DATABASE RESOURCES PRICING ABOUT US

{"id": "H1:244459", "vendorId": null, "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects", "description": "Apache HTTP Server, prior to release 2.4.25, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated as whitespace and remained in the request field member \"the_request\", while a bare CR in the request header field name would be honored as whitespace, and a bare CR in the request header field value was retained the input headers array. Implied additional whitespace was accepted in the request line and prior to the ':' delimiter of any request header lines.\n\nRFC7230 Section 3.5 calls out some of these whitespace exceptions, and section 3.2.3 eliminated and clarified the role of implied whitespace in the grammer of this specification. Section 3.1.1 requires exactly one single SP between the method and request-target, and between the request-target and HTTP-version, followed immediately by a CRLF sequence. None of these fields permit any (unencoded) CTL character whatsoever. Section 3.2.4 explicitly disallowed any whitespace from the request header field prior to the ':' character, while Section 3.2 disallows all CTL characters in the request header line other than the HTAB character as whitespace.\n\nThese defects represent a security concern when httpd is participating in any chain of proxies or interacting with back-end application servers, either through mod_proxy or using conventional CGI mechanisms. In each case where one agent accepts such CTL characters and does not treat them as whitespace, there is the possiblity in a proxy chain of generating two responses from a server behind the uncautious proxy agent. In a sequence of two requests, this results in request A to the first proxy being interpreted as requests A + A' by the backend server, and if requests A and B were submitted to the first proxy in a keepalive connection, the proxy may interpret response A' as the response to request B, polluting the cache or potentially serving the A' content to a different downstream user-agent.\n\nThese defects are addressed with the release of Apache HTTP Server 2.4.25 and coordinated by a new directive;\n\n- [HttpProtocolOptions Strict](http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions)\n\nwhich is the default behavior of 2.4.25 and later. By toggling from 'Strict' behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow some invalid HTTP/1.1 clients to communicate with the server, but this will reintroduce the possibility of the problems described in this assessment. Note that relaxing the behavior to 'Unsafe' will still not permit raw CTLs other than HTAB (where permitted), but will allow other RFC requirements to not be enforced, such as exactly two SP characters in the request line.\n\nAcknowledgements: We would like to thank David Dennerline at IBM Security's X-Force Researchers as well as R\u00e9gis Leroy for each reporting this issue.\n\nReported to security team: 10th February 2016\nIssue public: 20th December 2016\nUpdate Released: 20th December 2016\n\nAffects: 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1, 2.2.31, 2.2.29, 2.2.27, 2.2.26, 2.2.25, 2.2.24, 2.2.23, 2.2.22, 2.2.21, 2.2.20, 2.2.19, 2.2.18, 2.2.17, 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0", "published": "2017-06-29T17:41:22", "modified": "2017-07-11T14:39:47", "epss": [{"cve": "CVE-2015-3183", "epss": 0.06455, "percentile": 0.92872, "modified": "2023-10-14"}, {"cve": "CVE-2015-5739", "epss": 0.01828, "percentile": 0.86837, "modified": "2023-10-03"}, {"cve": "CVE-2015-5740", "epss": 0.01373, "percentile": 0.84733, "modified": "2023-10-03"}, {"cve": "CVE-2015-8852", "epss": 0.00816, "percentile": 0.79586, "modified": "2023-08-06"}, {"cve": "CVE-2016-2086", "epss": 0.00524, "percentile": 0.73604, "modified": "2023-06-03"}, {"cve": "CVE-2016-6816", "epss": 0.00262, "percentile": 0.62495, "modified": "2023-06-03"}, {"cve": "CVE-2016-8743", "epss": 0.00408, "percentile": 0.7011, "modified": "2023-06-03"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://hackerone.com/reports/244459", "reporter": "regilero", "references": [], "cvelist": ["CVE-2015-3183", "CVE-2015-5739", "CVE-2015-5740", "CVE-2015-8852", "CVE-2016-2086", "CVE-2016-6816", "CVE-2016-8743"], "immutableFields": [], "lastseen": "2023-10-17T07:49:37", "viewCount": 255, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2015-578", "ALAS-2015-579", "ALAS-2015-588", "ALAS-2016-721", "ALAS-2016-776", "ALAS-2016-777", "ALAS-2016-778", "ALAS-2017-785", "ALAS-2017-810", "ALAS-2017-851", "ALAS-2017-863"]}, {"type": "apple", "idList": ["APPLE:0627AF17A33B956DE48ACE757A30BFB9", "APPLE:B6838750CA6086B150DDD58EB8FAE22A", "APPLE:B767E2D26FA517686D44D7106CA489EB", "APPLE:E8FF9F04ED54DD8E8D5B899FB4A8000E", "APPLE:HT207268", "APPLE:HT207615", "APPLE:HT208144", "APPLE:HT208221"]}, {"type": "archlinux", "idList": ["ASA-201507-15", "ASA-201611-22"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-64394", "ATLASSIAN:JRASERVER-65102", "JRASERVER-64394", "JRASERVER-65102"]}, {"type": "centos", "idList": ["CESA-2015:1667", "CESA-2015:1668", "CESA-2016:1538", "CESA-2017:0527", "CESA-2017:0906", "CESA-2017:0935", "CESA-2017:1721"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:49E12FFB172ED25FC5E4B1AC01EEF7BF"]}, {"type": "cve", "idList": ["CVE-2015-3183", "CVE-2015-5739", "CVE-2015-5740", "CVE-2015-8852", "CVE-2016-2086", "CVE-2016-8743", "CVE-2017-6056"]}, {"type": "d0znpp", "idList": ["D0ZNPP:49DD0FEAD5D037024F28DFCCAA51B205"]}, {"type": "debian", "idList": ["DEBIAN:DLA-284-1:B7206", "DEBIAN:DLA-728-1:A9D65", "DEBIAN:DLA-728-1:ECD0E", "DEBIAN:DLA-729-1:1B0B9", "DEBIAN:DLA-729-1:E931B", "DEBIAN:DLA-779-1:56F21", "DEBIAN:DLA-779-1:8029E", "DEBIAN:DLA-841-1:5E66E", "DEBIAN:DLA-841-2:98C98", "DEBIAN:DLA-862-1:B30ED", "DEBIAN:DLA-862-1:D0310", "DEBIAN:DSA-3325-1:A3689", "DEBIAN:DSA-3325-1:B1666", "DEBIAN:DSA-3325-2:8DA4D", "DEBIAN:DSA-3325-2:9B1A3", "DEBIAN:DSA-3553-1:64BC2", "DEBIAN:DSA-3553-1:D320C", "DEBIAN:DSA-3738-1:66970", "DEBIAN:DSA-3738-1:EB221", "DEBIAN:DSA-3739-1:06429", "DEBIAN:DSA-3739-1:1BDAB", "DEBIAN:DSA-3796-1:1635B", "DEBIAN:DSA-3796-1:1E6E3", "DEBIAN:DSA-3796-2:C09F5", "DEBIAN:DSA-3796-2:E23FE"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-3183", "DEBIANCVE:CVE-2015-8852", "DEBIANCVE:CVE-2016-2086", "DEBIANCVE:CVE-2016-6816", "DEBIANCVE:CVE-2016-8743", "DEBIANCVE:CVE-2017-6056"]}, {"type": "exploitdb", "idList": ["EDB-ID:41783"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:1FA29992905DF6DC8A86680F66930B75"]}, {"type": "f5", "idList": ["F5:K00373024", "F5:K15311661", "F5:K17251", "F5:K37337112", "F5:K50116122", "SOL17251", "SOL50116122"]}, {"type": "fedora", "idList": ["FEDORA:09EE06061CB6", "FEDORA:0C2BC608A4AA", "FEDORA:125286087B00", "FEDORA:1C211602EC07", "FEDORA:1DA54604D2A3", "FEDORA:400196069A42", "FEDORA:8CEB2616D980", "FEDORA:A9BA0608752F", "FEDORA:C9C90605A0C9", "FEDORA:D06C8608A2A8", "FEDORA:D945D60A9505", "FEDORA:EC00C6087D62", "FEDORA:F09EC61BF6F0"]}, {"type": "freebsd", "idList": ["0B9AF110-D529-11E6-AE1B-002590263BF5", "29083F8E-2CA8-11E5-86FF-14DAE9D210B8", "4464212E-4ACD-11E5-934B-002590263BF5", "862D6AB3-C75E-11E6-9F98-20CF30E32F6D", "A12494C1-2AF4-11E5-86FF-14DAE9D210B8"]}, {"type": "gentoo", "idList": ["GLSA-201607-10", "GLSA-201610-02", "GLSA-201612-43", "GLSA-201701-36"]}, {"type": "github", "idList": ["GHSA-JC7P-5R39-9477"]}, {"type": "hackerone", "idList": ["H1:648434"]}, {"type": "httpd", "idList": ["HTTPD:348811594B4FDD8579A34C563A16F7F6", "HTTPD:60BF8A7CCF62E24F92B3DCCA0E53F1F8", "HTTPD:867B7FEBC94AAFD9542C6BE363C3D8A3", "HTTPD:BEF84406F2FB3CB90F1C555BEFF774E2"]}, {"type": "ibm", "idList": ["005CD4323BE5D5A364E314DA6EAE380498E1994FDED8A4F27C9191E8EAA53CED", "029AA49A507A723A5E4C56429FB5A19F84FFBFB3D81F702E5C7D95F238C49FAF", "09ABAF3B9F1B64FE60E27154B81A44E24BCD439D323F2ADE09C848F6FB7244EA", "0C4F91C9AA7E146EDA1AA877B92C4C590E445AC7D2AC0E60ECCE4BA77A47F0EB", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "1B2A94FC385D7D94AFCB490D7B33A59B4FE30EFE9AC4369DE4AC8270E6507BA6", "27D9F78215BC8DA5E461529935E017D0C45DAE754B77CF82E40E104157050326", "28A18420E3649FDF858FD17E31DB05BBDD69C54F5D7556386C5774F6FC5E065D", "2A154FA8D34017E50CF35433C3DE4641EF2E92450EBD25CEF33FAD6C26916BCE", "2BD37805DC887AD3D6117D8905FE17EA13216CECC2B4A4B11E74AF00F0E40CD9", "30B97F976830F38EC78A601AC4AF08E5E915E3601910C6A37C3824A2F36E31B8", "310958DD2F3D06D59563227432B7213CDDE28119F92BE0B7917A8425B04EC260", "33EAF4D2D1629463CA0D94D45BE0806D2DD557AF7064E0F83288B301688098DA", "3410E09FDCBC57E565C72083D3A630854D64B8490C9907FC7A07113F787F18CE", "356E5C62922F18B4E07F1706BC7652506B9581DA0428D8C9FA7B4130A0FA1C9B", "38CC3F0B1992B7F87CFBCAE3CC7B31F2966DC0FA035A5E4BF2B0AA5F15F1A057", "3C00EEEE25E3873CF2F0A7DE4942A1B1268F8DE228AA39AA29973B50786D63B8", "3CF5B36481AB7E8BDD7E46F138D4A0F805DFBEBAB7935FE6D74F72C7767B9B16", "3E52F30DE645ED79947372BF790D5DAB4B5FA29866C26DA53811D62A4E0B3206", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "41C8E5B8B6F63FB1847CDDD2118C44C34CF36A01F2CEA5F03999A5A67A00D4C1", "42B553A5257DBCE0553E09359217D9B58850595C4F83DD12BEB3762A7D09FF2D", "50AE63BFCF8B58A7B7F3089D5424BDD34DB78E4FF4858500CCF43E9AD8B9DAA8", "512C81F4010ED9ED585799790D430D84037A3FE404BCF76DEDCCAEC0A382CB5B", "51AB1F7F50AE2546674F97D246115890E30F6672B86D6D523810D29C5BAE0D62", "5276D07236F09D5D4E1A38B4E304BC335E677F2639AAB1A09809E9794F9A17E1", "52BCF84201CEBA012FEF5D806CBEB019BE40DA44E167DE103878B677EE8CAFAB", "52ED63D7067B4DE0C8EDD4FAE8B35FD6F505F239797FA80985E3ED3C5D838C11", "55156FCD842A2CC421648C286DB79335E98E88FF88D30BADC857588FB7995139", "5A52E05798B8AB970AD9EC977030C97C931E6F10AE0FDD80F78789D15F3CC09A", "5B9A50D9E3649F848A0A37452668DE4569DA15366553BACD2CF55D9BC49FB6EE", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "5D430929F71D32516C9EC6330184BE099F144C8F467067DB72767978303BB30E", "5DFE6B79B25C44CBA008AA76D79705C9D2320EA9C2087D3E36D2BADCC47C9D82", "5F10D23AA5FB96A26EEC6EC30ECE57D8A9A574525E0AC5D33ACA03A5033CB488", "6303DBADEE057709C654DF5F5232AAB673061979F73C5434D17C7C2EE4FC8C78", "6B0A5599577E8CC081B38DC85FFC053A3E597118CD8108314778BA17EC91A265", "6CC2895CD235DA81BBEE7646BB236D7BD6FD4721E8EBA263A5F4B353CAE70190", "6D1EA12A252C82A036251C841912B8D2E2DA26FBB120365C7BD4352D8CE2A4AC", "6D6FD3B17FF4E3AEC7C3300A59DF811D1AEFB71253A1B03A9B6D6569C666112F", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "70549CC4BB1FA3369F5BC1EF01770F5CF2D9642AA2B34DE63805694D06A895CC", "70F04B9A5CE3FFBC33D36A32D999163F5334E04B121B116CCEE525F5C79AD71C", "73D435B3BAA4F0C36956E1673DC703BAAA4CBCE9B9B1F25C1F46C311B4A6088E", "7A239D773E85D49EC6C3DCC826998322464A3AFF137190C346B4214386BD9FE8", "7D29B4909C6BF3ADF472798B711970B396D8FD474F784096D0CD51E0C3DE6E56", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7EC649E6BC5F3D338DD0D070678E70EF4B5FA744C4A6157F839098EC69F3AD14", "80707DEDE830EEBA2718A20B010C8A34D8C482E8A92EF2AF8B3EAF1C337706A5", "81F849DB721B2DCA5A205BB147AD1924F661EFA18C0495E59202C53E64B8C551", "83949293D531C3BC38D05B8E11F73860AE63D675A7ACD0FBACD46879F7DFA117", "83BEC5BE76DF901F9313DC0E22D9F7B7B815E20E6B6815632BCBD80947228620", "85F4F9ABC26A141EA4CBD424EA8C33FAF00DCF970AA42D90F5EC572561A224B5", "8895614CD28FCD83AB1CE346B560016135ECF081AAE437BDBC538A8B16E75D34", "8A6223C808B0E1ABCA5278270A44D3F1DFDB8E47A62B90896C665877A5F7E993", "8E456E2BF8E88834C4ACBF32EE7BA5AC206E0D77D5D8C37A3008D171D2685920", "8E707C6723A8AE84E257A785A1F0A0704AEA1218866DF3AD3C1C94882C5D965F", "8F63BC3CF4FFE8E56809705C71F9763152D76451EDAADBD199902983B8AC2975", "9613E878D620A6D0F9489090E5CD7A16E4F4C366D560C6C54BC551EC99C4218D", "986EB5B27FFEE44F8A4A4ACBC63C6479E55A0B65C44CA1525112EB98C39334CC", "991424B137EE7998105AE8359FDAB7EEBA627F9A936DD3DD35EF4AC7625C20B6", "9B42F852F4AF0BA8746EBACEB82E34997A0D5C2467042997734953C2D009D359", "9DF02074BA3925CF3598C301188D5F28B4BFFB33B3E23BFBFA13160C42AC0926", "AB8332BB49251697A40C4A181070CC821286458CE2114BD526688971705EBC0B", "AEC322D7B231A41EB50B885093083A12F434B90088B8332217FF86B6AE09FCAB", "AF0238154AA1358490B320F50C9820D8CA6D89CDB7190FCD9E4A0779A6DDCA6E", "AF496E8C72489250D3F499580E263AE349F5F9559FF071587B820E41A492E9F0", "AFC7F6891989929988472E4484D8B25AC7FBCCA340DD73184F71D987BA13551A", "B0917B9B05986D5C57AFA7D61D59DB3AC46BF8A66810DCCC331CD59E3A0CC975", "B192A38BFCB65C485CB834810BC072C9ED521B788476FAD8E67C2FE9EE26ACC2", "B38DBE38F17B5A514627DD6BBD5252176BA17D057FB3070D5C24522DD2CAEC6B", "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "B6D95F0701F49D56D5D5A8A74DDA2BF012DB31C636A1656CE925657C52B37FF4", "B73E2AC64919358B53CBFE9E0576F144ECF05CB1E42E5E59DCDDEF0BD5FEF485", "B7B3FA2AFAFB2AC1DA355B883C70BC406537B6576B61CB09CFDE0F25E0AC2E81", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "BA0ECBE0DF73AF77D0BC9564AEB2B59377917457D1B75D09F5309EFDB91ECED2", "BFC19961F4B2A71B650F919D0D8075421D25957A36A4487C121AAA7C17E478AF", "C7F9DAB9D9A5A1B7F9CB5FED324EFCAC4C72B5C0E11F0AF70FA86C8048D14D8D", "D28A33DD6F9F0616BF17BE9435C16BA5747AE3606D1B535CC4C8068BCF7BF4EB", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D4C1C0E6A5170ECC8C7B3DFFE304FF401A904E8D9E1A70A203081EBBCDBE568F", "D86FE44D98DA7C28FEC89271CF14D0D0C5B622A5A310D188BADF3A8D121163C7", "DA78D22BE98AAE3FAE7595498C22303F728B4F1A787F6AA2950D1A2B51579024", "DD38275FC7A6C7310933EE72F39FB765D116781C288A9701506DA04B64DC99E3", "E026D876441506065638E9669757F49A62954ECA499F837804AD1070CA5C7B19", "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "E35B3BFF26EE49538A5E52DCE95E046C70D680FA622448F3D6FE654C3E6D6A09", "E503DEB61BB4A13FF7955EBAC438276557BFDFCC33EB33C034096CB3EFEFB35F", "E5BED95253597B6A4861BB4F148C31D09BEF0402DCC4562ED80D21AD82BB8760", "E5CCFEB8FF61741D5445DECFC644AF15349B27D60E9FAC68BB92BC49C83938F2", "EBE616DA40BA67D9642C6C6899E1FE0135C104ABDE475227E71EBEB089471CFC", "EE10C38D24F0D49C2129BA7090605392BB0D751675F9906BC012259726EDCF59"]}, {"type": "kaspersky", "idList": ["KLA10640"]}, {"type": "mageia", "idList": ["MGASA-2015-0281", "MGASA-2016-0080", "MGASA-2016-0150", "MGASA-2016-0417", "MGASA-2018-0007"]}, {"type": "nessus", "idList": ["700668.PASL", "8970.PRM", "8981.PRM", "9486.PRM", "9906.PASL", "9908.PRM", "ALA_ALAS-2015-578.NASL", "ALA_ALAS-2015-579.NASL", "ALA_ALAS-2015-588.NASL", "ALA_ALAS-2016-721.NASL", "ALA_ALAS-2016-776.NASL", "ALA_ALAS-2016-777.NASL", "ALA_ALAS-2016-778.NASL", "ALA_ALAS-2017-785.NASL", "ALA_ALAS-2017-810.NASL", "ALA_ALAS-2017-851.NASL", "ALA_ALAS-2017-863.NASL", "APACHE_2_2_32.NASL", "APACHE_2_4_16.NASL", "APACHE_2_4_25.NASL", "CENTOS_RHSA-2015-1667.NASL", "CENTOS_RHSA-2015-1668.NASL", "CENTOS_RHSA-2016-1538.NASL", "CENTOS_RHSA-2017-0527.NASL", "CENTOS_RHSA-2017-0906.NASL", "CENTOS_RHSA-2017-0935.NASL", "CENTOS_RHSA-2017-1721.NASL", "DEBIAN_DLA-284.NASL", "DEBIAN_DLA-728.NASL", "DEBIAN_DLA-729.NASL", "DEBIAN_DLA-779.NASL", "DEBIAN_DLA-841.NASL", "DEBIAN_DSA-3325.NASL", "DEBIAN_DSA-3553.NASL", "DEBIAN_DSA-3738.NASL", "DEBIAN_DSA-3739.NASL", "DEBIAN_DSA-3796.NASL", "EULEROS_SA-2017-1081.NASL", "EULEROS_SA-2017-1082.NASL", "EULEROS_SA-2017-1085.NASL", "EULEROS_SA-2017-1086.NASL", "EULEROS_SA-2019-1419.NASL", "F5_BIGIP_SOL00373024.NASL", "F5_BIGIP_SOL15311661.NASL", "F5_BIGIP_SOL17251.NASL", "F5_BIGIP_SOL50116122.NASL", "FEDORA_2015-11689.NASL", "FEDORA_2015-11792.NASL", "FEDORA_2015-12957.NASL", "FEDORA_2015-13002.NASL", "FEDORA_2015-15618.NASL", "FEDORA_2015-15619.NASL", "FEDORA_2016-3102C11757.NASL", "FEDORA_2016-8925B6119F.NASL", "FEDORA_2016-8D9B62C784.NASL", "FEDORA_2016-98CCA07999.NASL", "FEDORA_2016-9C33466FBB.NASL", "FEDORA_2016-A98C560116.NASL", "FEDORA_2016-D22F50D985.NASL", "FREEBSD_PKG_0B9AF110D52911E6AE1B002590263BF5.NASL", "FREEBSD_PKG_29083F8E2CA811E586FF14DAE9D210B8.NASL", "FREEBSD_PKG_4464212E4ACD11E5934B002590263BF5.NASL", "FREEBSD_PKG_862D6AB3C75E11E69F9820CF30E32F6D.NASL", "FREEBSD_PKG_A12494C12AF411E586FF14DAE9D210B8.NASL", "GENTOO_GLSA-201607-10.NASL", "GENTOO_GLSA-201610-02.NASL", "GENTOO_GLSA-201612-43.NASL", "GENTOO_GLSA-201701-36.NASL", "HPSMH_7_6_1.NASL", "IBM_HTTP_SERVER_289001.NASL", "IBM_HTTP_SERVER_533835.NASL", "JUNIPER_SPACE_JSA_10838.NASL", "MACOSX_10_10_5.NASL", "MACOSX_SECUPD2015-006.NASL", "MACOSX_SECUPD2017-004.NASL", "MACOSX_SERVER_5_0_3.NASL", "MACOSX_XCODE_81.NASL", "MACOS_10_12_4.NASL", "MACOS_10_13.NASL", "NEWSTART_CGSL_NS-SA-2019-0117_TOMCAT6.NASL", "NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL", "OPENSUSE-2015-635.NASL", "OPENSUSE-2016-1455.NASL", "OPENSUSE-2016-1456.NASL", "OPENSUSE-2016-283.NASL", "OPENSUSE-2016-588.NASL", "OPENSUSE-2016-907.NASL", "OPENSUSE-2017-416.NASL", "OPENSUSE-2017-417.NASL", "OPENSUSE-2018-1046.NASL", "ORACLELINUX_ELSA-2015-1666.NASL", "ORACLELINUX_ELSA-2015-1667.NASL", "ORACLELINUX_ELSA-2015-1668.NASL", "ORACLELINUX_ELSA-2016-1538.NASL", "ORACLELINUX_ELSA-2017-0527.NASL", "ORACLELINUX_ELSA-2017-0906.NASL", "ORACLELINUX_ELSA-2017-0935.NASL", "ORACLELINUX_ELSA-2017-1721.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2016_CPU.NASL", "REDHAT-RHSA-2015-1667.NASL", "REDHAT-RHSA-2015-1668.NASL", "REDHAT-RHSA-2015-2659.NASL", "REDHAT-RHSA-2015-2660.NASL", "REDHAT-RHSA-2016-0061.NASL", "REDHAT-RHSA-2016-1538.NASL", "REDHAT-RHSA-2016-2054.NASL", "REDHAT-RHSA-2016-2055.NASL", "REDHAT-RHSA-2017-0244.NASL", "REDHAT-RHSA-2017-0245.NASL", "REDHAT-RHSA-2017-0246.NASL", "REDHAT-RHSA-2017-0250.NASL", "REDHAT-RHSA-2017-0455.NASL", "REDHAT-RHSA-2017-0456.NASL", "REDHAT-RHSA-2017-0527.NASL", "REDHAT-RHSA-2017-0906.NASL", "REDHAT-RHSA-2017-0935.NASL", "REDHAT-RHSA-2017-1413.NASL", "REDHAT-RHSA-2017-1414.NASL", "REDHAT-RHSA-2017-1721.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "SECURITYCENTER_APACHE_2_4_16.NASL", "SECURITYCENTER_APACHE_2_4_25.NASL", "SLACKWARE_SSA_2015-198-01.NASL", "SLACKWARE_SSA_2016-358-01.NASL", "SL_20150824_HTTPD_ON_SL6_X.NASL", "SL_20150824_HTTPD_ON_SL7_X.NASL", "SL_20170315_TOMCAT6_ON_SL6_X.NASL", "SL_20170412_HTTPD_ON_SL7_X.NASL", "SL_20170412_TOMCAT_ON_SL7_X.NASL", "SL_20170711_HTTPD_ON_SL6_X.NASL", "SUSE_SU-2015-1851-1.NASL", "SUSE_SU-2015-1885-2.NASL", "SUSE_SU-2017-0729-1.NASL", "SUSE_SU-2017-0797-1.NASL", "SUSE_SU-2017-0801-1.NASL", "SUSE_SU-2018-2554-1.NASL", "SUSE_SU-2018-2815-1.NASL", "SUSE_SU-2018-2815-2.NASL", "TOMCAT_8_5_8.NASL", "UBUNTU_USN-2686-1.NASL", "UBUNTU_USN-3177-1.NASL", "UBUNTU_USN-3177-2.NASL", "UBUNTU_USN-3279-1.NASL", "UBUNTU_USN-4557-1.NASL", "VIRTUOZZO_VZLSA-2017-0527.NASL", "VIRTUOZZO_VZLSA-2017-0906.NASL", "VIRTUOZZO_VZLSA-2017-0935.NASL", "VIRTUOZZO_VZLSA-2017-1721.NASL", "WEBSPHERE_8_5_5_7.NASL", "WEB_APPLICATION_SCANNING_98908", "WEB_APPLICATION_SCANNING_98910"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:FEBRUARY-2016-SECURITY-RELEASES"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112085", "OPENVAS:1361412562310120063", "OPENVAS:1361412562310120289", "OPENVAS:1361412562310120511", "OPENVAS:1361412562310120710", "OPENVAS:1361412562310122866", "OPENVAS:1361412562310123022", "OPENVAS:1361412562310123023", "OPENVAS:1361412562310130097", "OPENVAS:1361412562310131240", "OPENVAS:1361412562310131299", "OPENVAS:1361412562310703325", "OPENVAS:1361412562310703553", "OPENVAS:1361412562310703738", "OPENVAS:1361412562310703739", "OPENVAS:1361412562310703796", "OPENVAS:1361412562310805698", "OPENVAS:1361412562310806018", "OPENVAS:1361412562310807254", "OPENVAS:1361412562310807281", "OPENVAS:1361412562310810717", "OPENVAS:1361412562310810718", "OPENVAS:1361412562310810728", "OPENVAS:1361412562310810730", "OPENVAS:1361412562310811960", "OPENVAS:1361412562310812033", "OPENVAS:1361412562310842386", "OPENVAS:1361412562310843024", "OPENVAS:1361412562310843035", "OPENVAS:1361412562310843156", "OPENVAS:1361412562310851455", "OPENVAS:1361412562310851503", "OPENVAS:1361412562310851910", "OPENVAS:1361412562310869789", "OPENVAS:1361412562310869816", "OPENVAS:1361412562310869876", "OPENVAS:1361412562310869881", "OPENVAS:1361412562310869977", "OPENVAS:1361412562310869978", "OPENVAS:1361412562310871434", "OPENVAS:1361412562310871436", "OPENVAS:1361412562310871773", "OPENVAS:1361412562310871795", "OPENVAS:1361412562310871799", "OPENVAS:1361412562310871843", "OPENVAS:1361412562310872149", "OPENVAS:1361412562310872150", "OPENVAS:1361412562310872157", "OPENVAS:1361412562310872183", "OPENVAS:1361412562310872185", "OPENVAS:1361412562310882255", "OPENVAS:1361412562310882258", "OPENVAS:1361412562310882682", "OPENVAS:1361412562310882690", "OPENVAS:1361412562310882692", "OPENVAS:1361412562310882751", "OPENVAS:1361412562310890000", "OPENVAS:1361412562310890841", "OPENVAS:1361412562311220171081", "OPENVAS:1361412562311220171082", "OPENVAS:1361412562311220171085", "OPENVAS:1361412562311220171086", "OPENVAS:1361412562311220191419", "OPENVAS:703325", "OPENVAS:703553", "OPENVAS:703738", "OPENVAS:703739", "OPENVAS:703796"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUJAN2016", "ORACLE:CPUJUL2016", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1666", "ELSA-2015-1667", "ELSA-2015-1668", "ELSA-2017-0527", "ELSA-2017-0906", "ELSA-2017-0935", "ELSA-2017-1721"]}, {"type": "osv", "idList": ["OSV:DLA-284-1", "OSV:DLA-728-1", "OSV:DLA-729-1", "OSV:DLA-779-1", "OSV:DLA-841-1", "OSV:DLA-841-2", "OSV:DLA-862-1", "OSV:DSA-3325-1", "OSV:DSA-3325-2", "OSV:DSA-3553-1", "OSV:DSA-3796-1", "OSV:DSA-3796-2", "OSV:GHSA-JC7P-5R39-9477", "OSV:GO-2021-0157", "OSV:GO-2021-0159"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:141920"]}, {"type": "redhat", "idList": ["RHSA-2015:1666", "RHSA-2015:1667", "RHSA-2015:1668", "RHSA-2015:2659", "RHSA-2015:2660", "RHSA-2016:0061", "RHSA-2016:0062", "RHSA-2016:1538", "RHSA-2016:2054", "RHSA-2016:2055", "RHSA-2017:0244", "RHSA-2017:0245", "RHSA-2017:0246", "RHSA-2017:0247", "RHSA-2017:0250", "RHSA-2017:0455", "RHSA-2017:0456", "RHSA-2017:0457", "RHSA-2017:0527", "RHSA-2017:0906", "RHSA-2017:0935", "RHSA-2017:1161", "RHSA-2017:1413", "RHSA-2017:1414", "RHSA-2017:1415", "RHSA-2017:1721"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-6816", "RH:CVE-2016-8743"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32345", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:VULN:14598", "SECURITYVULNS:VULN:14630"]}, {"type": "seebug", "idList": ["SSV:92678"]}, {"type": "slackware", "idList": ["SSA-2015-198-01", "SSA-2016-358-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3129-1", "OPENSUSE-SU-2016:3144-1", "OPENSUSE-SU-2018:2856-1", "SUSE-SU-2016:3079-1", "SUSE-SU-2016:3081-1", "SUSE-SU-2017:1632-1", "SUSE-SU-2017:1660-1"]}, {"type": "tomcat", "idList": ["TOMCAT:0DBA25EA40A6FEBF5FD9039D7F60718E", "TOMCAT:604E2DE63F4E10D22151D29C4D2E7487", "TOMCAT:7FF5C8CC86A7AF5DA33F4B5874774B9B", "TOMCAT:9E43DA1677EA0537439D1A6D19A16EC5", "TOMCAT:DCB8C0E7C96DD2367CF48625F7A47EDF"]}, {"type": "ubuntu", "idList": ["USN-2686-1", "USN-3177-1", "USN-3177-2", "USN-3279-1", "USN-3373-1", "USN-4557-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-3183", "UB:CVE-2015-5739", "UB:CVE-2015-5740", "UB:CVE-2015-8852", "UB:CVE-2016-2086", "UB:CVE-2016-4975", "UB:CVE-2016-6816", "UB:CVE-2016-8743", "UB:CVE-2017-6056"]}, {"type": "veracode", "idList": ["VERACODE:11782", "VERACODE:12118", "VERACODE:12289", "VERACODE:12542", "VERACODE:16459", "VERACODE:3596", "VERACODE:3988", "VERACODE:4003", "VERACODE:7849"]}, {"type": "zdt", "idList": ["1337DAY-ID-27485"]}]}, "score": {"value": 6.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-785", "ALAS-2017-851", "ALAS-2017-863"]}, {"type": "apple", "idList": ["APPLE:B6838750CA6086B150DDD58EB8FAE22A"]}, {"type": "centos", "idList": ["CESA-2017:0906", "CESA-2017:1721"]}, {"type": "cve", "idList": ["CVE-2016-8743"]}, {"type": "d0znpp", "idList": ["D0ZNPP:49DD0FEAD5D037024F28DFCCAA51B205"]}, {"type": "debian", "idList": ["DEBIAN:DLA-841-1:5E66E", "DEBIAN:DLA-862-1:D0310", "DEBIAN:DSA-3796-1:1E6E3", "DEBIAN:DSA-3796-2:C09F5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-8743"]}, {"type": "f5", "idList": ["F5:K00373024"]}, {"type": "fedora", "idList": ["FEDORA:09EE06061CB6", "FEDORA:A9BA0608752F"]}, {"type": "freebsd", "idList": ["862D6AB3-C75E-11E6-9F98-20CF30E32F6D"]}, {"type": "gentoo", "idList": ["GLSA-201701-36"]}, {"type": "hackerone", "idList": ["H1:648434"]}, {"type": "httpd", "idList": ["HTTPD:BEF84406F2FB3CB90F1C555BEFF774E2"]}, {"type": "ibm", "idList": ["8E707C6723A8AE84E257A785A1F0A0704AEA1218866DF3AD3C1C94882C5D965F"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/IBM-HTTP_SERVER-CVE-2016-8743/"]}, {"type": "nessus", "idList": ["700511.PRM", "ALA_ALAS-2017-785.NASL", "ALA_ALAS-2017-863.NASL", "CENTOS_RHSA-2017-0906.NASL", "DEBIAN_DSA-3796.NASL", "FEDORA_2016-8D9B62C784.NASL", "FEDORA_2016-D22F50D985.NASL", "OPENSUSE-2017-416.NASL", "OPENSUSE-2017-417.NASL", "OPENSUSE-2018-1046.NASL", "ORACLELINUX_ELSA-2017-0906.NASL", "REDHAT-RHSA-2017-0906.NASL", "SL_20170412_HTTPD_ON_SL7_X.NASL", "SUSE_SU-2017-0729-1.NASL", "SUSE_SU-2017-0797-1.NASL", "SUSE_SU-2017-0801-1.NASL", "SUSE_SU-2018-2815-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812033", "OPENVAS:1361412562310851910", "OPENVAS:1361412562310871843", "OPENVAS:1361412562310872183", "OPENVAS:1361412562310872185", "OPENVAS:1361412562310882751"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0906"]}, {"type": "redhat", "idList": ["RHSA-2017:1413"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-8743"]}, {"type": "slackware", "idList": ["SSA-2016-358-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2856-1"]}, {"type": "ubuntu", "idList": ["USN-3373-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-8743"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-3183", "epss": 0.07372, "percentile": 0.93078, "modified": "2023-05-07"}, {"cve": "CVE-2015-5739", "epss": 0.01828, "percentile": 0.86413, "modified": "2023-05-08"}, {"cve": "CVE-2015-5740", "epss": 0.01373, "percentile": 0.84238, "modified": "2023-05-08"}, {"cve": "CVE-2015-8852", "epss": 0.00816, "percentile": 0.79311, "modified": "2023-05-08"}, {"cve": "CVE-2016-2086", "epss": 0.00524, "percentile": 0.73463, "modified": "2023-05-08"}, {"cve": "CVE-2016-6816", "epss": 0.00262, "percentile": 0.62307, "modified": "2023-05-08"}, {"cve": "CVE-2016-8743", "epss": 0.00408, "percentile": 0.69998, "modified": "2023-05-07"}], "vulnersScore": 6.7}, "_state": {"dependencies": 1697529838, "score": 1698831771, "epss": 0}, "_internal": {"score_hash": "573748be7cee6d8a74e870fb45f75a5f"}, "bounty": 0.0, "bountyState": "resolved", "h1team": {"url": "https://hackerone.com/ibb", "handle": "ibb", "profile_picture_urls": {"small": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/d3dc6b2d7e2dc3657e8861b0d7e2dfca1a6d513dd784c613f4e56738907cea98?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ3VDJJETA%2F20231017%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20231017T074936Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEG8aCXVzLXdlc3QtMiJGMEQCIHWnlQ3A0pcf4WvyKDnJCWOidtTTgva2H1QusWNYoljpAiA5g291%2FzV%2BgEsJwN6MNL9VsT6ginzgNkSUhWWMoy%2FG0Sq7BQiI%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAMaDDAxMzYxOTI3NDg0OSIMiuZjmKZdS8H2D9vlKo8FqN2nU5zw6bMhPPPBDKRHXxv6ZmbIXZrfBOT0uTftJWwPkUsb4usm4mcIBqNUxQzTteCrj%2BwnUd9VUwLTfwBSC24EueJ1fg2C59BinYwJV1awUf2W6u1nwAvN1bKuZ58LksvK9X81OF7%2FEMsR8Sx4fokfxu2J%2B026rvsaqVmZXbcqE2I%2FlAOcHRLAAo%2Fybz4aEcnqcgpusseZz7cDXgpX%2FRr5Ea6rofUdlGNmyIilNj9D8APwVwu4xsyVsfCcNr7aTliK60gmcCOcQr5yYMlFdrVd9yeF23RCB1AIoxWDu1m4JWsykc87%2B7ULb%2FVN%2BAIfJ9nWv7AC38UdujoA07sx6RrXNI9M%2BtlonloI8mQ6h4ou%2Bz%2FGl1I1ZQHGi3bKEZuPw7ev3FUrvjJkgXrmoMJ%2FJyGWv147LH5ej%2FgKYYUIAmYjgC2fhkQllYl4EEzMaM8ba5MnLBaXra%2BH0CDFFVaf9byNGjE6l3S9GiaLje4hzGGRHf6mHWenYQpiSDL4cUsMMUD0ElKtqN2EHjqaiwbaVNGclx6IgkfHg7K9aAwdHh%2BkQy8gg%2BeDDtGXas6qnbW0qEfRgH9Q4OAtickdGslBuedEKBh7X9OaLAuFZ%2B0DT1LaMmGFUXvHXDPObJH9DCL4kwRSDdDB6837cj5%2FbbaaL%2B%2F5YsJvZxjs5TsVwN2JN1jQyOJ%2BF27NzuLuLUrWM3Sr2K8CVmqRxO9KXfHUvtg%2BVFpc5mANhl%2FF9SO3WkpwmjtFP5vpTYhOG%2BJH5PtlO2O0CewKzfTyGF8qxfMDfRt0WDGR6FwhJJYwvqhne8UAFs9RXyNZQn6enaHyyFO1170D52BxNuWTbIcMFBKhvlaZUtL26d6BCe%2FwByMBbTdTrjC00ripBjqyATlX3glzHQ2UNUxbSmThaeqVPnoUq%2BRFQtp2x0bCEBQ8rsooL8oeVlUEUQTmp3Qr85RMft3Q0XTfVBbo17SmopGfoH%2FYCXaZx1ZKR23p6PWRjsiu1xPrsrBZ9eWyp1effrh2CcWoRMPldpApL77rV4LwyZTFs7sGGFF5uASdcHyXpBSso3wGHc1o2r%2BvRc9lQTrwFTfH8XLJAtElHzIbjBRLoteVVsYSO7Cu0jmJmF1usfI%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=4f7f6776ccea7ff10d50068d47ebcab234da8bdaab1966107235e03071ffa6ff", "medium": "https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/v0qywgoh5hm4cbhuanu8mqdtowhr/5136ed9b2fa7c4d4abbf39fb971047c62d98ec4740a88eb55d7e26373250a937?response-content-disposition=inline%3B%20filename%3D%22ibb%20revision%205%20copy.png%22%3B%20filename%2A%3DUTF-8%27%27ibb%2520revision%25205%2520copy.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ3VDJJETA%2F20231017%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20231017T074936Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEG8aCXVzLXdlc3QtMiJGMEQCIHWnlQ3A0pcf4WvyKDnJCWOidtTTgva2H1QusWNYoljpAiA5g291%2FzV%2BgEsJwN6MNL9VsT6ginzgNkSUhWWMoy%2FG0Sq7BQiI%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAMaDDAxMzYxOTI3NDg0OSIMiuZjmKZdS8H2D9vlKo8FqN2nU5zw6bMhPPPBDKRHXxv6ZmbIXZrfBOT0uTftJWwPkUsb4usm4mcIBqNUxQzTteCrj%2BwnUd9VUwLTfwBSC24EueJ1fg2C59BinYwJV1awUf2W6u1nwAvN1bKuZ58LksvK9X81OF7%2FEMsR8Sx4fokfxu2J%2B026rvsaqVmZXbcqE2I%2FlAOcHRLAAo%2Fybz4aEcnqcgpusseZz7cDXgpX%2FRr5Ea6rofUdlGNmyIilNj9D8APwVwu4xsyVsfCcNr7aTliK60gmcCOcQr5yYMlFdrVd9yeF23RCB1AIoxWDu1m4JWsykc87%2B7ULb%2FVN%2BAIfJ9nWv7AC38UdujoA07sx6RrXNI9M%2BtlonloI8mQ6h4ou%2Bz%2FGl1I1ZQHGi3bKEZuPw7ev3FUrvjJkgXrmoMJ%2FJyGWv147LH5ej%2FgKYYUIAmYjgC2fhkQllYl4EEzMaM8ba5MnLBaXra%2BH0CDFFVaf9byNGjE6l3S9GiaLje4hzGGRHf6mHWenYQpiSDL4cUsMMUD0ElKtqN2EHjqaiwbaVNGclx6IgkfHg7K9aAwdHh%2BkQy8gg%2BeDDtGXas6qnbW0qEfRgH9Q4OAtickdGslBuedEKBh7X9OaLAuFZ%2B0DT1LaMmGFUXvHXDPObJH9DCL4kwRSDdDB6837cj5%2FbbaaL%2B%2F5YsJvZxjs5TsVwN2JN1jQyOJ%2BF27NzuLuLUrWM3Sr2K8CVmqRxO9KXfHUvtg%2BVFpc5mANhl%2FF9SO3WkpwmjtFP5vpTYhOG%2BJH5PtlO2O0CewKzfTyGF8qxfMDfRt0WDGR6FwhJJYwvqhne8UAFs9RXyNZQn6enaHyyFO1170D52BxNuWTbIcMFBKhvlaZUtL26d6BCe%2FwByMBbTdTrjC00ripBjqyATlX3glzHQ2UNUxbSmThaeqVPnoUq%2BRFQtp2x0bCEBQ8rsooL8oeVlUEUQTmp3Qr85RMft3Q0XTfVBbo17SmopGfoH%2FYCXaZx1ZKR23p6PWRjsiu1xPrsrBZ9eWyp1effrh2CcWoRMPldpApL77rV4LwyZTFs7sGGFF5uASdcHyXpBSso3wGHc1o2r%2BvRc9lQTrwFTfH8XLJAtElHzIbjBRLoteVVsYSO7Cu0jmJmF1usfI%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=38c2fc2bf091d1c18483e1f5528611f367b0c6bd400fb0035966d43109fc7692"}}, "h1reporter": {"disabled": false, "username": "regilero", "url": "/regilero", "is_me?": false, "cleared": false, "verified": false, "hackerone_triager": false, "hacker_mediation": false}}

