", "CVE-2013-3783", "CVE-2013-3791", "CVE-2013-3768", "CVE-2013-3807", "CVE-2013-3823", "CVE-2013-3755", "CVE-2013-3753", "CVE-2011-0419", "CVE-2013-3786", "CVE-2008-2364", "CVE-2013-2451", "CVE-2013-3771", "CVE-2013-3782", "CVE-2013-3760", "CVE-2012-2687", "CVE-2013-3756", "CVE-2013-3789", "CVE-2013-3767", "CVE-2013-3811", "CVE-2013-3776", "CVE-2013-3746", "CVE-2013-3777", "CVE-2013-3750", "CVE-2013-3770", "CVE-2013-3772", "CVE-2013-3757", "CVE-2013-3787", "CVE-2013-3808", "CVE-2013-1861", "CVE-2013-3813", "CVE-2013-3775", "CVE-2013-3800", "CVE-2013-3765", "CVE-2013-3784", "CVE-2013-3759", "CVE-2013-3803", "CVE-2013-2461", "CVE-2013-3806", "CVE-2013-3745", "CVE-2013-3780", "CVE-2006-5752", "CVE-2013-3794", "CVE-2013-3758", "CVE-2010-2068", "CVE-2013-3816", "CVE-2013-3763", "CVE-2013-3810", "CVE-2013-3754", "CVE-2007-3847", "CVE-2013-3748", "CVE-2013-0398", "CVE-2013-3751", "CVE-2007-6388", "CVE-2013-3752", "CVE-2013-3764", "CVE-2013-3773", "CVE-2013-3812", "CVE-2007-5000", "CVE-2013-3781", "CVE-2013-3805", "CVE-2005-3352", "CVE-2013-3795", "CVE-2013-3820", "CVE-2013-2457", "CVE-2013-3821", "CVE-2013-3822", "CVE-2013-3761", "CVE-2013-3804", "CVE-2011-3348", "CVE-2013-3779", "CVE-2013-3825", "CVE-2013-3797", "CVE-2013-3802", "CVE-2013-3790", "CVE-2013-3796", "CVE-2013-3793", "CVE-2013-3747", "CVE-2013-3798", "CVE-2013-3801"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 89 new security fixes across the product families listed below.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "modified": "2013-09-11T00:00:00", "published": "2013-07-16T00:00:00", "id": "ORACLE:CPUJULY2013-1899826", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2013", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