{"hackerone": [{"lastseen": "2023-10-17T07:37:54", "bounty": 0.0, "description": "Theses reports spreads other several years and are all about **HTTP Smuggling issues**\n(HTTP Requests or Responses splitting, Cache Poisoning, Security filter bypass).\nI've made reports on a wide range of open source projects, explaining\nthe (not always easy) problems to the various security maintainers and testing the fixs.\n\nThe starting point for this work was the 2005 work published by Amit Klein and some others:\n\n * 2004 - Amit Klein : \"Divide and Conquer: HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics\" https://packetstormsecurity.com/papers/general/whitepaper_httpresponse.pdf\n * 2005 - Chaim Linhart, Amit Klein, Ronen Heled, Steve Orrin: \"HTTP Request Smuggling\" https://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf\n * 2006 - Amit Klein: \"HTTP Message Splitting, Smuggling and Other Animals\" www.owasp.org/images/1/1a/OWASPAppSecEU2006_HTTPMessageSplittingSmugglingEtc.ppt \n * 2005 - Amit Klein: \"HTTP Request Smuggling - ERRATA (the IIS 48K buffer phenomenon)\" \n * 2006 - Amit Klein: \u201cHTTP Response Smuggling\u201d https://www.securityfocus.com/archive/1/425593\n * 2006 - Amit Klein\u00a0: HTTP Response Smuggling http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2006-February/000836.html\n * RFC 7230 section 9 (splitting, parsing, smuggling, poisoning) https://tools.ietf.org/html/rfc7230#section-9\n\nAnd also the works of James Kettle on HTTP Host headers \"Practical HTTP Host header attacks (Absolute uri in host headers)\"\nhttps://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html\nand, later, his work on ESI server or pingbacks and cache attacks or Pratical Web Cache Poisoning.\n\nIn 2015, Starting from these past studies, I studied **Apache**, **Nginx**, **Varnish** source code, I discovered\nthat a lot of smuggling problems were still present, found new ones based on overflows for the size\nattributes (previous works were mostly based on doubling length information) and expanded my works on\n**Golang**, **Nodejs**, **pound**, **HaProxy**, **Jetty**, **Tomcat**, **Apache Traffic Server**...\n\nI sometime had to push for disclosure of fixed vulnerabilitie (Varnish 3) via bugtraq.\nBut in most of the case it's been a matter a patience -- the long time between reports and fixes\nha also something to deal with lazyness on my side as security is not the biggest part of my job --\nas most of the fix implies updates on HTTP servers, which is not something as fast as updating a web\napplication framework. I did not get a security report or a CVE for each reported flaw, especially\non the first years. Smuggling is sometimes hard to explain (and public disclosure policies\nare not always liked on HTTP servers dev teams).\n\nThe main problem of HTTP smuggling issues is that the final exploitation comes from **interactions between different http parsers**. If two actors badly interprets the HTTP message or disagree on the right\ninterpretation then bad things could happen. From the security maintainer point of view it's sometimes\neasy to reject the problem as coming from the others.\n\nIt's also **very important** to understand that the attacker controls the HTTP message, **we do not use HTTP messages from browsers**, the attacker injects bad HTTP messages onto servers infrastructures, effects on the users comes later, when the real user HTTP messages reach the *infected* or *shaken* servers. *Like when you do report a smuggling issue on hackerone reports, they prevent reporters that issues about header injection are not always security issues because we cannot control the user headers. That's a huge misunderstanding of smuggling payloads*.\n\nI've made some blog posts explaining details (I still have one awaiting vendor authorization) for some\nof the fixed problems.\n\nAnd I also made a **Defcon 24** presentation on 2016. For someone knowing nothing on smuggling\nit's a good starting point (links on next part below).\n\nNote : my work is usually reported with the name 'regilero', and sometimes 'R\u00e9gis Leroy'.\n\n# Public ressources published\n\n * 2015 : Nginx Integer truncation : https://regilero.github.io/english/security/2015/03/25/nginx-integer_truncation/\n * 2015\u00a0: Checking HTTP Smuggling issues in 2015 \u2013 Part1 http://regilero.github.io/security/english/2015/10/04/http_smuggling_in_2015_part_one \n * 2016\u00a0: Defcon 24\u00a0: Hiding Wookiees in HTTP: HTTP smuggling https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEF%20CON%2024%20-%20Regilero-Hiding-Wookiees-In-Http.pdf\n - Defcon presentation : https://www.youtube.com/watch?v=dVU9i5PsMPY\n - Defcon demos : https://www.youtube.com/watch?v=lY_Mf2Fv7kI (which were not available on time due to Linux not supported by Defcon !!)\n * 2018 : HTTP Smuggling, Apsis Pound load balancer : https://regilero.github.io/english/security/2018/07/03/security_pound_http_smuggling/\n * 2019 : HTTP Smuggling, Jetty : https://regilero.github.io/english/security/2019/04/24/security_jetty_http_smuggling/\n \nTools: HTTPWookiee : https://github.com/regilero/HTTPWookiee : this contains a small subset of the real tests I perform on HTTP servers.\n\n# List of CVEs\n\n## Apache Traffic Server\n\n * **CVE-2018-8004** : space before colon + force connection close on error 400 + duplicate Content-Lenght issues + bad parsing of request size on cache hit\n\n## Jetty\n\n * **CVE-2017-7656** : HTTP/0.9 Request Smuggling\n https://vulners.com/cve/CVE-2017-7656 (score 6.5)\n\n * **CVE-2017-7657**: Transfer-Encoding Request Smuggling\n https://vulners.com/cve/CVE-2017-7657 (score 6.5)\n\n * **CVE-2017-7658**: Too Tolerant Parser, Double Content-Length + Transfer-Encoding + Whitespace \n https://vulners.com/cve/CVE-2017-7658 (score 6.5)\n\n\n# Apache httpd\n\n * https://bz.apache.org/bugzilla/show_bug.cgi?id=57832 : Apache issues on 'socket poisoning', where we could store HTTP responses on\n the reverse proxy by sending extra responses, and mix these response with other users later. Not fixed via a CVE because this behavior\n was not considered as a real security issue (it's a consequence of a successful splitting attack on the backend, or of a compromised backend).\n If you ask my opinion this is one of the most problematic issue I found on these 5 years. Fixs were included in 2016 on version 2.4.24.\n\n * **CVE-2016-8743** : httpd: Apache HTTP Request Parsing Whitespace Defects : problems with CR, FF, VTAB and others strange characeters in parsing HTTP messages\n especially the space before colon problem. They were also some HTTP 0.9 downgrades.\n This work contributed to the internal dev debates around the HttpProtocolOptions\u00a0Strict|LenientMethods|Allow0.9 option added on 2.4\n\n * **CVE-2015-3183** : chunk header attribute truncation (low)\n\n# Facebook Proxygen\n\nProxygen is a C++ Open Source library which is the core library for Facebook HTTP related projects\n\nIn 2016 I reported several smuggling issues (about doubled headers or bad end of line, for example), via the facebook bounty program `#1710044992591113`\n\n# Apsis Pound\n\nPound is an open Source SSL terminator, but the project has not published major changes for a long time, and I experienced difficulties having my reports fixed and delivered to final users.\nAfter reports on 09-2016 a Version 2.8a fixing the flaws was published on 10-2016 but marked as experimental.\nDetails of the flaws were published in 07-2018. CVE was reserved by myslef on 2018-01. A version 2.8 was published on 2018-05.\n\n * **CVE-2016-10711** : Apsis Pound before 2.8a allows request smuggling via crafted headers\n\nDetails of issues (double Content Length, chunk prioriy, headers concatenation vuia NULL character, etc.) are published on my blog post https://regilero.github.io/english/security/2018/07/03/security_pound_http_smuggling/\n\n# Nodejs\n\n * **CVE-2016-2086** (but not CVE-2016-2216 from the same release) : support of bad end of lines (especially \\r followed by anything) + double Content Length, + mixed chunked and Content Length + space before colon\n\n# Tomcat\n\n * **CVE-2016-6816** : Tomcat 6,7 & 8: HTTP/0.9 downgrade and various bad characters support\n\n#\u00a0Varnish\n\n * Varnish3 : **CVE-2015-8852** : received after public disclosure : https://seclists.org/oss-sec/2016/q2/95\n * Varnish4 : 2016 : space before colon fix without CVE : https://github.com/varnishcache/varnish-cache/commit/0577f3fba200e45c05099427eec01610ee061436\n cache poisoning of Varnish4 with a golang traefik server as backend was demonstrated to the project maintainer, but the project 'does not like CVE'.\n * Varnish 4 : 2016 messsage splitting on bad characters fixed without CVE : https://github.com/varnishcache/varnish-cache/commit/d1eb31109f614976f06dd506a63e0fa21185a89b\n\nHTTP/0.9 support was also removed after my reports in 2015, but without public disclosure of potential abuse.\n\n# golang (go language)\n\n * **CVE-2015-5739** : \"Content Length\" magically fixed to \"Content-Length.\"\n * **CVE-2015-5740** : support of double Content-Length\n * 01-2016\u00a0: integer overflow on chunk size : https://go-review.googlesource.com/c/go/+/18871\n * 06-2016\u00a0: downgrade HTTP/0.9 : https://github.com/golang/go/issues/16197, no CVE, as described in the commit comment\n \"@regilero also mentioned there might be some cache poisoning or request smuggling possibilities here, but I don't see how. It seems to only affect the person making the bogus request.\" (sic)\n * 06-2016\u00a0: Splitting on space + colon\n\n# Nginx\n\nNot the project where I had the most success, I do not think any smuggling issue would be considered a security issue.\n\n * Integer overflow on Content Length : fixed without CVE : http://hg.nginx.org/nginx/rev/15a15f6ae3a2 after a report and a proposed patch (not as good as the final one)\n the security team 'don't consider this to be something serious from security point of view and have no plans for CVE and/or security advisories'.\n I made examples of exploitation at https://regilero.github.io/english/security/2015/03/25/nginx-integer_truncation/\n * https://trac.nginx.org/nginx/ticket/762 : 0.9 downgrade: protocol version overflow; HTTP/65536.8 or HTTP/65536.9 treated as a 0.9 request\n rejected as a security issue, classified as minor issue, fixed 1 year and 6 month after public report (11-2016). This was in my mind quite huge.\n * https://trac.nginx.org/nginx/ticket/1014 : wontfix : I'd like an error 400 instead of silently ignoring a bad header, no success\n\n# OpenBSD\n\nIn 2015 the OpenBSD Http server was very new, crashing on 0.9 requests, I reported some smuggling issues (bad end of line, double Content-Length) which were fixed later.\n\n# HaProxy\n\nHaProxy was transmitting some of the very bad request I use to perform splitting attacks on backends (something which is not a security issue, but which allows security issues).\nI had various discussions with Willy Tarreau which leaded to some improvments in HaProxy, blocking bad requests before any less robust HTTP parser could read it.\n\nFor example:\n\n * commit 987aa383c85525b163267110a4bcff4dff3849b8 : BUG/MEDIUM: http: remove content-length from chunked messages\n * commit e1ce063c12bf22b99e6caa6a55484f1b9a27e113 : MEDIUM: http: disable support for HTTP/0.9 by default\n * commit b053c03d6f05c8ddf264de78fe321d8455358690 : MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230\n\n# Summary\n\nI think this work allows for more robusts HTTP servers. Some of the very old issues already reported in the 2005 era reports, like double Content Length,\nwere still widely supported in 2015 and are now harder to find on most open source http servers. I think I contributed greatly to enforce the RFC 7230\nanti-smuggling policies (chunk priority, no double content-length) and for the removal of old-rfc dangerous features (like the continuation of headers\nwith the space prefix, or the HTTP/0.9 support). For this I just had to read the 2005 studies and the RFC, tests the servers, and try to explain\nexploitations.\n\nA big part of my added work and reports was studying effects of control characters (\\r, \\n, NULL, vtab, htab, bell, backspace & formfeed) on various parts of the messages.\nWith some real good success on vartious project for NULL or for bad enf of lines.\nAnother big thing was studying the HTTP/0.9 downgrade exploitations (like extracting a valid HTTP message stored in an image from a partial 0.9 response) and\nfinding new 0.9 downgrade vectors.\nFinally another part of this work was finding new attack vectors (truncation of size, overflows, concatenation of strings, effects of cache hit on header parsing, etc).\n\nThe last big part of my work was spending a long time explaining the potential attacks to maintainers. If you need hints from people understanding the smuggling attacks\nand the implications of the fixed flaws, usually better than the project maintainers, I could give you some names. If you need samples of reports or detailled lab exploitations I could also deliver.\n\nHTTP/2 or TLS are not preventing bad effects of HTTP/1.1 bad parsers (they embed HTTP/1.1 parsers in another layer), nor they could prevent effects of an HTTP/0.9 downgrades.\nEvery HTTP actors which enforces a more robust protocol parsing prevents chaining effects of smuggling attacks.\nSo I hope the work I made on the subject had real effects on the ecosystem.\n\nSome of these CVE were already elected for bounties:\n- Verizon: undisclosed (#433076): 2 700 USD\n- Apache httpd CVE-2016-8743 : https://hackerone.com/reports/244459 : 1500 USD\n- FaceBook Proxygen: (bugcrowd) 1000 USD\n- Golang CVE-2015-5739 &CVE-2015-5740 : Google Security Bounty program : 1337 USD\n\n## Impact\n\nFor the final user the consequences may be huge:\n- Cache poisoning : so effects starts at Deny of Service, but may go to code injection (like replacing\n the code of a well known js library)\n- Credentials hijacking : one of the smuggling exploitation is storing unterminated requests and waiting\n for other users requests to terminate the pending requests, mixing the users credentials on something\n they did not requested (hijacking users credentials). But this cannot work on applications using csrf protections.\n- a lot of Deny of Service attacks, one of the attacks allows mixing requests and responses of\n different users, so you have documents requested by others, and they have yours.\n- security filter bypass: here the public effect is less important, the attacker use smuggling to\n remove some of the security layers\n\nA massive scale smuggling attack on a big actor (a cloud provider for example) could make a huge DOS.\nA more realist usage with a public consequence is a targeted cache poisoning, to inject an XSS.\nAn advanced usage is the filter bypass usage, where the smuggled requests is usually not even logged. A prefect way of sending requests without notices, so a nice tool for SSRF exploits.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-17T22:47:10", "type": "hackerone", "title": "Internet Bug Bounty: Multiple HTTP Smuggling reports", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183", "CVE-2015-5739", "CVE-2015-5740", "CVE-2015-8852", "CVE-2016-10711", "CVE-2016-2086", "CVE-2016-2216", "CVE-2016-6816", "CVE-2016-8743", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2018-8004"], "modified": "2019-11-12T23:44:23", "id": "H1:648434", "href": "https://hackerone.com/reports/648434", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "The Go Programming Language. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-08-18T05:21:47", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: golang-1.4.2-3.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2015-08-18T05:21:47", "id": "FEDORA:D06C8608A2A8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EDZG6N542F7TC4HI5AK2O5CAE2VS4EJD/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The Go Programming Language. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-10-01T18:59:26", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: golang-1.5.1-0.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2015-10-01T18:59:26", "id": "FEDORA:400196069A42", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HLLHMQ3OQQ76RCKDUPPYNJ6O2GF2KVSK/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The Go Programming Language. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-08-18T05:23:04", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: golang-1.4.2-3.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2015-08-18T05:23:04", "id": "FEDORA:0C2BC608A4AA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RG2TK3QFMCTOZWJM64IWR5W6VMXKCLZX/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The Go Programming Language. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-10-01T20:27:04", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: golang-1.5.1-0.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2015-10-01T20:27:04", "id": "FEDORA:C9C90605A0C9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EI4J2JR7MDP4YQ3IJLDM5PAXCZQB54YJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-15T02:56:03", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: nodejs-0.10.42-4.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2086", "CVE-2016-2216"], "modified": "2016-02-15T02:56:03", "id": "FEDORA:D945D60A9505", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PQBUIKN4F5X6LUOH2NASGDJYFRCCQHRP/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-22T20:53:05", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: nodejs-0.10.42-4.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2086", "CVE-2016-2216"], "modified": "2016-02-22T20:53:05", "id": "FEDORA:1C211602EC07", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MOWSPI6O2QLRBQZDACUTL4F7UOA5CWUB/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2023-11-28T15:07:50", "description": "As discussed upstream -- here and here -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers (like 'Content Length:' with a space in the middle) and Double Content-length headers in a request does not generate a 400 error, the second Content-length is ignored.", "cvss3": {}, "published": "2015-08-26T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : golang / docker (ALAS-2015-588)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2018-11-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-devel", "p-cpe:/a:amazon:linux:docker-pkg-devel", "p-cpe:/a:amazon:linux:golang", "p-cpe:/a:amazon:linux:golang-pkg-bin-linux-386", "p-cpe:/a:amazon:linux:golang-pkg-bin-linux-amd64", "p-cpe:/a:amazon:linux:golang-pkg-darwin-386", "p-cpe:/a:amazon:linux:golang-pkg-darwin-amd64", "p-cpe:/a:amazon:linux:golang-pkg-freebsd-386", "p-cpe:/a:amazon:linux:golang-pkg-freebsd-amd64", "p-cpe:/a:amazon:linux:golang-pkg-freebsd-arm", "p-cpe:/a:amazon:linux:golang-pkg-linux-386", "p-cpe:/a:amazon:linux:golang-pkg-linux-amd64", "p-cpe:/a:amazon:linux:golang-pkg-linux-arm", "p-cpe:/a:amazon:linux:golang-pkg-netbsd-386", "p-cpe:/a:amazon:linux:golang-pkg-netbsd-amd64", "p-cpe:/a:amazon:linux:golang-pkg-netbsd-arm", "p-cpe:/a:amazon:linux:golang-pkg-openbsd-386", "p-cpe:/a:amazon:linux:golang-pkg-openbsd-amd64", "p-cpe:/a:amazon:linux:golang-pkg-plan9-386", "p-cpe:/a:amazon:linux:golang-pkg-plan9-amd64", "p-cpe:/a:amazon:linux:golang-pkg-windows-386", "p-cpe:/a:amazon:linux:golang-pkg-windows-amd64", "p-cpe:/a:amazon:linux:golang-src", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-588.NASL", "href": "https://www.tenable.com/plugins/nessus/85633", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-588.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85633);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/19 11:02:41\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n script_xref(name:\"ALAS\", value:\"2015-588\");\n\n script_name(english:\"Amazon Linux AMI : golang / docker (ALAS-2015-588)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"As discussed upstream -- here and here -- the Go project received\nnotification of an HTTP request smuggling vulnerability in the\nnet/http library. Invalid headers are parsed as valid headers (like\n'Content Length:' with a space in the middle) and Double\nContent-length headers in a request does not generate a 400 error, the\nsecond Content-length is ignored.\"\n );\n # http://seclists.org/oss-sec/2015/q3/237\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2015/q3/237\"\n );\n # http://seclists.org/oss-sec/2015/q3/294\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2015/q3/294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-588.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update golang docker' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-pkg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-bin-linux-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-bin-linux-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-darwin-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-darwin-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-freebsd-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-freebsd-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-freebsd-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-linux-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-linux-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-linux-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-netbsd-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-netbsd-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-netbsd-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-openbsd-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-openbsd-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-plan9-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-plan9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-windows-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-pkg-windows-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"docker-1.6.2-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"docker-devel-1.6.2-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"docker-pkg-devel-1.6.2-1.3.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"golang-pkg-bin-linux-386-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"golang-pkg-bin-linux-amd64-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-darwin-386-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-darwin-amd64-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-freebsd-386-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-freebsd-amd64-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-freebsd-arm-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-linux-386-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-linux-amd64-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-linux-arm-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-netbsd-386-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-netbsd-amd64-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-netbsd-arm-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-openbsd-386-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-openbsd-amd64-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-plan9-386-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-plan9-amd64-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-windows-386-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-pkg-windows-amd64-1.4.2-3.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"golang-src-1.4.2-3.16.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker / docker-devel / docker-pkg-devel / golang / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:41:26", "description": "This update for go fixes the following issues :\n\n - CVE-2015-5739: 'Content Length' treated as valid header\n\n - CVE-2015-5740: Double content-length headers does not return 400 error\n\n - CVE-2015-5741: Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections\n\nGo was updated to 1.4.3 with the following additional changes :\n\n - build: remove -Werror from cmd/dist\n\n - runtime: panic when accessing an empty struct value appended to an uninitialized slice\n\n - runtime: garbage collector found invalid heap pointer iterating over map", "cvss3": {}, "published": "2016-07-28T00:00:00", "type": "nessus", "title": "openSUSE Security Update : go (openSUSE-2016-907)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:go", "p-cpe:/a:novell:opensuse:go-debuginfo", "p-cpe:/a:novell:opensuse:go-debugsource", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-907.NASL", "href": "https://www.tenable.com/plugins/nessus/92596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-907.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92596);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n\n script_name(english:\"openSUSE Security Update : go (openSUSE-2016-907)\");\n script_summary(english:\"Check for the openSUSE-2016-907 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for go fixes the following issues :\n\n - CVE-2015-5739: 'Content Length' treated as valid header\n\n - CVE-2015-5740: Double content-length headers does not\n return 400 error\n\n - CVE-2015-5741: Additional hardening, not sending\n Content-Length w/Transfer-Encoding, Closing connections\n\nGo was updated to 1.4.3 with the following additional changes :\n\n - build: remove -Werror from cmd/dist\n\n - runtime: panic when accessing an empty struct value\n appended to an uninitialized slice\n\n - runtime: garbage collector found invalid heap pointer\n iterating over map\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989630\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected go packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:go-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"go-1.4.3-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"go-debuginfo-1.4.3-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"go-debugsource-1.4.3-15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"go / go-debuginfo / go-debugsource\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:07:21", "description": "security fixes for net/http smuggling\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:golang", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-13002.NASL", "href": "https://www.tenable.com/plugins/nessus/85476", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-13002.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85476);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n script_xref(name:\"FEDORA\", value:\"2015-13002\");\n\n script_name(english:\"Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"security fixes for net/http smuggling\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1250352\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163980.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d8864620\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"golang-1.4.2-3.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:31:14", "description": "security fixes for net/http smuggling\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "Fedora 21 : golang-1.4.2-3.fc21 (2015-12957)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:golang", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-12957.NASL", "href": "https://www.tenable.com/plugins/nessus/85471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-12957.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85471);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n script_xref(name:\"FEDORA\", value:\"2015-12957\");\n\n script_name(english:\"Fedora 21 : golang-1.4.2-3.fc21 (2015-12957)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"security fixes for net/http smuggling\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1250352\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163971.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8d3f8ec\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"golang-1.4.2-3.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:08:35", "description": "golang-1.5.1-0.fc21 - update to go1.5.1 golang-1.5.1-0.fc22 - update to go1.5.1 golang-1.5.1-0.el6 - update to go1.5.1 golang-1.5.1-0.fc23\n- update to go1.5.1 ---- bz1258166 remove srpm macros, for go-srpm-macros ---- update to go1.5; shared objects for x86_64; gdb fixes; full http smuggle fix; fixes for tests ---- bz1258166 remove srpm macros, for go-srpm-macros\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-10-02T00:00:00", "type": "nessus", "title": "Fedora 22 : golang-1.5.1-0.fc22 (2015-15619)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:golang", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-15619.NASL", "href": "https://www.tenable.com/plugins/nessus/86232", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-15619.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86232);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n script_xref(name:\"FEDORA\", value:\"2015-15619\");\n\n script_name(english:\"Fedora 22 : golang-1.5.1-0.fc22 (2015-15619)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"golang-1.5.1-0.fc21 - update to go1.5.1 golang-1.5.1-0.fc22 - update\nto go1.5.1 golang-1.5.1-0.el6 - update to go1.5.1 golang-1.5.1-0.fc23\n- update to go1.5.1 ---- bz1258166 remove srpm macros, for\ngo-srpm-macros ---- update to go1.5; shared objects for x86_64; gdb\nfixes; full http smuggle fix; fixes for tests ---- bz1258166 remove\nsrpm macros, for go-srpm-macros\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1250352\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24546c40\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"golang-1.5.1-0.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:08:42", "description": "Jason Buberel, Go Product Manager, reports :\n\nCVE-2015-5739 - 'Content Length' treated as valid header\n\nCVE-2015-5740 - Double content-length headers does not return 400 error\n\nCVE-2015-5741 - Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections", "cvss3": {}, "published": "2015-08-26T00:00:00", "type": "nessus", "title": "FreeBSD : go -- multiple vulnerabilities (4464212e-4acd-11e5-934b-002590263bf5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:go", "p-cpe:/a:freebsd:freebsd:go14", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_4464212E4ACD11E5934B002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/85641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85641);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n\n script_name(english:\"FreeBSD : go -- multiple vulnerabilities (4464212e-4acd-11e5-934b-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jason Buberel, Go Product Manager, reports :\n\nCVE-2015-5739 - 'Content Length' treated as valid header\n\nCVE-2015-5740 - Double content-length headers does not return 400\nerror\n\nCVE-2015-5741 - Additional hardening, not sending Content-Length\nw/Transfer-Encoding, Closing connections\"\n );\n # https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14d69ded\"\n );\n # https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?981f69a2\"\n );\n # https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27017e66\"\n );\n # http://seclists.org/oss-sec/2015/q3/237\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/oss-sec/2015/q3/237\"\n );\n # https://vuxml.freebsd.org/freebsd/4464212e-4acd-11e5-934b-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60d0b169\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:go\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:go14\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"go<1.4.3,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"go14<1.4.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:09:03", "description": "golang-1.5.1-0.fc21 - update to go1.5.1 golang-1.5.1-0.fc22 - update to go1.5.1 golang-1.5.1-0.el6 - update to go1.5.1 golang-1.5.1-0.fc23\n- update to go1.5.1 ---- update to go1.5; shared objects for x86_64;\ngdb fixes; full http smuggle fix; fixes for tests\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-10-02T00:00:00", "type": "nessus", "title": "Fedora 21 : golang-1.5.1-0.fc21 (2015-15618)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:golang", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-15618.NASL", "href": "https://www.tenable.com/plugins/nessus/86231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-15618.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86231);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n script_xref(name:\"FEDORA\", value:\"2015-15618\");\n\n script_name(english:\"Fedora 21 : golang-1.5.1-0.fc21 (2015-15618)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"golang-1.5.1-0.fc21 - update to go1.5.1 golang-1.5.1-0.fc22 - update\nto go1.5.1 golang-1.5.1-0.el6 - update to go1.5.1 golang-1.5.1-0.fc23\n- update to go1.5.1 ---- update to go1.5; shared objects for x86_64;\ngdb fixes; full http smuggle fix; fixes for tests\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1250352\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e36930b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"golang-1.5.1-0.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:38:11", "description": "Regis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies.", "cvss3": {}, "published": "2016-04-25T00:00:00", "type": "nessus", "title": "Debian DSA-3553-1 : varnish - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8852"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:varnish", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3553.NASL", "href": "https://www.tenable.com/plugins/nessus/90686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3553. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90686);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8852\");\n script_xref(name:\"DSA\", value:\"3553\");\n\n script_name(english:\"Debian DSA-3553-1 : varnish - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Regis Leroy from Makina Corpus discovered that varnish, a caching\nHTTP reverse proxy, is vulnerable to HTTP smuggling issues,\npotentially resulting in cache poisoning or bypassing of access\ncontrol policies.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/varnish\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3553\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the varnish packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 3.0.2-2+deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:varnish\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libvarnishapi-dev\", reference:\"3.0.2-2+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libvarnishapi1\", reference:\"3.0.2-2+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"varnish\", reference:\"3.0.2-2+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"varnish-dbg\", reference:\"3.0.2-2+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"varnish-doc\", reference:\"3.0.2-2+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:38:30", "description": "This varnish update to version 3.0.7 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2015-8852: Vulnerable to HTTP Smuggling issues:\n Double Content Length and bad EOL. (boo#976097)\n\nBugs fixed :\n\n - Stop recognizing a single CR (\\r) as a HTTP line separator.\n\n - Improved error detection on master-child process communication, leading to faster recovery (child restart) if communication loses sync.\n\n - Fix a corner-case where Content-Length was wrong for HTTP 1.0 clients, when using gzip and streaming.\n\n - More robust handling of hop-by-hop headers.\n\n - Avoid memory leak when adding bans.", "cvss3": {}, "published": "2016-05-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : varnish (openSUSE-2016-588)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8852"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libvarnishapi1", "p-cpe:/a:novell:opensuse:libvarnishapi1-debuginfo", "p-cpe:/a:novell:opensuse:varnish", "p-cpe:/a:novell:opensuse:varnish-debuginfo", "p-cpe:/a:novell:opensuse:varnish-debugsource", "p-cpe:/a:novell:opensuse:varnish-devel", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-588.NASL", "href": "https://www.tenable.com/plugins/nessus/91205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-588.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91205);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8852\");\n\n script_name(english:\"openSUSE Security Update : varnish (openSUSE-2016-588)\");\n script_summary(english:\"Check for the openSUSE-2016-588 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This varnish update to version 3.0.7 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2015-8852: Vulnerable to HTTP Smuggling issues:\n Double Content Length and bad EOL. (boo#976097)\n\nBugs fixed :\n\n - Stop recognizing a single CR (\\r) as a HTTP line\n separator.\n\n - Improved error detection on master-child process\n communication, leading to faster recovery (child\n restart) if communication loses sync.\n\n - Fix a corner-case where Content-Length was wrong for\n HTTP 1.0 clients, when using gzip and streaming.\n\n - More robust handling of hop-by-hop headers.\n\n - Avoid memory leak when adding bans.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976097\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected varnish packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvarnishapi1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvarnishapi1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:varnish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:varnish-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:varnish-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:varnish-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvarnishapi1-3.0.7-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvarnishapi1-debuginfo-3.0.7-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"varnish-3.0.7-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"varnish-debuginfo-3.0.7-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"varnish-debugsource-3.0.7-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"varnish-devel-3.0.7-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvarnishapi1 / libvarnishapi1-debuginfo / varnish / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:40:54", "description": "Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. (CVE-2015-8852)", "cvss3": {}, "published": "2016-07-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : varnish (ALAS-2016-721)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8852"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:varnish", "p-cpe:/a:amazon:linux:varnish-debuginfo", "p-cpe:/a:amazon:linux:varnish-docs", "p-cpe:/a:amazon:linux:varnish-libs", "p-cpe:/a:amazon:linux:varnish-libs-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-721.NASL", "href": "https://www.tenable.com/plugins/nessus/92223", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-721.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92223);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2015-8852\");\n script_xref(name:\"ALAS\", value:\"2016-721\");\n\n script_name(english:\"Amazon Linux AMI : varnish (ALAS-2016-721)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Varnish 3.x before 3.0.7, when used in certain stacked installations,\nallows remote attackers to inject arbitrary HTTP headers and conduct\nHTTP response splitting attacks via a header line terminated by a \\r\n(carriage return) character in conjunction with multiple\nContent-Length headers in an HTTP request. (CVE-2015-8852)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-721.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update varnish' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:varnish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:varnish-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:varnish-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:varnish-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:varnish-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"varnish-3.0.7-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"varnish-debuginfo-3.0.7-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"varnish-docs-3.0.7-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"varnish-libs-3.0.7-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"varnish-libs-devel-3.0.7-1.20.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"varnish / varnish-debuginfo / varnish-docs / varnish-libs / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:41:03", "description": "The remote host is affected by the vulnerability described in GLSA-201607-10 (Varnish: Multiple vulnerabilities)\n\n Varnish fails to properly validate input from HTTP headers, and does not deny requests with multiple Content-Length headers.\n Impact :\n\n Remote attackers could conduct an HTTP response splitting attack, which may further enable them to conduct Cross-Site Scripting (XSS), Cache Poisoning, Defacement, and Page Hijacking.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2016-07-21T00:00:00", "type": "nessus", "title": "GLSA-201607-10 : Varnish: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8852"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:varnish", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201607-10.NASL", "href": "https://www.tenable.com/plugins/nessus/92480", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201607-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92480);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8852\");\n script_xref(name:\"GLSA\", value:\"201607-10\");\n\n script_name(english:\"GLSA-201607-10 : Varnish: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201607-10\n(Varnish: Multiple vulnerabilities)\n\n Varnish fails to properly validate input from HTTP headers, and does not\n deny requests with multiple Content-Length headers.\n \nImpact :\n\n Remote attackers could conduct an HTTP response splitting attack, which\n may further enable them to conduct Cross-Site Scripting (XSS), Cache\n Poisoning, Defacement, and Page Hijacking.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201607-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Varnish users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/varnish-3.0.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:varnish\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/varnish\", unaffected:make_list(\"ge 3.0.7\"), vulnerable:make_list(\"lt 3.0.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Varnish\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:41:52", "description": "An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "cvss3": {}, "published": "2016-08-03T00:00:00", "type": "nessus", "title": "RHEL 7 : golang (RHSA-2016:1538) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741", "CVE-2016-3959", "CVE-2016-5386"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:golang", "p-cpe:/a:redhat:enterprise_linux:golang-bin", "p-cpe:/a:redhat:enterprise_linux:golang-docs", "p-cpe:/a:redhat:enterprise_linux:golang-misc", "p-cpe:/a:redhat:enterprise_linux:golang-src", "p-cpe:/a:redhat:enterprise_linux:golang-tests", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-1538.NASL", "href": "https://www.tenable.com/plugins/nessus/92693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1538. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92693);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\", \"CVE-2016-3959\", \"CVE-2016-5386\");\n script_xref(name:\"RHSA\", value:\"2016:1538\");\n\n script_name(english:\"RHEL 7 : golang (RHSA-2016:1538) (httpoxy)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1538\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:42:08", "description": "From Red Hat Security Advisory 2016:1538 :\n\nAn update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "cvss3": {}, "published": "2016-08-03T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : golang (ELSA-2016-1538) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741", "CVE-2016-3959", "CVE-2016-5386"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:golang", "p-cpe:/a:oracle:linux:golang-bin", "p-cpe:/a:oracle:linux:golang-docs", "p-cpe:/a:oracle:linux:golang-misc", "p-cpe:/a:oracle:linux:golang-src", "p-cpe:/a:oracle:linux:golang-tests", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-1538.NASL", "href": "https://www.tenable.com/plugins/nessus/92687", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:1538 and \n# Oracle Linux Security Advisory ELSA-2016-1538 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92687);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\", \"CVE-2016-3959\", \"CVE-2016-5386\");\n script_xref(name:\"RHSA\", value:\"2016:1538\");\n\n script_name(english:\"Oracle Linux 7 : golang (ELSA-2016-1538) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:1538 :\n\nAn update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-August/006244.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:42:07", "description": "An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "cvss3": {}, "published": "2016-08-03T00:00:00", "type": "nessus", "title": "CentOS 7 : golang (CESA-2016:1538) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741", "CVE-2016-3959", "CVE-2016-5386"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:golang", "p-cpe:/a:centos:centos:golang-bin", "p-cpe:/a:centos:centos:golang-docs", "p-cpe:/a:centos:centos:golang-misc", "p-cpe:/a:centos:centos:golang-src", "p-cpe:/a:centos:centos:golang-tests", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-1538.NASL", "href": "https://www.tenable.com/plugins/nessus/92680", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1538 and \n# CentOS Errata and Security Advisory 2016:1538 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92680);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\", \"CVE-2016-3959\", \"CVE-2016-5386\");\n script_xref(name:\"RHSA\", value:\"2016:1538\");\n\n script_name(english:\"CentOS 7 : golang (CESA-2016:1538) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for golang is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version:\ngolang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es) :\n\n* An input-validation flaw was discovered in the Go programming\nlanguage built in CGI implementation, which set the environment\nvariable 'HTTP_PROXY' using the incoming 'Proxy' HTTP-request header.\nThe environment variable 'HTTP_PROXY' is used by numerous web clients,\nincluding Go's net/http package, to specify a proxy server to use for\nHTTP and, in some cases, HTTPS requests. This meant that when a\nCGI-based web application ran, an attacker could specify a proxy\nserver which the application then used for subsequent outgoing\nrequests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this\nissue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-August/022005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e91e6b89\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected golang packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5739\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:golang-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-bin-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-docs-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-misc-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-src-1.6.3-1.el7_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"golang-tests-1.6.3-1.el7_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"golang / golang-bin / golang-docs / golang-misc / golang-src / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:07:58", "description": "Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.\n(CVE-2016-2086)", "cvss3": {}, "published": "2016-09-26T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : NodeJS vulnerability (K15311661)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2086"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL15311661.NASL", "href": "https://www.tenable.com/plugins/nessus/93696", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15311661.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93696);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2016-2086\");\n\n script_name(english:\"F5 Networks BIG-IP : NodeJS vulnerability (K15311661)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before\n4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP\nrequest smuggling attacks via a crafted Content-Length HTTP header.\n(CVE-2016-2086)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15311661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tools.ietf.org/html/rfc7230\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15311661.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15311661\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.5.4-11.6.1\",\"12.0.0-12.1.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\",\"11.4.0-11.5.3\",\"13.0.0-13.1.0\",\"12.1.2-12.1.3\",\"11.4.0-11.6.3\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.5.4-11.6.1\",\"12.0.0-12.1.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\",\"11.4.0-11.5.3\",\"13.0.0-13.1.0\",\"12.1.2-12.1.3\",\"11.4.0-11.6.3\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.5.4-11.6.1\",\"12.0.0-12.1.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\",\"11.4.0-11.5.3\",\"11.2.1\",\"10.2.1-10.2.4\",\"13.0.0-13.1.0\",\"12.1.2-12.1.3\",\"11.4.0-11.6.3\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.5.4-11.6.1\",\"12.0.0-12.1.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\",\"11.4.0-11.5.3\",\"11.2.1\",\"10.2.1-10.2.4\",\"13.0.0-13.1.0\",\"12.1.2-12.1.3\",\"11.4.0-11.6.3\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.5.4-11.6.1\",\"12.0.0-12.1.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\",\"11.4.0-11.5.3\",\"11.2.1\",\"13.0.0-13.1.0\",\"12.1.2-12.1.3\",\"11.4.0-11.6.3\",\"11.2.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.5.4-11.6.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.2-11.6.3\",\"11.5.5\",\"11.4.0-11.5.3\",\"11.2.1\",\"10.2.1-10.2.4\",\"11.4.0-11.6.3\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.5.4-11.6.1\",\"12.0.0-12.1.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\",\"11.4.0-11.5.3\",\"11.2.1\",\"10.2.1-10.2.4\",\"13.0.0-13.1.0\",\"12.1.2-12.1.3\",\"11.4.0-11.6.3\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.5.4-11.6.1\",\"12.0.0-12.1.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\",\"11.4.0-11.5.3\",\"11.2.1\",\"10.2.1-10.2.4\",\"13.0.0-13.1.0\",\"12.1.2-12.1.3\",\"11.4.0-11.6.3\",\"11.2.1\",\"10.2.1-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0\",\"12.0.0-12.1.2\",\"11.5.4-11.6.1\",\"12.0.0-12.1.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\",\"11.5.5\",\"11.4.0-11.5.3\",\"13.0.0-13.1.0\",\"12.1.2-12.1.3\",\"11.4.0-11.6.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T14:17:46", "description": "The version of IBM HTTP Server running on the remote host is affected by a vulnerability related to Apache HTTP Server.\nApache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-06T00:00:00", "type": "nessus", "title": "IBM HTTP Server 7.0.0.0 < 7.0.0.43 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.3 Response Splitting (289001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:http_server"], "id": "IBM_HTTP_SERVER_289001.NASL", "href": "https://www.tenable.com/plugins/nessus/144777", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144777);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2016-8743\");\n script_bugtraq_id(95077);\n\n script_name(english:\"IBM HTTP Server 7.0.0.0 < 7.0.0.43 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.3 Response Splitting (289001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a response splitting attack vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM HTTP Server running on the remote host is affected by a vulnerability related to Apache HTTP Server.\nApache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and\nsent in response lines and headers. Accepting these different behaviors represented a security concern when httpd\nparticipates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using\nconventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/289001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM HTTP Server version 7.0.0.43, 8.0.0.14, 8.5.5.12, 9.0.0.3, or later. Alternatively, upgrade to the\nminimal fix pack levels required by the interim fix and then apply Interim Fix PI82481.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_http_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM HTTP Server (IHS)\");\n\n exit(0);\n}\n\n\ninclude('vcf.inc');\n\napp = 'IBM HTTP Server (IHS)';\nfix = 'Interim Fix PI82481';\n\napp_info = vcf::get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\nif ('PI82481' >< app_info['Fixes'] || 'PI73984' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '7.0.0.0', 'max_version' : '7.0.0.41', 'fixed_display' : '7.0.0.43 or ' + fix },\n { 'min_version' : '8.0.0.0', 'max_version' : '8.0.0.13', 'fixed_display' : '8.0.0.14 or ' + fix },\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.11', 'fixed_display' : '8.5.5.12 or ' + fix },\n { 'min_version' : '9.0.0.0', 'max_version' : '9.0.0.2', 'fixed_display' : '9.0.0.3 or ' + fix }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:56:25", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.\n(CVE-2016-6816)", "cvss3": {}, "published": "2017-02-28T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Apache Tomcat vulnerability (K50116122)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL50116122.NASL", "href": "https://www.tenable.com/plugins/nessus/97423", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K50116122.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97423);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2016-6816\");\n\n script_name(english:\"F5 Networks BIG-IP : Apache Tomcat vulnerability (K50116122)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6,\n8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed\nthe HTTP request line permitted invalid characters. This could be\nexploited, in conjunction with a proxy that also permitted the invalid\ncharacters but with a different interpretation, to inject data into\nthe HTTP response. By manipulating the HTTP response the attacker\ncould poison a web-cache, perform an XSS attack and/or obtain\nsensitive information from requests other then their own.\n(CVE-2016-6816)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K50116122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tools.ietf.org/html/rfc7230#section-9.5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K50116122.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K50116122\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\",\"10.2.1-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.0.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:26", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400 Bad Request' error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive 'HttpProtocolOptions Unsafe' can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n* Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes. (BZ#1463354)", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "CentOS 6 : httpd (CESA-2017:1721)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-1721.NASL", "href": "https://www.tenable.com/plugins/nessus/101488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1721 and \n# CentOS Errata and Security Advisory 2017:1721 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101488);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8743\");\n script_xref(name:\"RHSA\", value:\"2017:1721\");\n\n script_name(english:\"CentOS 6 : httpd (CESA-2017:1721)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in\nconjunction with a proxy or backend server that interpreted those\ncharacters differently, a remote attacker could possibly use this flaw\nto inject data into HTTP responses, resulting in proxy cache\npoisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400\nBad Request' error to HTTP clients which do not strictly follow HTTP\nprotocol specification. A newly introduced configuration directive\n'HttpProtocolOptions Unsafe' can be used to re-enable the old less\nstrict parsing. However, such setting also re-introduces the\nCVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite\nProxy 5 systems should consult Red Hat Knowledgebase article 3013361\nlinked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n* Previously, httpd was unable to correctly check a boundary of an\narray, and in rare cases it attempted to access an element of an array\nthat was out of bounds. Consequently, httpd terminated unexpectedly\nwith a segmentation fault at proxy_util.c. With this update, bounds\nchecking has been fixed, and httpd no longer crashes. (BZ#1463354)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-July/022496.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0acfbda5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8743\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-2.2.15-60.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-devel-2.2.15-60.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-manual-2.2.15-60.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-tools-2.2.15-60.el6.centos.4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"mod_ssl-2.2.15-60.el6.centos.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T07:15:06", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400 Bad Request' error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive 'HttpProtocolOptions Unsafe' can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n* Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes. (BZ#1463354)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-1721)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:httpd", "p-cpe:/a:virtuozzo:virtuozzo:httpd-devel", "p-cpe:/a:virtuozzo:virtuozzo:httpd-manual", "p-cpe:/a:virtuozzo:virtuozzo:httpd-tools", "p-cpe:/a:virtuozzo:virtuozzo:mod_ssl", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-1721.NASL", "href": "https://www.tenable.com/plugins/nessus/119218", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119218);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-8743\"\n );\n\n script_name(english:\"Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-1721)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in\nconjunction with a proxy or backend server that interpreted those\ncharacters differently, a remote attacker could possibly use this flaw\nto inject data into HTTP responses, resulting in proxy cache\npoisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400\nBad Request' error to HTTP clients which do not strictly follow HTTP\nprotocol specification. A newly introduced configuration directive\n'HttpProtocolOptions Unsafe' can be used to re-enable the old less\nstrict parsing. However, such setting also re-introduces the\nCVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite\nProxy 5 systems should consult Red Hat Knowledgebase article 3013361\nlinked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n* Previously, httpd was unable to correctly check a boundary of an\narray, and in rare cases it attempted to access an element of an array\nthat was out of bounds. Consequently, httpd terminated unexpectedly\nwith a segmentation fault at proxy_util.c. With this update, bounds\nchecking has been fixed, and httpd no longer crashes. (BZ#1463354)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-1721.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6120e9a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-1721\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd / httpd-devel / httpd-manual / httpd-tools / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.2.15-60.vl6.4\",\n \"httpd-devel-2.2.15-60.vl6.4\",\n \"httpd-manual-2.2.15-60.vl6.4\",\n \"httpd-tools-2.2.15-60.vl6.4\",\n \"mod_ssl-2.2.15-60.vl6.4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T07:10:32", "description": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. (CVE-2016-8743)\n\nImpact\n\nAn attacker may be able to perform HTTP request smuggling through specially crafted HTTP requests. For more information about HTTP request smuggling, refer to Section 9.5 Request Smuggling of Internet Engineering Task Force (RFC 7230).\n\nNote : This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.", "cvss3": {}, "published": "2018-05-24T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Apache vulnerability (K00373024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2020-03-18T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL00373024.NASL", "href": "https://www.tenable.com/plugins/nessus/110056", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K00373024.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110056);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/18\");\n\n script_cve_id(\"CVE-2016-8743\");\n\n script_name(english:\"F5 Networks BIG-IP : Apache vulnerability (K00373024)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was\nliberal in the whitespace accepted from requests and sent in response\nlines and headers. Accepting these different behaviors represented a\nsecurity concern when httpd participates in any chain of proxies or\ninteracts with back-end application servers, either through mod_proxy\nor using conventional CGI mechanisms, and may result in request\nsmuggling, response splitting and cache pollution. (CVE-2016-8743)\n\nImpact\n\nAn attacker may be able to perform HTTP request smuggling through\nspecially crafted HTTP requests. For more information about HTTP\nrequest smuggling, refer to Section 9.5 Request Smuggling of Internet\nEngineering Task Force (RFC 7230).\n\nNote : This link takes you to a resource outside of AskF5. The third\nparty could remove the document without our knowledge.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K00373024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tools.ietf.org/html/rfc7230#section-9.5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K00373024.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K00373024\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.5\",\"11.4.0-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0.2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.5\",\"11.4.0-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0.2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0.2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0.2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0.2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0.2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.5\",\"11.4.0-11.6.5\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0.2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.0.0-13.1.0\",\"12.0.0-12.1.5\",\"11.4.0-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0.2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:11", "description": "Security Fix(es) :\n\n - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400 Bad Request' error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive 'HttpProtocolOptions Unsafe' can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n - Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds.\n Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes.", "cvss3": {}, "published": "2017-07-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170711)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170711_HTTPD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/101387", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101387);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-8743\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170711)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the HTTP parser in httpd\n incorrectly allowed certain characters not permitted by\n the HTTP protocol specification to appear unencoded in\n HTTP request headers. If httpd was used in conjunction\n with a proxy or backend server that interpreted those\n characters differently, a remote attacker could possibly\n use this flaw to inject data into HTTP responses,\n resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400\nBad Request' error to HTTP clients which do not strictly follow HTTP\nprotocol specification. A newly introduced configuration directive\n'HttpProtocolOptions Unsafe' can be used to re-enable the old less\nstrict parsing. However, such setting also re-introduces the\nCVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite\nProxy 5 systems should consult Red Hat Knowledgebase article 3013361\nlinked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n - Previously, httpd was unable to correctly check a\n boundary of an array, and in rare cases it attempted to\n access an element of an array that was out of bounds.\n Consequently, httpd terminated unexpectedly with a\n segmentation fault at proxy_util.c. With this update,\n bounds checking has been fixed, and httpd no longer\n crashes.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1707&L=scientific-linux-errata&F=&S=&P=6813\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?120580a4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"httpd-2.2.15-60.el6_9.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-debuginfo-2.2.15-60.el6_9.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-devel-2.2.15-60.el6_9.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-manual-2.2.15-60.el6_9.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-tools-2.2.15-60.el6_9.4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mod_ssl-2.2.15-60.el6_9.4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:07:50", "description": "Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nAfter installing the updated packages, the httpd service will be restarted automatically.", "cvss3": {}, "published": "2015-08-25T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20150824)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150824_HTTPD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85620", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85620);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3183\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20150824)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nAfter installing the updated packages, the httpd service will be\nrestarted automatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=22101\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?974a1f9e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"httpd-2.2.15-47.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-debuginfo-2.2.15-47.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-devel-2.2.15-47.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-manual-2.2.15-47.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-tools-2.2.15-47.sl6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mod_ssl-2.2.15-47.sl6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:07:11", "description": "Apache Foundation reports :\n\nCVE-2015-3183 core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters.", "cvss3": {}, "published": "2015-07-20T00:00:00", "type": "nessus", "title": "FreeBSD : apache22 -- chunk header parsing defect (29083f8e-2ca8-11e5-86ff-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache22-worker-mpm", "p-cpe:/a:freebsd:freebsd:apache22-peruser-mpm", "p-cpe:/a:freebsd:freebsd:apache22-itk-mpm", "p-cpe:/a:freebsd:freebsd:apache22-event-mpm", "p-cpe:/a:freebsd:freebsd:apache22", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_29083F8E2CA811E586FF14DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/84860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84860);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3183\");\n\n script_name(english:\"FreeBSD : apache22 -- chunk header parsing defect (29083f8e-2ca8-11e5-86ff-14dae9d210b8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache Foundation reports :\n\nCVE-2015-3183 core: Fix chunk header parsing defect. Remove\napr_brigade_flatten(), buffering and duplicated code from the HTTP_IN\nfilter, parse chunks in a single pass with zero copy. Limit accepted\nchunk-size to 2^63-1 and be strict about chunk-ext authorized\ncharacters.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/Announcement2.2.html\"\n );\n # https://github.com/apache/httpd/commit/29779fd08c18b18efc5e640d74cbe297c7ec007e\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9fdaabfc\"\n );\n # https://vuxml.freebsd.org/freebsd/29083f8e-2ca8-11e5-86ff-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04efdaa2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22-event-mpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22-itk-mpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22-peruser-mpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22-worker-mpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache22<=2.2.29_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22-event-mpm<=2.2.29_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22-itk-mpm<=2.2.29_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22-peruser-mpm<=2.2.29_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22-worker-mpm<=2.2.29_5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:01:05", "description": "Apache HTTP Request Parsing Whitespace Defects\n\nIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.(CVE-2016-8743)", "cvss3": {}, "published": "2017-06-23T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd (ALAS-2017-851)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-851.NASL", "href": "https://www.tenable.com/plugins/nessus/101004", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-851.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101004);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-8743\");\n script_xref(name:\"ALAS\", value:\"2017-851\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2017-851)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache HTTP Request Parsing Whitespace Defects\n\nIt was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in\nconjunction with a proxy or backend server that interpreted those\ncharacters differently, a remote attacker could possibly use this flaw\nto inject data into HTTP responses, resulting in proxy cache\npoisoning.(CVE-2016-8743)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-851.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.32-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.32-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.32-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.32-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.32-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.32-1.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:59", "description": "From Red Hat Security Advisory 2017:1721 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400 Bad Request' error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive 'HttpProtocolOptions Unsafe' can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n* Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes. (BZ#1463354)", "cvss3": {}, "published": "2017-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : httpd (ELSA-2017-1721)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-1721.NASL", "href": "https://www.tenable.com/plugins/nessus/101382", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:1721 and \n# Oracle Linux Security Advisory ELSA-2017-1721 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101382);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-8743\");\n script_xref(name:\"RHSA\", value:\"2017:1721\");\n\n script_name(english:\"Oracle Linux 6 : httpd (ELSA-2017-1721)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:1721 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in\nconjunction with a proxy or backend server that interpreted those\ncharacters differently, a remote attacker could possibly use this flaw\nto inject data into HTTP responses, resulting in proxy cache\npoisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400\nBad Request' error to HTTP clients which do not strictly follow HTTP\nprotocol specification. A newly introduced configuration directive\n'HttpProtocolOptions Unsafe' can be used to re-enable the old less\nstrict parsing. However, such setting also re-introduces the\nCVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite\nProxy 5 systems should consult Red Hat Knowledgebase article 3013361\nlinked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n* Previously, httpd was unable to correctly check a boundary of an\narray, and in rare cases it attempted to access an element of an array\nthat was out of bounds. Consequently, httpd terminated unexpectedly\nwith a segmentation fault at proxy_util.c. With this update, bounds\nchecking has been fixed, and httpd no longer crashes. (BZ#1463354)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-July/007045.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"httpd-2.2.15-60.0.1.el6_9.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-devel-2.2.15-60.0.1.el6_9.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-manual-2.2.15-60.0.1.el6_9.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-tools-2.2.15-60.0.1.el6_9.4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mod_ssl-2.2.15-60.0.1.el6_9.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:44", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400 Bad Request' error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive 'HttpProtocolOptions Unsafe' can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n* Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes. (BZ#1463354)", "cvss3": {}, "published": "2017-07-12T00:00:00", "type": "nessus", "title": "RHEL 6 : httpd (RHSA-2017:1721)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2019-10-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2017-1721.NASL", "href": "https://www.tenable.com/plugins/nessus/101385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1721. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101385);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2016-8743\");\n script_xref(name:\"RHSA\", value:\"2017:1721\");\n\n script_name(english:\"RHEL 6 : httpd (RHSA-2017:1721)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in\nconjunction with a proxy or backend server that interpreted those\ncharacters differently, a remote attacker could possibly use this flaw\nto inject data into HTTP responses, resulting in proxy cache\npoisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400\nBad Request' error to HTTP clients which do not strictly follow HTTP\nprotocol specification. A newly introduced configuration directive\n'HttpProtocolOptions Unsafe' can be used to re-enable the old less\nstrict parsing. However, such setting also re-introduces the\nCVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite\nProxy 5 systems should consult Red Hat Knowledgebase article 3013361\nlinked to in the Reference section before installing this update.\n\nBug Fix(es) :\n\n* Previously, httpd was unable to correctly check a boundary of an\narray, and in rare cases it attempted to access an element of an array\nthat was out of bounds. Consequently, httpd terminated unexpectedly\nwith a segmentation fault at proxy_util.c. With this update, bounds\nchecking has been fixed, and httpd no longer crashes. (BZ#1463354)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/3013361\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8743\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1721\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-debuginfo-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-devel-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-manual-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-tools-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-tools-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ssl-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_ssl-2.2.15-60.el6_9.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.15-60.el6_9.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:37", "description": "The version of IBM HTTP Server running on the remote host is affected by an HTTP request smuggling vulnerability related to Apache HTTP Server. The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-16T00:00:00", "type": "nessus", "title": "IBM HTTP Server 6.1.0.0 <= 6.1.0.47 / 7.0.0.0 < 7.0.0.39 / 8.0.0.0 < 8.0.0.12 / 8.5.0.0 < 8.5.5.7 HTTP Request Smuggling (533835)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:http_server"], "id": "IBM_HTTP_SERVER_533835.NASL", "href": "https://www.tenable.com/plugins/nessus/144304", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144304);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2015-3183\");\n script_bugtraq_id(75963);\n\n script_name(english:\"IBM HTTP Server 6.1.0.0 <= 6.1.0.47 / 7.0.0.0 < 7.0.0.39 / 8.0.0.0 < 8.0.0.12 / 8.5.0.0 < 8.5.5.7 HTTP Request Smuggling (533835)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an HTTP request smuggling vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM HTTP Server running on the remote host is affected by an HTTP request smuggling vulnerability\nrelated to Apache HTTP Server. The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does\nnot properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted\nrequest, related to mishandling of large chunk-size values and invalid chunk-extension characters in\nmodules/http/http_filters.c.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/533835\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM HTTP Server version 7.0.0.39, 8.0.0.12, 8.5.5.7, or later. Alternatively, upgrade to the minimal fix\npack levels required by the interim fix and then apply Interim Fix PI42928 or PI45596 (6.1.x only).\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3183\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_http_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM HTTP Server (IHS)\");\n\n exit(0);\n}\n\n\ninclude('vcf.inc');\n\napp = 'IBM HTTP Server (IHS)';\nfix = 'Interim Fix PI42928';\n\napp_info = vcf::get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\nif ('PI42928' >< app_info['Fixes'] || 'PI45596' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '6.1.0.0', 'max_version' : '6.1.0.47', 'fixed_display' : 'Interim Fix PI45596' },\n { 'min_version' : '7.0.0.0', 'max_version' : '7.0.0.37', 'fixed_display' : '7.0.0.39 or ' + fix },\n { 'min_version' : '8.0.0.0', 'max_version' : '8.0.0.11', 'fixed_display' : '8.0.0.12 or ' + fix },\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.6', 'fixed_display' : '8.5.5.7 or ' + fix }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:31:15", "description": "Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.", "cvss3": {}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd (ALAS-2015-578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-578.NASL", "href": "https://www.tenable.com/plugins/nessus/85451", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-578.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85451);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-3183\");\n script_xref(name:\"ALAS\", value:\"2015-578\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2015-578)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-578.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.31-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.31-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.31-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.31-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.31-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.31-1.6.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:08:42", "description": "Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd service will be restarted automatically.", "cvss3": {}, "published": "2015-08-26T00:00:00", "type": "nessus", "title": "CentOS 6 : httpd (CESA-2015:1668)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2015-1668.NASL", "href": "https://www.tenable.com/plugins/nessus/85637", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1668 and \n# CentOS Errata and Security Advisory 2015:1668 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85637);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-3183\");\n script_xref(name:\"RHSA\", value:\"2015:1668\");\n\n script_name(english:\"CentOS 6 : httpd (CESA-2015:1668)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the updated packages, the httpd service will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021344.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e449983e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3183\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-2.2.15-47.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-devel-2.2.15-47.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-manual-2.2.15-47.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-tools-2.2.15-47.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"mod_ssl-2.2.15-47.el6.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:38:48", "description": "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.", "cvss3": {}, "published": "2016-05-26T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Apache vulnerability (SOL17251)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting"], "id": "F5_BIGIP_SOL17251.NASL", "href": "https://www.tenable.com/plugins/nessus/91329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL17251.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91329);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2015-3183\");\n script_bugtraq_id(75963);\n\n script_name(english:\"F5 Networks BIG-IP : Apache vulnerability (SOL17251)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The chunked transfer coding implementation in the Apache HTTP Server\nbefore 2.4.14 does not properly parse chunk headers, which allows\nremote attackers to conduct HTTP request smuggling attacks via a\ncrafted request, related to mishandling of large chunk-size values and\ninvalid chunk-extension characters in modules/http/http_filters.c.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17251\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL17251.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL17251\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:06:30", "description": "A vulnerability has been found in the Apache HTTP Server.\n\nCVE-2015-3183\n\nApache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling via a crafted request. This flaw relates to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.\n\nFor the squeeze distribution, these issues have been fixed in version 2.2.16-6+squeeze15 of apache2.\n\nWe recommend you to upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "Debian DLA-284-1 : apache2 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-dbg", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-mpm-event", "p-cpe:/a:debian:debian_linux:apache2-mpm-itk", "p-cpe:/a:debian:debian_linux:apache2-mpm-prefork", "p-cpe:/a:debian:debian_linux:apache2-mpm-worker", "p-cpe:/a:debian:debian_linux:apache2-prefork-dev", "p-cpe:/a:debian:debian_linux:apache2-suexec", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-threaded-dev", "p-cpe:/a:debian:debian_linux:apache2-utils", "p-cpe:/a:debian:debian_linux:apache2.2-bin", "p-cpe:/a:debian:debian_linux:apache2.2-common", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-284.NASL", "href": "https://www.tenable.com/plugins/nessus/85051", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-284-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85051);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3183\");\n script_bugtraq_id(75963);\n\n script_name(english:\"Debian DLA-284-1 : apache2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found in the Apache HTTP Server.\n\nCVE-2015-3183\n\nApache HTTP Server did not properly parse chunk headers, which allowed\nremote attackers to conduct HTTP request smuggling via a crafted\nrequest. This flaw relates to mishandling of large chunk-size values\nand invalid chunk-extension characters in modules/http/http_filters.c.\n\nFor the squeeze distribution, these issues have been fixed in version\n2.2.16-6+squeeze15 of apache2.\n\nWe recommend you to upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/07/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/apache2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"apache2\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-dbg\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-doc\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2-utils\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-bin\", reference:\"2.2.16-6+squeeze15\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"apache2.2-common\", reference:\"2.2.16-6+squeeze15\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:08:51", "description": "From Red Hat Security Advisory 2015:1668 :\n\nUpdated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd service will be restarted automatically.", "cvss3": {}, "published": "2015-08-25T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : httpd (ELSA-2015-1668)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2015-1668.NASL", "href": "https://www.tenable.com/plugins/nessus/85614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1668 and \n# Oracle Linux Security Advisory ELSA-2015-1668 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85614);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-3183\");\n script_xref(name:\"RHSA\", value:\"2015:1668\");\n\n script_name(english:\"Oracle Linux 6 : httpd (ELSA-2015-1668)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1668 :\n\nUpdated httpd packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the updated packages, the httpd service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005355.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"httpd-2.2.15-47.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-devel-2.2.15-47.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-manual-2.2.15-47.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-tools-2.2.15-47.0.1.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mod_ssl-2.2.15-47.0.1.el6_7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:07:27", "description": "Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd service will be restarted automatically.", "cvss3": {}, "published": "2015-08-25T00:00:00", "type": "nessus", "title": "RHEL 6 : httpd (RHSA-2015:1668)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2015-1668.NASL", "href": "https://www.tenable.com/plugins/nessus/85618", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1668. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85618);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-3183\");\n script_xref(name:\"RHSA\", value:\"2015:1668\");\n\n script_name(english:\"RHEL 6 : httpd (RHSA-2015:1668)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would\ndecode differently from an HTTP proxy software in front of it,\npossibly leading to HTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the updated packages, the httpd service will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3183\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1668\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-debuginfo-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-devel-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-manual-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-tools-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-tools-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ssl-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_ssl-2.2.15-47.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.15-47.el6_7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:09:10", "description": "Apache was updated to fix one security vulnerability and two bugs.\n\nFollowing security issue was fixed.\n\n - Fix the chunked transfer coding implementation in the Apache (bsc#938728, CVE-2015-3183)\n\nBugs fixed :\n\n - add SSLSessionTickets directive (bsc#941676)\n\n - hardcode modules %files (bsc#444878)\n\n - only enable the port 443 for TCP protocol, not UDP.\n (bsc#931002)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-11-03T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : apache2 (SUSE-SU-2015:1885-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1885-2.NASL", "href": "https://www.tenable.com/plugins/nessus/86709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1885-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86709);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3183\");\n script_bugtraq_id(75963);\n\n script_name(english:\"SUSE SLES11 Security Update : apache2 (SUSE-SU-2015:1885-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache was updated to fix one security vulnerability and two bugs.\n\nFollowing security issue was fixed.\n\n - Fix the chunked transfer coding implementation in the\n Apache (bsc#938728, CVE-2015-3183)\n\nBugs fixed :\n\n - add SSLSessionTickets directive (bsc#941676)\n\n - hardcode modules %files (bsc#444878)\n\n - only enable the port 443 for TCP protocol, not UDP.\n (bsc#931002)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=444878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941676\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3183/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151885-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c970eb4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Studio Onsite 1.3 :\n\nzypper in -t patch slestso13-apache2-12181=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-apache2-12181=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-apache2-12181=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-apache2-12181=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-apache2-12181=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-apache2-12181=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-apache2-12181=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-apache2-12181=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-doc-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-example-pages-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-prefork-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-utils-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-worker-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-doc-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-example-pages-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-prefork-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-utils-2.2.12-59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-worker-2.2.12-59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:36:26", "description": "Security fix for CVE-2016-2216, CVE-2016-2086\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : nodejs-0.10.42-4.fc22 (2016-8925b6119f)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2086", "CVE-2016-2216"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:nodejs", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-8925B6119F.NASL", "href": "https://www.tenable.com/plugins/nessus/89575", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-8925b6119f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89575);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2086\", \"CVE-2016-2216\");\n script_xref(name:\"FEDORA\", value:\"2016-8925b6119f\");\n\n script_name(english:\"Fedora 22 : nodejs-0.10.42-4.fc22 (2016-8925b6119f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-2216, CVE-2016-2086\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1306200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1306203\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9101fdda\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nodejs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"nodejs-0.10.42-4.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:11:41", "description": "CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat7 (ALAS-2016-777)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7-log4j", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-777.NASL", "href": "https://www.tenable.com/plugins/nessus/95897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-777.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95897);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8735\");\n script_xref(name:\"ALAS\", value:\"2016-777\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2016-777)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to\npermitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in\nJmxRemoteLifecycleListener\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2016-777.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update tomcat7' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-log4j-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.73-1.23.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.73-1.23.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T14:34:09", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-04-13T00:00:00", "type": "nessus", "title": "RHEL 7 : tomcat (RHSA-2017:0935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat", "p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc", "p-cpe:/a:redhat:enterprise_linux:tomcat-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat-webapps", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/99348", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0935. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99348);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0935\");\n\n script_name(english:\"RHEL 7 : tomcat (RHSA-2017:0935)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8745\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0935\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T14:35:47", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "CentOS 7 : tomcat (CESA-2017:0935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tomcat", "p-cpe:/a:centos:centos:tomcat-admin-webapps", "p-cpe:/a:centos:centos:tomcat-docs-webapp", "p-cpe:/a:centos:centos:tomcat-el-2.2-api", "p-cpe:/a:centos:centos:tomcat-javadoc", "p-cpe:/a:centos:centos:tomcat-jsp-2.2-api", "p-cpe:/a:centos:centos:tomcat-jsvc", "p-cpe:/a:centos:centos:tomcat-lib", "p-cpe:/a:centos:centos:tomcat-servlet-3.0-api", "p-cpe:/a:centos:centos:tomcat-webapps", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/99384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0935 and \n# CentOS Errata and Security Advisory 2017:0935 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99384);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0935\");\n\n script_name(english:\"CentOS 7 : tomcat (CESA-2017:0935)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-April/022384.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6f9e6646\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-admin-webapps-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-docs-webapp-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-el-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-javadoc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsp-2.2-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-jsvc-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-lib-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-servlet-3.0-api-7.0.69-11.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tomcat-webapps-7.0.69-11.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:00:50", "description": "According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:tomcat", "p-cpe:/a:huawei:euleros:tomcat-admin-webapps", "p-cpe:/a:huawei:euleros:tomcat-el-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api", "p-cpe:/a:huawei:euleros:tomcat-lib", "p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api", "p-cpe:/a:huawei:euleros:tomcat-webapps", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1082.NASL", "href": "https://www.tenable.com/plugins/nessus/99948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99948);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1082)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the tomcat packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the code that parsed the HTTP\n request line permitted invalid characters. This could\n be exploited, in conjunction with a proxy that also\n permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\n By manipulating the HTTP response the attacker could\n poison a web-cache, perform an XSS attack, or obtain\n sensitive information from requests other then their\n own. (CVE-2016-6816)\n\n - A bug was discovered in the error handling of the send\n file code for the NIO HTTP connector. This led to the\n current Processor object being added to the Processor\n cache multiple times allowing information leakage\n between requests including, and not limited to, session\n ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1082\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f998546\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-11\",\n \"tomcat-admin-webapps-7.0.69-11\",\n \"tomcat-el-2.2-api-7.0.69-11\",\n \"tomcat-jsp-2.2-api-7.0.69-11\",\n \"tomcat-lib-7.0.69-11\",\n \"tomcat-servlet-3.0-api-7.0.69-11\",\n \"tomcat-webapps-7.0.69-11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:03:01", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-0527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:tomcat6", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-admin-webapps", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-docs-webapp", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-el-2.1-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-jsp-2.1-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-lib", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-servlet-2.5-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat6-webapps", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/101438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101438);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-0527)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0527.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f9920be2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0527\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat6 / tomcat6-admin-webapps / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat6-6.0.24-105.vl6\",\n \"tomcat6-admin-webapps-6.0.24-105.vl6\",\n \"tomcat6-docs-webapp-6.0.24-105.vl6\",\n \"tomcat6-el-2.1-api-6.0.24-105.vl6\",\n \"tomcat6-javadoc-6.0.24-105.vl6\",\n \"tomcat6-jsp-2.1-api-6.0.24-105.vl6\",\n \"tomcat6-lib-6.0.24-105.vl6\",\n \"tomcat6-servlet-2.5-api-6.0.24-105.vl6\",\n \"tomcat6-webapps-6.0.24-105.vl6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:02:08", "description": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2017-0935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:tomcat", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-admin-webapps", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-docs-webapp", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-el-2.2-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-javadoc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsp-2.2-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsvc", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-lib", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-servlet-3.0-api", "p-cpe:/a:virtuozzo:virtuozzo:tomcat-webapps", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-0935.NASL", "href": "https://www.tenable.com/plugins/nessus/101450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101450);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-6816\",\n \"CVE-2016-8745\"\n );\n\n script_name(english:\"Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2017-0935)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0935.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf47d5ba\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"tomcat-7.0.69-11.vl7\",\n \"tomcat-admin-webapps-7.0.69-11.vl7\",\n \"tomcat-docs-webapp-7.0.69-11.vl7\",\n \"tomcat-el-2.2-api-7.0.69-11.vl7\",\n \"tomcat-javadoc-7.0.69-11.vl7\",\n \"tomcat-jsp-2.2-api-7.0.69-11.vl7\",\n \"tomcat-jsvc-7.0.69-11.vl7\",\n \"tomcat-lib-7.0.69-11.vl7\",\n \"tomcat-servlet-3.0-api-7.0.69-11.vl7\",\n \"tomcat-webapps-7.0.69-11.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:57:21", "description": "An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "RHEL 6 : tomcat6 (RHSA-2017:0527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-0527.NASL", "href": "https://www.tenable.com/plugins/nessus/97767", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0527. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97767);\n script_version(\"3.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"RHEL 6 : tomcat6 (RHSA-2017:0527)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for tomcat6 is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nSecurity Fix(es) :\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction\nwith a proxy that also permitted the invalid characters but with a\ndifferent interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack, or obtain sensitive information from requests\nother then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when request contains characters that are not permitted by the\nHTTP specification to appear not encoded, even though they were\npreviously accepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\n(|) in not encoded form, as these are often used in URLs without being\nproperly encoded.\n\n* A bug was discovered in the error handling of the send file code for\nthe NIO HTTP connector. This led to the current Processor object being\nadded to the Processor cache multiple times allowing information\nleakage between requests including, and not limited to, session ID and\nthe response body. (CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8745\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0527\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.24-105.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.24-105.el6_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T14:57:29", "description": "It was discovered that the code that parsed the HTTP request line permitted\n\ninvalid characters. This could be exploited, in conjunction with a proxy that\n\nalso permitted the invalid characters but with a different interpretation, to\n\ninject data into the HTTP response. By manipulating the HTTP response the\n\nattacker could poison a web-cache, perform an XSS attack, or obtain sensitive\n\ninformation from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when\n\nrequest contains characters that are not permitted by the HTTP specification to\n\nappear not encoded, even though they were previously accepted. The newly\n\nintroduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow\n\ncan be used to configure Tomcat to accept curly braces ({ and }) and the pipe\n\nsymbol (|) in not encoded form, as these are often used in URLs without being\n\nproperly encoded.\n\n - A bug was discovered in the error handling of the send file code for the NIO\n\nHTTP connector. This led to the current Processor object being added to the\n\nProcessor cache multiple times allowing information leakage between requests\n\nincluding, and not limited to, session ID and the response body.\n(CVE-2016-8745)", "cvss3": {}, "published": "2017-03-30T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : tomcat6 (ALAS-2017-810)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat6", "p-cpe:/a:amazon:linux:tomcat6-admin-webapps", "p-cpe:/a:amazon:linux:tomcat6-docs-webapp", "p-cpe:/a:amazon:linux:tomcat6-el-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-javadoc", "p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api", "p-cpe:/a:amazon:linux:tomcat6-lib", "p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api", "p-cpe:/a:amazon:linux:tomcat6-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-810.NASL", "href": "https://www.tenable.com/plugins/nessus/99037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-810.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99037);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_xref(name:\"ALAS\", value:\"2017-810\");\n script_xref(name:\"RHSA\", value:\"2017:0527\");\n\n script_name(english:\"Amazon Linux AMI : tomcat6 (ALAS-2017-810)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the code that parsed the HTTP request line\npermitted\n\ninvalid characters. This could be exploited, in conjunction with a\nproxy that\n\nalso permitted the invalid characters but with a different\ninterpretation, to\n\ninject data into the HTTP response. By manipulating the HTTP response\nthe\n\nattacker could poison a web-cache, perform an XSS attack, or obtain\nsensitive\n\ninformation from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request\nerror when\n\nrequest contains characters that are not permitted by the HTTP\nspecification to\n\nappear not encoded, even though they were previously accepted. The\nnewly\n\nintroduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow\n\ncan be used to configure Tomcat to accept curly braces ({ and }) and\nthe pipe\n\nsymbol (|) in not encoded form, as these are often used in URLs\nwithout being\n\nproperly encoded.\n\n - A bug was discovered in the error handling of the send\n file code for the NIO\n\nHTTP connector. This led to the current Processor object being added\nto the\n\nProcessor cache multiple times allowing information leakage between\nrequests\n\nincluding, and not limited to, session ID and the response body.\n(CVE-2016-8745)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-810.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat6' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-admin-webapps-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-docs-webapp-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-el-2.1-api-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-javadoc-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-jsp-2.1-api-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-lib-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-servlet-2.5-api-6.0.51-1.10.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat6-webapps-6.0.51-1.10.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat6 / tomcat6-admin-webapps / tomcat6-docs-webapp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:34:12", "description": "This update for nodejs fixes the following issues :\n\n - CVE-2016-2216: Response splitting vulnerability using Unicode characters (boo#966076)\n\n - CVE-2016-2086: Request smuggling vulnerability (boo#966077)\n\nNode.js was updated to the 4.3.1 LTS version, containing all upstream bug fixes and improvements.", "cvss3": {}, "published": "2016-02-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nodejs (openSUSE-2016-283)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2086", "CVE-2016-2216"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs", "p-cpe:/a:novell:opensuse:nodejs-debuginfo", "p-cpe:/a:novell:opensuse:nodejs-debugsource", "p-cpe:/a:novell:opensuse:nodejs-devel", "p-cpe:/a:novell:opensuse:npm", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-283.NASL", "href": "https://www.tenable.com/plugins/nessus/89019", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-283.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89019);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-2086\", \"CVE-2016-2216\");\n\n script_name(english:\"openSUSE Security Update : nodejs (openSUSE-2016-283)\");\n script_summary(english:\"Check for the openSUSE-2016-283 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs fixes the following issues :\n\n - CVE-2016-2216: Response splitting vulnerability using\n Unicode characters (boo#966076)\n\n - CVE-2016-2086: Request smuggling vulnerability\n (boo#966077)\n\nNode.js was updated to the 4.3.1 LTS version, containing all upstream\nbug fixes and improvements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966077\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nodejs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"nodejs-4.3.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"nodejs-debuginfo-4.3.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"nodejs-debugsource-4.3.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"nodejs-devel-4.3.1-15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nodejs-4.3.1-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nodejs-debuginfo-4.3.1-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nodejs-debugsource-4.3.1-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"nodejs-devel-4.3.1-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"npm-4.3.1-24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs / nodejs-debuginfo / nodejs-debugsource / nodejs-devel / npm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T14:36:46", "description": "Security fix for CVE-2016-2216, CVE-2016-2086\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : nodejs-0.10.42-4.fc23 (2016-3102c11757)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2086", "CVE-2016-2216"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:nodejs", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-3102C11757.NASL", "href": "https://www.tenable.com/plugins/nessus/89508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-3102c11757.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89508);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2086\", \"CVE-2016-2216\");\n script_xref(name:\"FEDORA\", value:\"2016-3102c11757\");\n\n script_name(english:\"Fedora 23 : nodejs-0.10.42-4.fc23 (2016-3102c11757)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-2216, CVE-2016-2086\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1306200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1306203\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?66804462\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nodejs package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"nodejs-0.10.42-4.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-26T14:38:10", "description": "A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not limited to, session ID and the response body.\n\nIn addition this update also addresses a regression when running Tomcat 7 with SecurityManager enabled due to an incomplete fix for CVE-2016-6816.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u9.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-11T00:00:00", "type": "nessus", "title": "Debian DLA-779-1 : tomcat7 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libservlet3.0-java", "p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc", "p-cpe:/a:debian:debian_linux:libtomcat7-java", "p-cpe:/a:debian:debian_linux:tomcat7", "p-cpe:/a:debian:debian_linux:tomcat7-admin", "p-cpe:/a:debian:debian_linux:tomcat7-common", "p-cpe:/a:debian:debian_linux:tomcat7-docs", "p-cpe:/a:debian:debian_linux:tomcat7-examples", "p-cpe:/a:debian:debian_linux:tomcat7-user", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-779.NASL", "href": "https://www.tenable.com/plugins/nessus/96396", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-779-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96396);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8745\");\n\n script_name(english:\"Debian DLA-779-1 : tomcat7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in the error handling of the send file code for the NIO HTTP\nconnector resulted in the current Processor object being added to the\nProcessor cache multiple times. This in turn meant that the same\nProcessor could be used for concurrent requests. Sharing a Processor\ncan result in information leakage between requests including, not\nlimited to, session ID and the response body.\n\nIn addition this update also addresses a regression when running\nTomcat 7 with SecurityManager enabled due to an incomplete fix for\nCVE-2016-6816.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n7.0.28-4+deb7u9.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/01/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/tomcat7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libservlet3.0-java-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtomcat7-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:tomcat7-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libservlet3.0-java-doc\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtomcat7-java\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-admin\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-common\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-docs\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-examples\", reference:\"7.0.28-4+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"tomcat7-user\", reference:\"7.0.28-4+deb7u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2023-05-19T01:17:01", "description": "HTTP headers were not properly parsed, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-05T21:39:14", "type": "osv", "title": "GO-2021-0159", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2023-05-18T20:38:56", "id": "OSV:GO-2021-0159", "href": "https://osv.dev/vulnerability/GO-2021-0159", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:11:05", "description": "\nR\u0102\u0160gis Leroy from Makina Corpus discovered that varnish, a caching HTTP\nreverse proxy, is vulnerable to HTTP smuggling issues, potentially\nresulting in cache poisoning or bypassing of access control policies.\n\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 3.0.2-2+deb7u2.\n\n\nWe recommend that you upgrade your varnish packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-04-22T00:00:00", "type": "osv", "title": "varnish - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2022-08-10T07:11:01", "id": "OSV:DSA-3553-1", "href": "https://osv.dev/vulnerability/DSA-3553-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-30T14:04:10", "description": "The MIME header parser treated spaces and hyphens\nas equivalent, which can permit HTTP request smuggling.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2022-01-05T20:00:00", "type": "osv", "title": "GO-2021-0157", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739"], "modified": "2022-05-23T18:04:20", "id": "OSV:GO-2021-0157", "href": "https://osv.dev/vulnerability/GO-2021-0157", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-11T01:28:01", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2022-05-13T01:14:53", "type": "osv", "title": "Improper Input Validation in Apache Tomcat", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2023-04-11T01:27:57", "id": "OSV:GHSA-JC7P-5R39-9477", "href": "https://osv.dev/vulnerability/GHSA-jc7p-5r39-9477", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-28T06:43:19", "description": "\nA bug in the error handling of the send file code for the NIO HTTP\nconnector resulted in the current Processor object being added to the\nProcessor cache multiple times. This in turn meant that the same\nProcessor could be used for concurrent requests. Sharing a Processor\ncan result in information leakage between requests including, not\nlimited to, session ID and the response body.\n\n\nIn addition this update also addresses a regression when running\nTomcat 7 with SecurityManager enabled due to an incomplete fix for\n[CVE-2016-6816](https://security-tracker.debian.org/tracker/CVE-2016-6816).\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n7.0.28-4+deb7u9.\n\n\nWe recommend that you upgrade your tomcat7 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2017-01-10T00:00:00", "type": "osv", "title": "tomcat7 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2023-06-28T06:43:15", "id": "OSV:DLA-779-1", "href": "https://osv.dev/vulnerability/DLA-779-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:20:08", "description": "\nThis upload fixes a security vulnerability in the header parsing code.\n\n\nDavid Dennerline, of IBM Security's X-Force Researchers, and R\u00e9gis\nLeroy discovered problems in the way Apache handled a broad pattern of\nunusual whitespace patterns in HTTP requests. In some configurations,\nthis could lead to response splitting or cache pollution\nvulnerabilities. To fix these issues, this update makes Apache httpd\nbe more strict in what HTTP requests it accepts.\n\n\nIf this causes problems with non-conforming clients, some checks can\nbe relaxed by adding the new directive HttpProtocolOptions unsafe to\nthe configuration. More information is available at\n\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n2.2.22-13+deb7u8.\n\n\nWe recommend that you upgrade your apache2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-28T00:00:00", "type": "osv", "title": "apache2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2022-08-05T05:20:06", "id": "OSV:DLA-841-1", "href": "https://osv.dev/vulnerability/DLA-841-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-28T06:27:13", "description": "\nThe fix for [CVE-2016-8743](https://security-tracker.debian.org/tracker/CVE-2016-8743) \nin apache2 2.2.22-13+deb7u8 (DLA-841-1) caused\n#852623 in sitesummary, breaking the sitesummary-upload functionality.\nTo address this sitesummary-upload needs to be changed to send CRLF (\\r\\n)\nline endings to be compliant with the apache security fixes for HTTP requests.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n0.1.8+deb7u2.\n\n\nWe recommend that you upgrade your sitesummary packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-03-19T00:00:00", "type": "osv", "title": "sitesummary - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2023-06-28T06:27:09", "id": "OSV:DLA-862-1", "href": "https://osv.dev/vulnerability/DLA-862-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-05T05:20:09", "description": "\nThis upload fixes a security vulnerability in the header parsing code.\n\n\nDavid Dennerline, of IBM Security's X-Force Researchers, and R\u00e9gis\nLeroy discovered problems in the way Apache handled a broad pattern of\nunusual whitespace patterns in HTTP requests. In some configurations,\nthis could lead to response splitting or cache pollution\nvulnerabilities. To fix these issues, this update makes Apache httpd\nbe more strict in what HTTP requests it accepts.\n\n\nIf this causes problems with non-conforming clients, some checks can\nbe relaxed by adding the new directive HttpProtocolOptions unsafe to\nthe configuration. More information is available at\n\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n2.2.22-13+deb7u8.\n\n\nWe recommend that you upgrade your apache2 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-28T00:00:00", "type": "osv", "title": "apache2 - regression update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2022-08-05T05:20:06", "id": "OSV:DLA-841-2", "href": "https://osv.dev/vulnerability/DLA-841-2", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-21T08:14:50", "description": "\nA vulnerability has been found in the Apache HTTP Server.\n\n\n* [CVE-2015-3183](https://security-tracker.debian.org/tracker/CVE-2015-3183)\nApache HTTP Server did not properly parse chunk headers, which\n allowed remote attackers to conduct HTTP request smuggling via a\n crafted request. This flaw relates to mishandling of large\n chunk-size values and invalid chunk-extension characters in\n modules/http/http\\_filters.c.\n\n\nFor the squeeze distribution, these issues have been fixed in version\n2.2.16-6+squeeze15 of apache2.\n\n\nWe recommend you to upgrade your apache2 packages.\n\n\n", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "osv", "title": "apache2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2022-07-21T05:53:57", "id": "OSV:DLA-284-1", "href": "https://osv.dev/vulnerability/DLA-284-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2020-02-20T20:56:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-02T00:00:00", "type": "openvas", "title": "Fedora Update for golang FEDORA-2015-15618", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5740", "CVE-2015-5741", "CVE-2015-5739"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562310869977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869977", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for golang FEDORA-2015-15618\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869977\");\n script_version(\"2020-02-18T15:18:54+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 15:18:54 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-02 07:09:24 +0200 (Fri, 02 Oct 2015)\");\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for golang FEDORA-2015-15618\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'golang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"golang on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-15618\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.5.1~0.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T20:56:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-20T00:00:00", "type": "openvas", "title": "Fedora Update for golang FEDORA-2015-12957", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5740", "CVE-2015-5741", "CVE-2015-5739"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562310869881", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869881", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for golang FEDORA-2015-12957\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869881\");\n script_version(\"2020-02-18T15:18:54+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 15:18:54 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:42:19 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for golang FEDORA-2015-12957\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'golang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"golang on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-12957\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163971.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.4.2~3.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T20:56:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-20T00:00:00", "type": "openvas", "title": "Fedora Update for golang FEDORA-2015-13002", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5740", "CVE-2015-5741", "CVE-2015-5739"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562310869876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869876", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for golang FEDORA-2015-13002\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869876\");\n script_version(\"2020-02-18T15:18:54+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 15:18:54 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:40:44 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for golang FEDORA-2015-13002\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'golang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"golang on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-13002\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163980.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.4.2~3.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:59:34", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-588)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5740", "CVE-2015-5741", "CVE-2015-5739"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120511", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120511", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120511\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:28:16 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-588)\");\n script_tag(name:\"insight\", value:\"As discussed upstream -- here and here -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers (like Content Length: with a space in the middle) and Double Content-length headers in a request does not generate a 400 error, the second Content-length is ignored.\");\n script_tag(name:\"solution\", value:\"Run yum update golang docker to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-588.html\");\n script_cve_id(\"CVE-2015-5741\", \"CVE-2015-5740\", \"CVE-2015-5739\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-bin-linux-386\", rpm:\"golang-pkg-bin-linux-386~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-plan9-386\", rpm:\"golang-pkg-plan9-386~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-netbsd-arm\", rpm:\"golang-pkg-netbsd-arm~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-windows-amd64\", rpm:\"golang-pkg-windows-amd64~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-openbsd-386\", rpm:\"golang-pkg-openbsd-386~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-freebsd-amd64\", rpm:\"golang-pkg-freebsd-amd64~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-windows-386\", rpm:\"golang-pkg-windows-386~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-openbsd-amd64\", rpm:\"golang-pkg-openbsd-amd64~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-darwin-amd64\", rpm:\"golang-pkg-darwin-amd64~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-freebsd-386\", rpm:\"golang-pkg-freebsd-386~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-linux-arm\", rpm:\"golang-pkg-linux-arm~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-darwin-386\", rpm:\"golang-pkg-darwin-386~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-netbsd-386\", rpm:\"golang-pkg-netbsd-386~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-linux-386\", rpm:\"golang-pkg-linux-386~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-src\", rpm:\"golang-src~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-netbsd-amd64\", rpm:\"golang-pkg-netbsd-amd64~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-linux-amd64\", rpm:\"golang-pkg-linux-amd64~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-freebsd-arm\", rpm:\"golang-pkg-freebsd-arm~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"golang-pkg-plan9-amd64\", rpm:\"golang-pkg-plan9-amd64~1.4.2~3.16.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-20T20:56:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-02T00:00:00", "type": "openvas", "title": "Fedora Update for golang FEDORA-2015-15619", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5740", "CVE-2015-5741", "CVE-2015-5739"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562310869978", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869978", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for golang FEDORA-2015-15619\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869978\");\n script_version(\"2020-02-18T15:18:54+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 15:18:54 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-02 07:09:32 +0200 (Fri, 02 Oct 2015)\");\n script_cve_id(\"CVE-2015-5739\", \"CVE-2015-5740\", \"CVE-2015-5741\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for golang FEDORA-2015-15619\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'golang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"golang on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-15619\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"golang\", rpm:\"golang~1.5.1~0.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:43", "description": "Regis Leroy from Makina Corpus discovered\nthat varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues,\npotentially resulting in cache poisoning or bypassing of access control policies.", "cvss3": {}, "published": "2016-04-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3553-1 (varnish - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8852"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703553", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3553.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3553-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703553\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-8852\");\n script_name(\"Debian Security Advisory DSA 3553-1 (varnish - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-22 00:00:00 +0200 (Fri, 22 Apr 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3553.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"varnish on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 3.0.2-2+deb7u2.\n\nWe recommend that you upgrade your varnish packages.\");\n script_tag(name:\"summary\", value:\"Regis Leroy from Makina Corpus discovered\nthat varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues,\npotentially resulting in cache poisoning or bypassing of access control policies.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libvarnishapi-dev\", ver:\"3.0.2-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libvarnishapi1\", ver:\"3.0.2-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"varnish\", ver:\"3.0.2-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"varnish-dbg\", ver:\"3.0.2-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"varnish-doc\", ver:\"3.0.2-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:12", "description": "Mageia Linux Local Security Checks mgasa-2016-0150", "cvss3": {}, "published": "2016-05-09T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0150", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8852"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310131299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131299", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0150.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131299\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:18:02 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0150\");\n script_tag(name:\"insight\", value:\"Updated varnish packages fix security vulnerabilities: Rgis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies (CVE-2015-8852).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0150.html\");\n script_cve_id(\"CVE-2015-8852\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0150\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"varnish\", rpm:\"varnish~3.0.3~19.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:55:04", "description": "Regis Leroy from Makina Corpus discovered\nthat varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues,\npotentially resulting in cache poisoning or bypassing of access control policies.", "cvss3": {}, "published": "2016-04-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3553-1 (varnish - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8852"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703553", "href": "http://plugins.openvas.org/nasl.php?oid=703553", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3553.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3553-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703553);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-8852\");\n script_name(\"Debian Security Advisory DSA 3553-1 (varnish - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-04-22 00:00:00 +0200 (Fri, 22 Apr 2016)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3553.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"varnish on Debian Linux\");\n script_tag(name: \"insight\", value: \"Varnish Cache is a state of the art\nweb accelerator written with performance and flexibility in mind.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 3.0.2-2+deb7u2.\n\nWe recommend that you upgrade your varnish packages.\");\n script_tag(name: \"summary\", value: \"Regis Leroy from Makina Corpus discovered\nthat varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues,\npotentially resulting in cache poisoning or bypassing of access control policies.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libvarnishapi-dev\", ver:\"3.0.2-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvarnishapi1\", ver:\"3.0.2-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"varnish\", ver:\"3.0.2-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"varnish-dbg\", ver:\"3.0.2-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"varnish-doc\", ver:\"3.0.2-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-03-17T22:55:18", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-721)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8852"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120710", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120710", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120710\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:15 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-721)\");\n script_tag(name:\"insight\", value:\"Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. (CVE-2015-8852 )\");\n script_tag(name:\"solution\", value:\"Run yum update varnish to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-721.html\");\n script_cve_id(\"CVE-2015-8852\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"varnish-debuginfo\", rpm:\"varnish-debuginfo~3.0.7~1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"varnish-libs\", rpm:\"varnish-libs~3.0.7~1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"varnish\", rpm:\"varnish~3.0.7~1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"varnish-libs-devel\", rpm:\"varnish-libs-devel~3.0.7~1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"varnish-docs\", rpm:\"varnish-docs~3.0.7~1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-05-12T17:07:24", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP Request Line Information Disclosure Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2020-05-08T00:00:00", "id": "OPENVAS:1361412562310810730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810730", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_http_req_line_info_disc_vuln.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat HTTP Request Line Information Disclosure Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810730\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_cve_id(\"CVE-2016-6816\");\n script_bugtraq_id(94461);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-04 14:36:33 +0530 (Tue, 04 Apr 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_active\");\n script_name(\"Apache Tomcat HTTP Request Line Information Disclosure Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The code that parsed the HTTP request line\n permitted invalid characters. This could be exploited, in conjunction with a\n proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,\n Apache Tomcat versions 8.5.0 to 8.5.6,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.38,\n Apache Tomcat versions 7.0.0 to 7.0.72, and\n Apache Tomcat versions 6.0.0 to 6.0.47.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M13,\n 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\");\n script_xref(name:\"URL\", value:\"https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/http/detected\");\n script_require_ports(\"Services/www\", 8080);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif(!tomPort = get_app_port(cpe:CPE, service:\"www\"))\n exit(0);\n\nif(!dir = get_app_location(cpe:CPE, port:tomPort))\n exit(0);\n\nurl = dir + \"/?{{%25}}cake\\=1\";\n\n## Response will be Apache tomcat front page something like\n## https://en.wikipedia.org/wiki/File:Apache-tomcat-frontpage-epiphany-browser.jpg\nif(http_vuln_check(port:tomPort, url:url, check_header:TRUE,\n pattern:'Apache Software Foundation', extra_check:make_list('tomcat.apache.org<',\n '\"Powered by Tomcat\"', 'tomcat.gif', 'tomcat-power.gif')))\n{\n report = http_report_vuln_url( port:tomPort, url:url );\n security_message(port:tomPort, data:report);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:32:21", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-03-24T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_http_req_line_info_disc_vuln_win.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810717\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6816\");\n script_bugtraq_id(94461);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-24 13:05:36 +0530 (Fri, 24 Mar 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The code that parsed the HTTP request line\n permitted invalid characters. This could be exploited, in conjunction with a\n proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,\n Apache Tomcat versions 8.5.0 to 8.5.6,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.38,\n Apache Tomcat versions 7.0.0 to 7.0.72, and\n Apache Tomcat versions 6.0.0 to 6.0.47 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M13,\n 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\");\n script_xref(name:\"URL\", value:\"https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.47\"))\n {\n fix = \"6.0.48\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.72\"))\n {\n fix = \"7.0.73\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.5.0\", test_version2:\"8.5.6\"))\n {\n fix = \"8.5.8\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.38\"))\n {\n fix = \"8.0.39\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M11\"))\n {\n fix = \"9.0.0.M13\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T18:39:50", "description": "This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2017-03-24T00:00:00", "type": "openvas", "title": "Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6816"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310810718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810718", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_tomcat_http_req_line_info_disc_vuln_lin.nasl 69688 2016-07-24 11:25:47 +0530 March$\n#\n# Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810718\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2016-6816\");\n script_bugtraq_id(94461);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-24 13:27:12 +0530 (Fri, 24 Mar 2017)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache Tomcat HTTP Request Line Information Disclosure Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apache Tomcat\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The code that parsed the HTTP request line\n permitted invalid characters. This could be exploited, in conjunction with a\n proxy that also permitted the invalid characters but with a different\n interpretation, to inject data into the HTTP response.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive\n information from requests other then their own.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat versions 9.0.0.M1 to 9.0.0.M11,\n Apache Tomcat versions 8.5.0 to 8.5.6,\n Apache Tomcat versions 8.0.0.RC1 to 8.0.38,\n Apache Tomcat versions 7.0.0 to 7.0.72, and\n Apache Tomcat versions 6.0.0 to 6.0.47 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 9.0.0.M13,\n 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8\");\n script_xref(name:\"URL\", value:\"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13\");\n script_xref(name:\"URL\", value:\"https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(tomPort = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:tomPort, exit_no_version:TRUE))\n exit(0);\n\nappVer = infos[\"version\"];\npath = infos[\"location\"];\n\nif(appVer =~ \"^[6-9]\\.\")\n{\n if(version_in_range(version:appVer, test_version:\"6.0.0\", test_version2:\"6.0.47\"))\n {\n fix = \"6.0.48\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"7.0.0\", test_version2:\"7.0.72\"))\n {\n fix = \"7.0.73\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.5.0\", test_version2:\"8.5.6\"))\n {\n fix = \"8.5.8\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"8.0.0.RC1\", test_version2:\"8.0.38\"))\n {\n fix = \"8.0.39\";\n VULN = TRUE;\n }\n\n else if(version_in_range(version:appVer, test_version:\"9.0.0.M1\", test_version2:\"9.0.0.M11\"))\n {\n fix = \"9.0.0.M13\";\n VULN = TRUE;\n }\n\n if(VULN)\n {\n report = report_fixed_ver(installed_version:appVer, fixed_version:fix, install_path:path);\n security_message(data:report, port:tomPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:15", "description": "Check the version of httpd", "cvss3": {}, "published": "2017-07-14T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2017:1721 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882751", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882751", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2017:1721 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882751\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-14 15:55:20 +0530 (Fri, 14 Jul 2017)\");\n script_cve_id(\"CVE-2016-8743\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for httpd CESA-2017:1721 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of httpd\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP\nServer, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400 Bad\nRequest' error to HTTP clients which do not strictly follow HTTP protocol\nspecification. A newly introduced configuration directive\n'HttpProtocolOptions Unsafe' can be used to re-enable the old less strict\nparsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5\nsystems should consult Red Hat Knowledgebase article 3013361 linked to in\nthe Reference section before installing this update.\n\nBug Fix(es):\n\n * Previously, httpd was unable to correctly check a boundary of an array,\nand in rare cases it attempted to access an element of an array that was\nout of bounds. Consequently, httpd terminated unexpectedly with a\nsegmentation fault at proxy_util.c. With this update, bounds checking has\nbeen fixed, and httpd no longer crashes. (BZ#1463354)\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:1721\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-July/022496.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~60.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~60.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~60.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~60.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~60.el6.centos.4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-12T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2017:1721-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_1721-01_httpd.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for httpd RHSA-2017:1721-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871843\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-12 07:11:32 +0200 (Wed, 12 Jul 2017)\");\n script_cve_id(\"CVE-2016-8743\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for httpd RHSA-2017:1721-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP\nServer, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return '400 Bad\nRequest' error to HTTP clients which do not strictly follow HTTP protocol\nspecification. A newly introduced configuration directive\n'HttpProtocolOptions Unsafe' can be used to re-enable the old less strict\nparsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5\nsystems should consult Red Hat Knowledgebase article 3013361 linked to in\nthe Reference section before installing this update.\n\nBug Fix(es):\n\n * Previously, httpd was unable to correctly check a boundary of an array,\nand in rare cases it attempted to access an element of an array that was\nout of bounds. Consequently, httpd terminated unexpectedly with a\nsegmentation fault at proxy_util.c. With this update, bounds checking has\nbeen fixed, and httpd no longer crashes. (BZ#1463354)\");\n script_tag(name:\"affected\", value:\"httpd on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1721-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-July/msg00012.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~60.el6_9.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.15~60.el6_9.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~60.el6_9.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~60.el6_9.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~60.el6_9.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~60.el6_9.4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:52", "description": "This host is running Apache HTTP Server\n and is prone multiple vulnerabilities.", "cvss3": {}, "published": "2017-10-16T00:00:00", "type": "openvas", "title": "Apache HTTP Server 'Whitespace Defects' Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2018-10-19T00:00:00", "id": "OPENVAS:1361412562310812033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_http_server_whitespace_mult_vuln.nasl 11983 2018-10-19 10:04:45Z mmartin $\n#\n# Apache HTTP Server 'Whitespace Defects' Multiple Vulnerabilities\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812033\");\n script_version(\"$Revision: 11983 $\");\n script_cve_id(\"CVE-2016-8743\");\n script_bugtraq_id(95077);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 12:04:45 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-16 18:12:40 +0530 (Mon, 16 Oct 2017)\");\n ##qod is remote_banner_unreliable as Apache is vulnerable only\n ##when httpd is participating in any chain of proxies or interacting with back-end\n ##application servers, either through mod_proxy or using conventional CGI mechanisms.\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache HTTP Server 'Whitespace Defects' Multiple Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache HTTP Server\n and is prone multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists as application accepted a\n broad pattern of unusual whitespace patterns from the user-agent, including\n bare CR, FF, VTAB in parsing the request line and request header lines, as\n well as HTAB in parsing the request line. Any bare CR present in request\n lines was treated as whitespace and remained in the request field member\n 'the_request', while a bare CR in the request header field name would be\n honored as whitespace, and a bare CR in the request header field value was\n retained the input headers array. Implied additional whitespace was accepted\n in the request line and prior to the ':' delimiter of any request header lines.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct request smuggling, response splitting and cache pollution\n attacks.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server 2.2.x before 2.2.32 and\n 2.3.x through 2.4.24 prior to 2.4.25\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache HTTP Server 2.2.32 or 2.4.25\n or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://httpd.apache.org/security/vulnerabilities_22.html\");\n script_xref(name:\"URL\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_mandatory_keys(\"apache/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!httpd_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!httpd_ver = get_app_version(cpe:CPE, port:httpd_port)){\n exit(0);\n}\n\n\nif(httpd_ver =~ \"^2\\.(3|4)\")\n{\n if(version_is_less(version:httpd_ver, test_version:\"2.4.25\")){\n fix = \"2.4.25\";\n }\n}\nelse if(httpd_ver =~ \"^2\\.2\")\n{\n if(version_is_less(version:httpd_ver, test_version:\"2.2.32\")){\n fix = \"2.2.32\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:httpd_ver, fixed_version:fix);\n security_message(data:report, port:httpd_port);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-29T20:07:55", "description": "The fix for CVE-2016-8743 in apache2 2.2.22-13+deb7u8 (DLA-841-1) caused\n#852623 in sitesummary, breaking the sitesummary-upload functionality.\nTo address this sitesummary-upload needs to be changed to send CRLF (\\r\\n)\nline endings to be compliant with the apache security fixes for HTTP requests.", "cvss3": {}, "published": "2018-01-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for sitesummary (DLA-862-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8743"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890000", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890000", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890000\");\n script_version(\"2020-01-29T08:33:43+0000\");\n script_cve_id(\"CVE-2016-8743\");\n script_name(\"Debian LTS: Security Advisory for sitesummary (DLA-862-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:33:43 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-12 00:00:00 +0100 (Fri, 12 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00019.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"sitesummary on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n0.1.8+deb7u2.\n\nWe recommend that you upgrade your sitesummary packages.\");\n\n script_tag(name:\"summary\", value:\"The fix for CVE-2016-8743 in apache2 2.2.22-13+deb7u8 (DLA-841-1) caused\n#852623 in sitesummary, breaking the sitesummary-upload functionality.\nTo address this sitesummary-upload needs to be changed to send CRLF (\\r\\n)\nline endings to be compliant with the apache security fixes for HTTP requests.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"sitesummary\", ver:\"0.1.8+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sitesummary-client\", ver:\"0.1.8+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T23:00:16", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120063", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120063\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:16:35 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-578)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.\");\n script_tag(name:\"solution\", value:\"Run yum update httpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-578.html\");\n script_cve_id(\"CVE-2015-3183\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.31~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.31~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.31~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.31~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.31~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:04", "description": "Oracle Linux Local Security Checks ELSA-2015-1668", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1668", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123023", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1668.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123023\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:46 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1668\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1668 - httpd security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1668\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1668.html\");\n script_cve_id(\"CVE-2015-3183\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~47.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~47.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~47.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~47.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~47.0.1.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:55", "description": "Check the version of httpd", "cvss3": {}, "published": "2015-08-26T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2015:1668 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882258", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2015:1668 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882258\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-3183\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-26 09:23:13 +0200 (Wed, 26 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for httpd CESA-2015:1668 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of httpd\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd service will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1668\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021344.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~47.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~47.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~47.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~47.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~47.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:29", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-25T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2015:1668-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3183"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871434", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2015:1668-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871434\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-3183\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-25 07:58:43 +0200 (Tue, 25 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for httpd RHSA-2015:1668-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd service will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1668-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-August/msg00043.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~47.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.15~47.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~47.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~47.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~47.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~47.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-02-23T00:00:00", "type": "openvas", "title": "Fedora Update for nodejs FEDORA-2016-8925", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2086", "CVE-2016-2216"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807281", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs FEDORA-2016-8925\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807281\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-23 06:25:05 +0100 (Tue, 23 Feb 2016)\");\n script_cve_id(\"CVE-2016-2216\", \"CVE-2016-2086\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for nodejs FEDORA-2016-8925\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"nodejs on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-8925\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs\", rpm:\"nodejs~0.10.42~4.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-02-15T00:00:00", "type": "openvas", "title": "Fedora Update for nodejs FEDORA-2016-3102", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2086", "CVE-2016-2216"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807254", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs FEDORA-2016-3102\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807254\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-15 06:38:49 +0100 (Mon, 15 Feb 2016)\");\n script_cve_id(\"CVE-2016-2216\", \"CVE-2016-2086\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for nodejs FEDORA-2016-3102\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"nodejs on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-3102\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs\", rpm:\"nodejs~0.10.42~4.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-14T18:38:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-03-16T00:00:00", "type": "openvas", "title": "RedHat Update for tomcat6 RHSA-2017:0527-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310871773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871773", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871773\");\n script_version(\"2020-03-13T10:06:41+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 10:06:41 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-16 05:49:35 +0100 (Thu, 16 Mar 2017)\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for tomcat6 RHSA-2017:0527-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tomcat6'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Apache Tomcat is a servlet container for\nthe Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n * It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own.\n(CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error\nwhen request contains characters that are not permitted by the HTTP\nspecification to appear not encoded, even though they were previously\naccepted. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol\nin not encoded form, as these are often used in URLs without being properly\nencoded.\n\n * A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body.\n(CVE-2016-8745)\");\n script_tag(name:\"affected\", value:\"tomcat6 on\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0527-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00029.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"tomcat6\", rpm:\"tomcat6~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-el-2.1-api\", rpm:\"tomcat6-el-2.1-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-jsp-2.1-api\", rpm:\"tomcat6-jsp-2.1-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-lib\", rpm:\"tomcat6-lib~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tomcat6-servlet-2.5-api\", rpm:\"tomcat6-servlet-2.5-api~6.0.24~105.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:46", "description": "Mageia Linux Local Security Checks mgasa-2016-0080", "cvss3": {}, "published": "2016-02-22T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0080", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2086", "CVE-2016-2216"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310131240", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0080.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131240\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-22 07:35:30 +0200 (Mon, 22 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0080\");\n script_tag(name:\"insight\", value:\"A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances (CVE-2016-2086). It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks by checking for CRLF characters, it is possible to compose response headers using Unicode characters that decompose to these characters, bypassing the checks previously in place (CVE-2016-2216).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0080.html\");\n script_cve_id(\"CVE-2016-2086\", \"CVE-2016-2216\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0080\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"nodejs\", rpm:\"nodejs~0.10.42~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-02-20T18:45:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8745", "CVE-2016-6816"], "modified": "2020-02-18T00:00:00", "id": "OPENVAS:1361412562311220171081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171081", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1081\");\n script_version(\"2020-02-18T11:13:49+0000\");\n script_cve_id(\"CVE-2016-6816\", \"CVE-2016-8745\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-18 11:13:49 +0000 (Tue, 18 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:48:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2017-1081)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1081\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1081\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'tomcat' package(s) announced via the EulerOS-SA-2017-1081 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nA bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\");\n\n script_tag(name:\"affected\", value:\"'tomcat' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat\", rpm:\"tomcat~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-admin-webapps\", rpm:\"tomcat-admin-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-el-2.2-api\", rpm:\"tomcat-el-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-jsp-2.2-api\", rpm:\"tomcat-jsp-2.2-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-lib\", rpm:\"tomcat-lib~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-servlet-3.0-api\", rpm:\"tomcat-servlet-3.0-api~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat-webapps\", rpm:\"tomcat-webapps~7.0.69~11\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2023-11-27T18:02:13", "description": "**Issue Overview:**\n\nAs discussed upstream -- http://seclists.org/oss-sec/2015/q3/294 and http://seclists.org/oss-sec/2015/q3/237 -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers (like \"Content Length:\" with a space in the middle) and Double Content-length headers in a request does not generate a 400 error, the second Content-length is ignored.\n\n \n**Affected Packages:** \n\n\ngolang, docker\n\n \n**Issue Correction:** \nRun _yum update golang docker_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 golang-pkg-bin-linux-386-1.4.2-3.16.amzn1.i686 \n \u00a0\u00a0\u00a0 golang-1.4.2-3.16.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 golang-pkg-plan9-386-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-netbsd-arm-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-windows-amd64-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-openbsd-386-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-freebsd-amd64-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-windows-386-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-openbsd-amd64-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-darwin-amd64-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-freebsd-386-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-linux-arm-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-darwin-386-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-netbsd-386-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-linux-386-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-src-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-netbsd-amd64-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-linux-amd64-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-freebsd-arm-1.4.2-3.16.amzn1.noarch \n \u00a0\u00a0\u00a0 golang-pkg-plan9-amd64-1.4.2-3.16.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 golang-1.4.2-3.16.amzn1.src \n \u00a0\u00a0\u00a0 docker-1.6.2-1.3.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 golang-1.4.2-3.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 golang-pkg-bin-linux-amd64-1.4.2-3.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 docker-1.6.2-1.3.amzn1.x86_64 \n \u00a0\u00a0\u00a0 docker-devel-1.6.2-1.3.amzn1.x86_64 \n \u00a0\u00a0\u00a0 docker-pkg-devel-1.6.2-1.3.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-5739](<https://access.redhat.com/security/cve/CVE-2015-5739>), [CVE-2015-5740](<https://access.redhat.com/security/cve/CVE-2015-5740>), [CVE-2015-5741](<https://access.redhat.com/security/cve/CVE-2015-5741>)\n\nMitre: [CVE-2015-5739](<https://vulners.com/cve/CVE-2015-5739>), [CVE-2015-5740](<https://vulners.com/cve/CVE-2015-5740>), [CVE-2015-5741](<https://vulners.com/cve/CVE-2015-5741>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-08-24T22:29:00", "type": "amazon", "title": "Medium: golang, docker", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2015-08-24T22:42:00", "id": "ALAS-2015-588", "href": "https://alas.aws.amazon.com/ALAS-2015-588.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T17:58:15", "description": "**Issue Overview:**\n\nVarnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. (CVE-2015-8852)\n\n \n**Affected Packages:** \n\n\nvarnish\n\n \n**Issue Correction:** \nRun _yum update varnish_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 varnish-debuginfo-3.0.7-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 varnish-libs-3.0.7-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 varnish-3.0.7-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 varnish-libs-devel-3.0.7-1.20.amzn1.i686 \n \u00a0\u00a0\u00a0 varnish-docs-3.0.7-1.20.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 varnish-3.0.7-1.20.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 varnish-libs-devel-3.0.7-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 varnish-libs-3.0.7-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 varnish-3.0.7-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 varnish-docs-3.0.7-1.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 varnish-debuginfo-3.0.7-1.20.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-8852](<https://access.redhat.com/security/cve/CVE-2015-8852>)\n\nMitre: [CVE-2015-8852](<https://vulners.com/cve/CVE-2015-8852>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-07-14T16:30:00", "type": "amazon", "title": "Important: varnish", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2016-07-14T16:30:00", "id": "ALAS-2016-721", "href": "https://alas.aws.amazon.com/ALAS-2016-721.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T18:21:49", "description": "**Issue Overview:**\n\nApache HTTP Request Parsing Whitespace Defects \nIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.(CVE-2016-8743)\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 httpd-devel-2.2.32-1.9.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.2.32-1.9.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-2.2.32-1.9.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-tools-2.2.32-1.9.amzn1.i686 \n \u00a0\u00a0\u00a0 mod_ssl-2.2.32-1.9.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 httpd-manual-2.2.32-1.9.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 httpd-2.2.32-1.9.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 httpd-devel-2.2.32-1.9.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod_ssl-2.2.32-1.9.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-tools-2.2.32-1.9.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-2.2.32-1.9.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.2.32-1.9.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2016-8743](<https://access.redhat.com/security/cve/CVE-2016-8743>)\n\nMitre: [CVE-2016-8743](<https://vulners.com/cve/CVE-2016-8743>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-06-22T19:25:00", "type": "amazon", "title": "Medium: httpd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2017-06-22T22:54:00", "id": "ALAS-2017-851", "href": "https://alas.aws.amazon.com/ALAS-2017-851.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T18:29:57", "description": "**Issue Overview:**\n\nMultiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 httpd-devel-2.2.31-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 mod_ssl-2.2.31-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-tools-2.2.31-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.2.31-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-2.2.31-1.6.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 httpd-manual-2.2.31-1.6.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 httpd-2.2.31-1.6.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.2.31-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-devel-2.2.31-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-tools-2.2.31-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod_ssl-2.2.31-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-2.2.31-1.6.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-3183](<https://access.redhat.com/security/cve/CVE-2015-3183>)\n\nMitre: [CVE-2015-3183](<https://vulners.com/cve/CVE-2015-3183>)\n", "cvss3": {}, "published": "2015-08-17T12:23:00", "type": "amazon", "title": "Medium: httpd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2015-08-17T12:23:00", "id": "ALAS-2015-578", "href": "https://alas.aws.amazon.com/ALAS-2015-578.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T18:24:03", "description": "**Issue Overview:**\n\nCVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n\nCVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener\n\n \n**Affected Packages:** \n\n\ntomcat6\n\n \n**Issue Correction:** \nRun _yum update tomcat6_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 tomcat6-admin-webapps-6.0.48-1.8.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-el-2.1-api-6.0.48-1.8.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-servlet-2.5-api-6.0.48-1.8.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-javadoc-6.0.48-1.8.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-jsp-2.1-api-6.0.48-1.8.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-webapps-6.0.48-1.8.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-docs-webapp-6.0.48-1.8.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-lib-6.0.48-1.8.amzn1.noarch \n \u00a0\u00a0\u00a0 tomcat6-6.0.48-1.8.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 tomcat6-6.0.48-1.8.amzn1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2016-6816](<https://access.redhat.com/security/cve/CVE-2016-6816>), [CVE-2016-8735](<https://access.redhat.com/security/cve/CVE-2016-8735>)\n\nMitre: [CVE-2016-6816](<https://vulners.com/cve/CVE-2016-6816>), [CVE-2016-8735](<https://vulners.com/cve/CVE-2016-8735>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-15T00:41:00", "type": "amazon", "title": "Important: tomcat6", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2016-12-15T23:49:00", "id": "ALAS-2016-776", "href": "https://alas.aws.amazon.com/ALAS-2016-776.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2023-11-27T18:01:52", "description": "Golang 1.4.3 CVE Fixes\n\n# \n\nLow\n\n# Vendor\n\nGoogle\n\n# Versions Affected\n\n * Golang v1.4.2 and lower \n\n# Description\n\nSeveral security issues were fixed in Go\u2019s net / http package.\n\nThe CVE issue descriptions and fixes are linked below:\n\n * CVE-2015-5739 \u2013 \u2018Content Length\u2019 treated as valid header: <https://go-review.googlesource.com/#/c/11772/>\n * CVE-2015-5740 \u2013 Double content-length headers does not return 400 error: <https://go-review.googlesource.com/#/c/11810/>\n * CVE-2015-5741 \u2013 Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections:\n * <https://go-review.googlesource.com/#/c/11810/>\n * <https://go-review.googlesource.com/#/c/12865/>\n * <https://go-review.googlesource.com/#/c/13148/>\n\n# Affected Products and Versions\n\n_Severity is low unless otherwise noted. \n_\n\n * BOSH: All versions of Cloud Foundry BOSH stemcells prior to v3094 are vulnerable to the aforementioned CVE. \n * Cloud Foundry Runtime: all versions of cf-release prior to 219 are vulnerable to the aforementioned CVEs. \n * Go Buildpack: all versions of the buildpack prior to 1.6.2 contain a vulnerable version of Go. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry Deployments using BOSH stemcell v3093 or earlier upgrade to v3094 or later, which contain the patched versions of the Linux kernel to resolve the aforementioned CVEs. \n * The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 218 or lower upgrade to 219 or higher to resolve the aforementioned CVEs. \n\n# Credit\n\nJed Denlea and R\u00e9gis Leroy\n\n# References\n\n * <https://groups.google.com/forum/#!topic/golang-announce/iSIyW4lM4hY>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-10-07T00:00:00", "type": "cloudfoundry", "title": "Golang 1.4.3 CVE Fixes | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2015-10-07T00:00:00", "id": "CFOUNDRY:49E12FFB172ED25FC5E4B1AC01EEF7BF", "href": "https://www.cloudfoundry.org/blog/golang-1-4-3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-11-27T15:35:33", "description": "\n\nJason Buberel, Go Product Manager, reports:\n\nCVE-2015-5739 - \"Content Length\" treated as valid header\nCVE-2015-5740 - Double content-length headers does not return 400\n\t error\nCVE-2015-5741 - Additional hardening, not sending Content-Length\n\t w/Transfer-Encoding, Closing connections\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-29T00:00:00", "type": "freebsd", "title": "go -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741"], "modified": "2015-07-29T00:00:00", "id": "4464212E-4ACD-11E5-934B-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/4464212e-4acd-11e5-934b-002590263bf5.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T16:45:27", "description": "\n\nApache Foundation reports:\n\nCVE-2015-3183 core: Fix chunk header parsing defect. Remove\n\t apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN\n\t filter, parse chunks in a single pass with zero copy. Limit accepted\n\t chunk-size to 2^63-1 and be strict about chunk-ext authorized\n\t characters.\n\n\n", "cvss3": {}, "published": "2015-06-24T00:00:00", "type": "freebsd", "title": "apache22 -- chunk header parsing defect", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2015-06-24T00:00:00", "id": "29083F8E-2CA8-11E5-86FF-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/29083f8e-2ca8-11e5-86ff-14dae9d210b8.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T16:45:26", "description": "\n\nThe Apache Software Foundation reports:\n\nImportant: Remote Code Execution CVE-2016-8735\nImportant: Information Disclosure CVE-2016-6816\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-22T00:00:00", "type": "freebsd", "title": "tomcat -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8735"], "modified": "2017-03-18T00:00:00", "id": "0B9AF110-D529-11E6-AE1B-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/0b9af110-d529-11e6-ae1b-002590263bf5.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-22T03:58:19", "description": "Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-25T14:59:00", "type": "prion", "title": "Cross site request forgery (csrf)", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2022-08-02T16:29:00", "id": "PRION:CVE-2015-8852", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-8852", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T03:53:21", "description": "The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by \"Content Length\" instead of \"Content-Length.\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-18T20:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739"], "modified": "2019-05-10T16:45:00", "id": "PRION:CVE-2015-5739", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-5739", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:53:20", "description": "The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-18T20:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5740"], "modified": "2019-05-09T20:13:00", "id": "PRION:CVE-2015-5740", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-5740", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:29:10", "description": "Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-07T21:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2086"], "modified": "2017-07-01T01:29:00", "id": "PRION:CVE-2016-2086", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2016-2086", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T03:37:51", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 3.7}, "published": "2017-03-20T18:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2023-11-07T02:34:00", "id": "PRION:CVE-2016-6816", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2016-6816", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:41:16", "description": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2017-07-27T21:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2023-11-07T02:36:00", "id": "PRION:CVE-2016-8743", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2016-8743", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T03:49:07", "description": "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.", "cvss3": {}, "published": "2015-07-20T23:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2021-06-06T11:15:00", "id": "PRION:CVE-2015-3183", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-3183", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2023-11-28T11:56:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3553-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nApril 22, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : varnish\nCVE ID : CVE-2015-8852\nDebian Bug : 783510\n\nR\u00e9gis Leroy from Makina Corpus discovered that varnish, a caching HTTP\nreverse proxy, is vulnerable to HTTP smuggling issues, potentially\nresulting in cache poisoning or bypassing of access control policies.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 3.0.2-2+deb7u2.\n\nWe recommend that you upgrade your varnish packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-22T07:34:25", "type": "debian", "title": "[SECURITY] [DSA 3553-1] varnish security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2016-04-22T07:34:25", "id": "DEBIAN:DSA-3553-1:D320C", "href": "https://lists.debian.org/debian-security-announce/2016/msg00130.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-21T22:15:37", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3553-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nApril 22, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : varnish\nCVE ID : CVE-2015-8852\nDebian Bug : 783510\n\nR\u00e9gis Leroy from Makina Corpus discovered that varnish, a caching HTTP\nreverse proxy, is vulnerable to HTTP smuggling issues, potentially\nresulting in cache poisoning or bypassing of access control policies.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 3.0.2-2+deb7u2.\n\nWe recommend that you upgrade your varnish packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-04-22T07:34:25", "type": "debian", "title": "[SECURITY] [DSA 3553-1] varnish security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2016-04-22T07:34:25", "id": "DEBIAN:DSA-3553-1:64BC2", "href": "https://lists.debian.org/debian-security-announce/2016/msg00130.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T13:54:54", "description": "Package : sitesummary\nVersion : 0.1.8+deb7u2\nDebian Bug : 852623\n\nThe fix for CVE-2016-8743 in apache2 2.2.22-13+deb7u8 (DLA-841-1) caused\n#852623 in sitesummary, breaking the sitesummary-upload functionality.\nTo address this sitesummary-upload needs to be changed to send CRLF (\\r\\n)\nline endings to be compliant with the apache security fixes for HTTP requests.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n0.1.8+deb7u2.\n\nWe recommend that you upgrade your sitesummary packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\n-- \ncheers,\n\tHolger\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-19T09:43:20", "type": "debian", "title": "[SECURITY] DLA-862-1: sitesummary regression update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2017-03-19T09:43:20", "id": "DEBIAN:DLA-862-1:B30ED", "href": "https://lists.debian.org/debian-lts-announce/2017/03/msg00019.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T11:41:15", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3796-2 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nMarch 20, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : sitesummary\nDebian Bug : 852623\n\nDSA-3796-1 for apache2 introduced a regression in sitesummary: fixing\nCVE-2016-8743 meant being more stringent when dealing with whitespace\npatterns in HTTP requests, and that change broke the upload tool of\nsitesummary-client.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.1.17+deb8u2.\n\nWe recommend that you upgrade your sitesummary packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2017-03-20T17:05:00", "type": "debian", "title": "[SECURITY] [DSA 3796-2] sitesummary regression update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2017-03-20T17:05:00", "id": "DEBIAN:DSA-3796-2:C09F5", "href": "https://lists.debian.org/debian-security-announce/2017/msg00069.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-24T16:27:45", "description": "Package : apache2\nVersion : 2.2.22-13+deb7u8\nCVE ID : CVE-2016-8743\n\nThis upload fixes a security vulnerability in the header parsing code.\n\nDavid Dennerline, of IBM Security&#x27;s X-Force Researchers, and R\u00e9gis\nLeroy discovered problems in the way Apache handled a broad pattern of\nunusual whitespace patterns in HTTP requests. In some configurations,\nthis could lead to response splitting or cache pollution\nvulnerabilities. To fix these issues, this update makes Apache httpd\nbe more strict in what HTTP requests it accepts.\n\nIf this causes problems with non-conforming clients, some checks can\nbe relaxed by adding the new directive &quot;HttpProtocolOptions unsafe&quot; to\nthe configuration. More information is available at\n\nhttp://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n2.2.22-13+deb7u8.\n\nWe recommend that you upgrade your apache2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2017-02-28T16:20:53", "type": "debian", "title": "[SECURITY] [DLA 841-1] apache2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2017-02-28T16:20:53", "id": "DEBIAN:DLA-841-1:5E66E", "href": "https://lists.debian.org/debian-lts-announce/2017/02/msg00031.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-21T22:04:45", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3796-2 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nMarch 20, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : sitesummary\nDebian Bug : 852623\n\nDSA-3796-1 for apache2 introduced a regression in sitesummary: fixing\nCVE-2016-8743 meant being more stringent when dealing with whitespace\npatterns in HTTP requests, and that change broke the upload tool of\nsitesummary-client.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 0.1.17+deb8u2.\n\nWe recommend that you upgrade your sitesummary packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-03-20T17:05:00", "type": "debian", "title": "[SECURITY] [DSA 3796-2] sitesummary regression update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2017-03-20T17:05:00", "id": "DEBIAN:DSA-3796-2:E23FE", "href": "https://lists.debian.org/debian-security-announce/2017/msg00069.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-24T16:27:07", "description": "Package : sitesummary\nVersion : 0.1.8+deb7u2\nDebian Bug : 852623\n\nThe fix for CVE-2016-8743 in apache2 2.2.22-13+deb7u8 (DLA-841-1) caused\n#852623 in sitesummary, breaking the sitesummary-upload functionality.\nTo address this sitesummary-upload needs to be changed to send CRLF (\\r\\n)\nline endings to be compliant with the apache security fixes for HTTP requests.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n0.1.8+deb7u2.\n\nWe recommend that you upgrade your sitesummary packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\n-- \ncheers,\n\tHolger\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2017-03-19T09:43:20", "type": "debian", "title": "[SECURITY] DLA-862-1: sitesummary regression update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2017-03-19T09:43:20", "id": "DEBIAN:DLA-862-1:D0310", "href": "https://lists.debian.org/debian-lts-announce/2017/03/msg00019.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-24T16:48:20", "description": "Package : apache2\nVersion : 2.2.16-6+squeeze15\nCVE ID : CVE-2015-3183\n\nA vulnerability has been found in the Apache HTTP Server.\n\nCVE-2015-3183\n\n Apache HTTP Server did not properly parse chunk headers, which\n allowed remote attackers to conduct HTTP request smuggling via a\n crafted request. This flaw relates to mishandling of large\n chunk-size values and invalid chunk-extension characters in\n modules/http/http_filters.c.\n\nFor the squeeze distribution, these issues have been fixed in version\n2.2.16-6+squeeze15 of apache2.\n\nWe recommend you to upgrade your apache2 packages.\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2015-07-28T21:31:48", "type": "debian", "title": "[SECURITY] [DLA 284-1] apache2 security update", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2015-07-28T21:31:48", "id": "DEBIAN:DLA-284-1:B7206", "href": "https://lists.debian.org/debian-lts-announce/2015/07/msg00024.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-24T16:29:44", "description": "Package : tomcat7\nVersion : 7.0.28-4+deb7u9\nCVE ID : CVE-2016-8745\nDebian Bug : 849949\n\nA bug in the error handling of the send file code for the NIO HTTP\nconnector resulted in the current Processor object being added to the\nProcessor cache multiple times. This in turn meant that the same\nProcessor could be used for concurrent requests. Sharing a Processor\ncan result in information leakage between requests including, not\nlimited to, session ID and the response body.\n\nIn addition this update also addresses a regression when running\nTomcat 7 with SecurityManager enabled due to an incomplete fix for\nCVE-2016-6816.\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n7.0.28-4+deb7u9.\n\nWe recommend that you upgrade your tomcat7 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 3.6}, "published": "2017-01-10T23:37:14", "type": "debian", "title": "[SECURITY] [DLA 779-1] tomcat7 security update", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2017-01-10T23:37:14", "id": "DEBIAN:DLA-779-1:8029E", "href": "https://lists.debian.org/debian-lts-announce/2017/01/msg00011.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-11-27T15:48:57", "description": "### Background\n\nVarnish is a web application accelerator.\n\n### Description\n\nVarnish fails to properly validate input from HTTP headers, and does not deny requests with multiple Content-Length headers. \n\n### Impact\n\nRemote attackers could conduct an HTTP response splitting attack, which may further enable them to conduct Cross-Site Scripting (XSS), Cache Poisoning, Defacement, and Page Hijacking. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Varnish users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/varnish-3.0.7\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-07-20T00:00:00", "type": "gentoo", "title": "Varnish: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2016-07-20T00:00:00", "id": "GLSA-201607-10", "href": "https://security.gentoo.org/glsa/201607-10", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2023-11-27T15:14:07", "description": "Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-25T14:59:00", "type": "debiancve", "title": "CVE-2015-8852", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2016-04-25T14:59:00", "id": "DEBIANCVE:CVE-2015-8852", "href": "https://security-tracker.debian.org/tracker/CVE-2015-8852", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-27T15:11:44", "description": "Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-07T21:59:00", "type": "debiancve", "title": "CVE-2016-2086", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2086"], "modified": "2016-04-07T21:59:00", "id": "DEBIANCVE:CVE-2016-2086", "href": "https://security-tracker.debian.org/tracker/CVE-2016-2086", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T15:21:53", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2017-03-20T18:59:00", "type": "debiancve", "title": "CVE-2016-6816", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2017-03-20T18:59:00", "id": "DEBIANCVE:CVE-2016-6816", "href": "https://security-tracker.debian.org/tracker/CVE-2016-6816", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T15:15:25", "description": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-27T21:29:00", "type": "debiancve", "title": "CVE-2016-8743", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2017-07-27T21:29:00", "id": "DEBIANCVE:CVE-2016-8743", "href": "https://security-tracker.debian.org/tracker/CVE-2016-8743", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T15:15:25", "description": "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.", "cvss3": {}, "published": "2015-07-20T23:59:00", "type": "debiancve", "title": "CVE-2015-3183", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2015-07-20T23:59:00", "id": "DEBIANCVE:CVE-2015-3183", "href": "https://security-tracker.debian.org/tracker/CVE-2015-3183", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-03-17T19:33:48", "description": "It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-17T07:59:00", "type": "debiancve", "title": "CVE-2017-6056", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2017-6056"], "modified": "2017-02-17T07:59:00", "id": "DEBIANCVE:CVE-2017-6056", "href": "https://security-tracker.debian.org/tracker/CVE-2017-6056", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-11-27T15:33:18", "description": "Updated varnish packages fix security vulnerabilities: R\u00e9gis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies (CVE-2015-8852). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-25T07:57:21", "type": "mageia", "title": "Updated varnish packages fix CVE-2015-8852\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2016-04-25T07:57:21", "id": "MGASA-2016-0150", "href": "https://advisories.mageia.org/MGASA-2016-0150.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2023-11-27T14:48:07", "description": "Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \\r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-25T14:59:00", "type": "cve", "title": "CVE-2015-8852", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2022-08-02T16:29:00", "cpe": ["cpe:/a:varnish_cache_project:varnish_cache:3.0.1", "cpe:/a:varnish_cache_project:varnish_cache:3.0.3", "cpe:/a:varnish_cache_project:varnish_cache:3.0.2", "cpe:/a:varnish_cache_project:varnish_cache:3.0.0", "cpe:/a:varnish_cache_project:varnish_cache:3.0.5", "cpe:/a:varnish_cache_project:varnish_cache:3.0.6", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:varnish_cache_project:varnish_cache:3.0.4"], "id": "CVE-2015-8852", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8852", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:varnish_cache_project:varnish_cache:3.0.0:beta2:*:*:*:*:*:*"]}, {"lastseen": "2023-11-27T14:32:25", "description": "The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by \"Content Length\" instead of \"Content-Length.\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-18T20:29:00", "type": "cve", "title": "CVE-2015-5739", "cwe": ["CWE-444"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739"], "modified": "2019-05-10T16:45:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:fedoraproject:fedora:22", "cpe:/a:golang:go:1.4.2", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.2", "cpe:/o:redhat:enterprise_linux_server_aus:7.6"], "id": "CVE-2015-5739", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5739", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:a:golang:go:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-27T14:32:26", "description": "The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-18T20:29:00", "type": "cve", "title": "CVE-2015-5740", "cwe": ["CWE-444"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5740"], "modified": "2019-05-09T20:13:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:fedoraproject:fedora:22", "cpe:/a:golang:go:1.4.2", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.2", "cpe:/o:redhat:enterprise_linux_server_aus:7.6"], "id": "CVE-2015-5740", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5740", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:a:golang:go:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-27T14:21:51", "description": "Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-07T21:59:00", "type": "cve", "title": "CVE-2016-2086", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2086"], "modified": "2017-07-01T01:29:00", "cpe": ["cpe:/a:nodejs:node.js:0.10.17", "cpe:/a:nodejs:node.js:0.10.18", "cpe:/a:nodejs:node.js:0.10.10", "cpe:/a:nodejs:node.js:4.2.1", "cpe:/a:nodejs:node.js:4.2.3", "cpe:/a:nodejs:node.js:0.10.13", "cpe:/a:nodejs:node.js:0.10.9", "cpe:/a:nodejs:node.js:4.2.4", "cpe:/a:nodejs:node.js:0.10.24", "cpe:/a:nodejs:node.js:5.1.0", "cpe:/a:nodejs:node.js:0.10.6", "cpe:/a:nodejs:node.js:5.5.0", "cpe:/a:nodejs:node.js:0.10.15", "cpe:/a:nodejs:node.js:0.10.28", "cpe:/a:nodejs:node.js:4.2.0", "cpe:/a:nodejs:node.js:0.10.16-isaacs-manual", "cpe:/a:nodejs:node.js:0.10.30", "cpe:/a:nodejs:node.js:0.10.35", "cpe:/a:nodejs:node.js:0.10.14", "cpe:/a:nodejs:node.js:0.10.38", "cpe:/a:nodejs:node.js:4.1.2", "cpe:/a:nodejs:node.js:0.10.20", "cpe:/a:nodejs:node.js:0.10.39", "cpe:/a:nodejs:node.js:0.10.31", "cpe:/a:nodejs:node.js:0.10.5", "cpe:/a:nodejs:node.js:0.12.3", "cpe:/a:nodejs:node.js:5.3.0", "cpe:/a:nodejs:node.js:0.10.12", "cpe:/a:nodejs:node.js:0.10.16", "cpe:/a:nodejs:node.js:0.10.27", "cpe:/a:nodejs:node.js:5.4.1", "cpe:/a:nodejs:node.js:0.10.22", "cpe:/a:nodejs:node.js:0.10.32", "cpe:/a:nodejs:node.js:4.1.0", "cpe:/a:nodejs:node.js:0.10.41", "cpe:/a:nodejs:node.js:0.10.36", "cpe:/o:fedoraproject:fedora:22", "cpe:/a:nodejs:node.js:4.2.5", "cpe:/a:nodejs:node.js:0.10.34", "cpe:/a:nodejs:node.js:0.10.7", "cpe:/a:nodejs:node.js:4.2.2", "cpe:/a:nodejs:node.js:4.0.0", "cpe:/a:nodejs:node.js:0.12.4", "cpe:/a:nodejs:node.js:0.10.21", "cpe:/a:nodejs:node.js:0.10.11", "cpe:/a:nodejs:node.js:0.12.7", "cpe:/a:nodejs:node.js:0.10.25", "cpe:/a:nodejs:node.js:0.10.37", "cpe:/a:nodejs:node.js:0.12.2", "cpe:/a:nodejs:node.js:0.10.33", "cpe:/a:nodejs:node.js:4.1.1", "cpe:/a:nodejs:node.js:0.12.6", "cpe:/a:nodejs:node.js:0.10.4", "cpe:/a:nodejs:node.js:5.4.0", "cpe:/a:nodejs:node.js:0.10.2", "cpe:/a:nodejs:node.js:5.2.0", "cpe:/a:nodejs:node.js:0.10.26", "cpe:/a:nodejs:node.js:0.10.8", "cpe:/a:nodejs:node.js:0.12.0", "cpe:/a:nodejs:node.js:4.2.6", "cpe:/a:nodejs:node.js:0.10.3", "cpe:/a:nodejs:node.js:0.10.40", "cpe:/a:nodejs:node.js:0.10.23", "cpe:/a:nodejs:node.js:0.10.0", "cpe:/a:nodejs:node.js:0.12.9", "cpe:/a:nodejs:node.js:0.10.19", "cpe:/o:fedoraproject:fedora:23", "cpe:/a:nodejs:node.js:0.12.8", "cpe:/a:nodejs:node.js:0.10.29", "cpe:/a:nodejs:node.js:0.12.1", "cpe:/a:nodejs:node.js:0.12.5", "cpe:/a:nodejs:node.js:5.1.1", "cpe:/a:nodejs:node.js:0.10.1", "cpe:/a:nodejs:node.js:5.0.0"], "id": "CVE-2016-2086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2086", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T20:28:56", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 3.7}, "published": "2017-03-20T18:59:00", "type": "cve", "title": "CVE-2016-6816", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2023-11-07T02:34:08", "cpe": ["cpe:/a:apache:tomcat:6.0.0", "cpe:/a:apache:tomcat:6.0.1", "cpe:/a:apache:tomcat:6.0.2", "cpe:/a:apache:tomcat:6.0.3", "cpe:/a:apache:tomcat:6.0.4", "cpe:/a:apache:tomcat:6.0.5", "cpe:/a:apache:tomcat:6.0.6", "cpe:/a:apache:tomcat:6.0.7", "cpe:/a:apache:tomcat:6.0.8", "cpe:/a:apache:tomcat:6.0.9", "cpe:/a:apache:tomcat:6.0.10", "cpe:/a:apache:tomcat:6.0.11", "cpe:/a:apache:tomcat:6.0.12", "cpe:/a:apache:tomcat:6.0.13", "cpe:/a:apache:tomcat:6.0.14", "cpe:/a:apache:tomcat:6.0.15", "cpe:/a:apache:tomcat:6.0.16", "cpe:/a:apache:tomcat:6.0.17", "cpe:/a:apache:tomcat:6.0.18", "cpe:/a:apache:tomcat:6.0.19", "cpe:/a:apache:tomcat:6.0.20", "cpe:/a:apache:tomcat:6.0.21", "cpe:/a:apache:tomcat:6.0.22", "cpe:/a:apache:tomcat:6.0.23", "cpe:/a:apache:tomcat:6.0.24", "cpe:/a:apache:tomcat:6.0.25", "cpe:/a:apache:tomcat:6.0.26", "cpe:/a:apache:tomcat:6.0.27", "cpe:/a:apache:tomcat:6.0.28", "cpe:/a:apache:tomcat:6.0.29", "cpe:/a:apache:tomcat:6.0.30", "cpe:/a:apache:tomcat:6.0.31", "cpe:/a:apache:tomcat:6.0.32", "cpe:/a:apache:tomcat:6.0.33", "cpe:/a:apache:tomcat:6.0.34", "cpe:/a:apache:tomcat:6.0.35", "cpe:/a:apache:tomcat:6.0.36", "cpe:/a:apache:tomcat:6.0.37", "cpe:/a:apache:tomcat:6.0.38", "cpe:/a:apache:tomcat:6.0.39", "cpe:/a:apache:tomcat:6.0.40", "cpe:/a:apache:tomcat:6.0.41", "cpe:/a:apache:tomcat:6.0.42", "cpe:/a:apache:tomcat:6.0.43", "cpe:/a:apache:tomcat:6.0.44", "cpe:/a:apache:tomcat:6.0.45", "cpe:/a:apache:tomcat:6.0.46", "cpe:/a:apache:tomcat:6.0.47"], "id": "CVE-2016-6816", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6816", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:6.0.47:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T14:55:48", "description": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-27T21:29:00", "type": "cve", "title": "CVE-2016-8743", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2023-11-07T02:36:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/a:redhat:jboss_core_services:1.0", "cpe:/a:netapp:clustered_data_ontap:-", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/a:netapp:oncommand_unified_manager:-", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:redhat:enterprise_linux_eus:7.6", "cpe:/a:apache:http_server:2.2.31", "cpe:/a:apache:http_server:2.4.23", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_eus:7.7", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_eus:7.5", "cpe:/o:redhat:enterprise_linux_eus:7.3", "cpe:/o:redhat:enterprise_linux_eus:7.4", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0"], "id": "CVE-2016-8743", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8743", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*"]}, {"lastseen": "2023-11-28T20:20:49", "description": "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.", "cvss3": {}, "published": "2015-07-20T23:59:02", "type": "cve", "title": "CVE-2015-3183", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2023-11-07T02:25:30", "cpe": ["cpe:/a:apache:http_server:2.4.13"], "id": "CVE-2015-3183", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3183", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.4.13:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2023-11-28T15:15:23", "description": "Varnish 3.x before 3.0.7, when used in certain stacked installations,\nallows remote attackers to inject arbitrary HTTP headers and conduct HTTP\nresponse splitting attacks via a header line terminated by a \\r (carriage\nreturn) character in conjunction with multiple Content-Length headers in an\nHTTP request.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783510>\n * <https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1709153>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-25T00:00:00", "type": "ubuntucve", "title": "CVE-2015-8852", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8852"], "modified": "2016-04-25T00:00:00", "id": "UB:CVE-2015-8852", "href": "https://ubuntu.com/security/CVE-2015-8852", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-27T15:20:23", "description": "The net/http library in net/textproto/reader.go in Go before 1.4.3 does not\nproperly parse HTTP header keys, which allows remote attackers to conduct\nHTTP request smuggling attacks via a space instead of a hyphen, as\ndemonstrated by \"Content Length\" instead of \"Content-Length.\"\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | looks to have been included since at least golang 1.0 release gccgo includes this part of the language library \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-18T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5739", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739"], "modified": "2017-10-18T00:00:00", "id": "UB:CVE-2015-5739", "href": "https://ubuntu.com/security/CVE-2015-5739", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-27T15:20:21", "description": "The net/http library in net/http/transfer.go in Go before 1.4.3 does not\nproperly parse HTTP headers, which allows remote attackers to conduct HTTP\nrequest smuggling attacks via a request with two Content-length headers.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | gccgo includes this part of the language library \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-18T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5740", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5740"], "modified": "2017-10-18T00:00:00", "id": "UB:CVE-2015-5740", "href": "https://ubuntu.com/security/CVE-2015-5740", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T15:07:27", "description": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1\nto 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP\nrequest line permitted invalid characters. This could be exploited, in\nconjunction with a proxy that also permitted the invalid characters but\nwith a different interpretation, to inject data into the HTTP response. By\nmanipulating the HTTP response the attacker could poison a web-cache,\nperform an XSS attack and/or obtain sensitive information from requests\nother then their own.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2016-11-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-6816", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2016-11-23T00:00:00", "id": "UB:CVE-2016-6816", "href": "https://ubuntu.com/security/CVE-2016-6816", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T15:16:18", "description": "Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and\n5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling\nattacks via a crafted Content-Length HTTP header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-07T00:00:00", "type": "ubuntucve", "title": "CVE-2016-2086", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2086"], "modified": "2016-04-07T00:00:00", "id": "UB:CVE-2016-2086", "href": "https://ubuntu.com/security/CVE-2016-2086", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T15:06:19", "description": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal\nin the whitespace accepted from requests and sent in response lines and\nheaders. Accepting these different behaviors represented a security concern\nwhen httpd participates in any chain of proxies or interacts with back-end\napplication servers, either through mod_proxy or using conventional CGI\nmechanisms, and may result in request smuggling, response splitting and\ncache pollution.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847124>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ratliff](<https://launchpad.net/~ratliff>) | Notes from Debian \"The fix is not fully backwards compatible so upstream have created a new option to control this behaviour. Affects: 2.2.0 to 2.4.23.\" \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | This fix no longer allows underscores in host names. Debian added a patch to restore the behaviour: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851357 http://mail-archives.apache.org/mod_mbox/httpd-dev/201702.mbox/%3C20170202125319.GA15948%40redhat.com%3E The new configuration option doesn't entirely preserve backwards compatibility: https://bz.apache.org/bugzilla/show_bug.cgi?id=60783\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-12-22T00:00:00", "type": "ubuntucve", "title": "CVE-2016-8743", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2016-12-22T00:00:00", "id": "UB:CVE-2016-8743", "href": "https://ubuntu.com/security/CVE-2016-8743", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T15:21:45", "description": "The chunked transfer coding implementation in the Apache HTTP Server before\n2.4.14 does not properly parse chunk headers, which allows remote attackers\nto conduct HTTP request smuggling attacks via a crafted request, related to\nmishandling of large chunk-size values and invalid chunk-extension\ncharacters in modules/http/http_filters.c.", "cvss3": {}, "published": "2015-07-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-3183", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2015-07-20T00:00:00", "id": "UB:CVE-2015-3183", "href": "https://ubuntu.com/security/CVE-2015-3183", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T15:02:45", "description": "It was discovered that a programming error in the processing of HTTPS\nrequests in the Apache Tomcat servlet and JSP engine may result in denial\nof service via an infinite loop. The denial of service is easily achievable\nas a consequence of backporting a CVE-2016-6816 fix but not backporting the\nfix for Tomcat bug 57544. Distributions affected by this backporting issue\ninclude Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and\nUbuntu.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851304>\n * <https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1663318>\n * <https://bz.apache.org/bugzilla/show_bug.cgi?id=57544>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-13T00:00:00", "type": "ubuntucve", "title": "CVE-2017-6056", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2017-6056"], "modified": "2017-02-13T00:00:00", "id": "UB:CVE-2017-6056", "href": "https://ubuntu.com/security/CVE-2017-6056", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2023-10-20T10:38:44", "description": "The golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version: golang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es):\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable \"HTTP_PROXY\" using the incoming \"Proxy\" HTTP-request header. The environment variable \"HTTP_PROXY\" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-02T13:46:33", "type": "redhat", "title": "(RHSA-2016:1538) Moderate: golang security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741", "CVE-2016-3959", "CVE-2016-5386"], "modified": "2018-04-11T23:32:51", "id": "RHSA-2016:1538", "href": "https://access.redhat.com/errata/RHSA-2016:1538", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-20T20:48:06", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return \"400 Bad Request\" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive \"HttpProtocolOptions Unsafe\" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update.\n\nBug Fix(es):\n\n* Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes. (BZ#1463354)", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2017-07-11T16:53:41", "type": "redhat", "title": "(RHSA-2017:1721) Moderate: httpd security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2018-06-07T14:22:06", "id": "RHSA-2017:1721", "href": "https://access.redhat.com/errata/RHSA-2017:1721", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-26T02:21:32", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd service will be restarted automatically.\n", "cvss3": {}, "published": "2015-08-24T00:00:00", "type": "redhat", "title": "(RHSA-2015:1668) Moderate: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2018-06-06T16:24:10", "id": "RHSA-2015:1668", "href": "https://access.redhat.com/errata/RHSA-2015:1668", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-20T20:48:06", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\nNote: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. \n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "source": "nvd@nist.gov", "type": "Primary", "impactScore": 3.6}, "published": "2017-03-15T12:06:21", "type": "redhat", "title": "(RHSA-2017:0527) Moderate: tomcat6 security update", "bulletinFamily": "unix", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2016-8745"], "modified": "2018-06-06T16:24:17", "id": "RHSA-2017:0527", "href": "https://access.redhat.com/errata/RHSA-2017:0527", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-11-27T20:59:03", "description": "**CentOS Errata and Security Advisory** CESA-2016:1538\n\n\nThe golang packages provide the Go programming language compiler.\n\nThe following packages have been upgraded to a newer upstream version: golang (1.6.3). (BZ#1346331)\n\nSecurity Fix(es):\n\n* An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable \"HTTP_PROXY\" using the incoming \"Proxy\" HTTP-request header. The environment variable \"HTTP_PROXY\" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-August/084167.html\n\n**Affected packages:**\ngolang\ngolang-bin\ngolang-docs\ngolang-misc\ngolang-src\ngolang-tests\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:1538", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-02T21:57:55", "type": "centos", "title": "golang security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739", "CVE-2015-5740", "CVE-2015-5741", "CVE-2016-3959", "CVE-2016-5386"], "modified": "2016-08-02T21:57:55", "id": "CESA-2016:1538", "href": "https://lists.centos.org/pipermail/centos-announce/2016-August/084167.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-28T17:00:51", "description": "**CentOS Errata and Security Advisory** CESA-2017:1721\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nNote: The fix for the CVE-2016-8743 issue causes httpd to return \"400 Bad Request\" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive \"HttpProtocolOptions Unsafe\" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.\n\nNote: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update.\n\nBug Fix(es):\n\n* Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes. (BZ#1463354)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-July/084658.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ssl\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:1721", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-07-12T17:44:05", "type": "centos", "title": "httpd, mod_ssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2017-07-12T17:44:05", "id": "CESA-2017:1721", "href": "https://lists.centos.org/pipermail/centos-announce/2017-July/084658.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-28T17:03:08", "description": "**CentOS Errata and Security Advisory** CESA-2015:1668\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server.\n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nAll httpd users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdated packages, the httpd service will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2015-August/083506.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ssl\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:1668", "cvss3": {}, "published": "2015-08-24T18:23:20", "type": "centos", "title": "httpd, mod_ssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2015-08-24T18:23:20", "id": "CESA-2015:1668", "href": "https://lists.centos.org/pipermail/centos-announce/2015-August/083506.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "veracode": [{"lastseen": "2023-04-18T16:14:14", "description": "net/http in github.com/golang/go is vulnerable to request smuggling. This can be done because it does not correctly comply with RFC 7230.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-27T07:53:54", "type": "veracode", "title": "HTTP Request Smuggling", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5740"], "modified": "2019-05-15T06:18:15", "id": "VERACODE:4003", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-4003/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T13:21:11", "description": "net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-15T09:12:45", "type": "veracode", "title": "HTTP Header Injection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739"], "modified": "2019-05-15T06:18:15", "id": "VERACODE:12118", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-12118/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T16:12:56", "description": "net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-27T07:04:20", "type": "veracode", "title": "HTTP Header Injection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5739"], "modified": "2019-05-15T06:18:15", "id": "VERACODE:3988", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-3988/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T15:33:28", "description": "node is vulnerable to HTTP request smuggling. Lack of validation for forbidden characters in the headers allows a remote attacker to send a request with a crafted `Content-Length` value to smuggle HTTP requests and bypass access controls.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-20T02:28:56", "type": "veracode", "title": "HTTP Request Smuggling", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2086"], "modified": "2019-05-15T06:18:19", "id": "VERACODE:7849", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-7849/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-04-18T13:33:26", "description": "Apache Tomcat is vulnerable to cross-site scripting (XSS) attacks and information disclosure. It permits invalid characters when parsing the HTTP request line. Attackers can exploit it, in conjunction with a proxy that also permits the invalid characters but with a different interpretation, to inject data into an HTTP response. Thus, it is possible for attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.7}, "published": "2019-01-15T09:15:22", "type": "veracode", "title": "Cross-site Scripting (XSS) Or Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2021-03-15T10:39:27", "id": "VERACODE:12289", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-12289/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-04-18T13:57:22", "description": "httpd is vulnerable to denial of service (DoS) attacks. The vulnerability exists as Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-15T09:18:23", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2022-09-07T18:15:46", "id": "VERACODE:12542", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-12542/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-04-18T13:58:16", "description": "httpd is vulnerable to HTTP request smuggling attacks. The vulnerability exists as the chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.\n", "cvss3": {}, "published": "2019-01-15T09:07:33", "type": "veracode", "title": "HTTP Request Smuggling", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2021-06-06T13:40:45", "id": "VERACODE:11782", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-11782/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-04-18T16:26:03", "description": "tomcat-coyote is vulnerable to denial of service (DoS) attacks. The vulnerability is a result of backporting a fix for CVE-2016-6816 but not backporting the fix for the Tomcat bug 57544 which fails to handle an exceptional condition check for `pos` while processing HTTPS requests in the Apache Tomcat servlet and JSP engine.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-02-22T02:23:40", "type": "veracode", "title": "Denial Of Service (DoS) Via Infinite Loop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816", "CVE-2017-6056"], "modified": "2019-10-03T07:17:30", "id": "VERACODE:3596", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-3596/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2023-06-03T19:49:04", "description": "Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. ([CVE-2016-2086](<https://vulners.com/cve/CVE-2016-2086>))\n\nImpact\n\nAn attacker may be able to perform HTTP request smuggling by using a spoofed **Content-Length** header. For more information about HTTP request smuggling, refer to **Section 9.5 Request Smuggling** of [Internet Engineering Task Force (RFC 7230)](<https://tools.ietf.org/html/rfc7230>).\n\n**Note**: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-09-23T20:56:00", "type": "f5", "title": "NodeJS vulnerability CVE-2016-2086", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2086"], "modified": "2022-02-11T20:19:00", "id": "F5:K15311661", "href": "https://support.f5.com/csp/article/K15311661", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-06-08T00:16:20", "description": "\nF5 Product Development has assigned ID 630856 (BIG-IP), ID 631221 (Enterprise Manager), ID 466436 (ARX), and INSTALLER-2831 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H50116122 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0| Medium| Configuration utility \nBIG-IP AAM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0| Medium| Configuration utility \nBIG-IP AFM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0| Medium| Configuration utility \nBIG-IP Analytics| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| 13.0.0| Medium| Configuration utility \nBIG-IP APM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0| Medium| Configuration utility \nBIG-IP ASM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0| Medium| Configuration utility \nBIG-IP DNS| 12.0.0 - 12.1.2| 13.0.0| Medium| Configuration utility \nBIG-IP Edge Gateway| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Configuration utility \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| None| Medium| Configuration utility \nBIG-IP Link Controller| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4| 13.0.0| Medium| Configuration utility \nBIG-IP PEM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| 13.0.0| Medium| Configuration utility \nBIG-IP PSM| 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4| None| Medium| Configuration utility \nBIG-IP WebAccelerator| 11.2.1 \n10.2.1 - 10.2.4| None| Medium| Configuration utility \nBIG-IP WebSafe| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| 13.0.0| Medium| Configuration utility \nARX| 6.2.0 - 6.4.0| None| Medium| Apache Tomcat \nEnterprise Manager| 3.1.1| None| Medium| Configuration utility \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Medium| Apache Tomcat\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP and Enterprise Manager\n\nTo mitigate this vulnerability, you can limit access to the Configuration utility to only use secure networks.\n\n**ARX and Traffix SDC**\n\nTo mitigate this vulnerability, you can limit access to the ARX GUI and Traffix SDC Management Console to only use secure networks.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.7}, "published": "2016-12-02T01:46:00", "type": "f5", "title": "Apache Tomcat vulnerability CVE-2016-6816", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2017-04-05T20:26:00", "id": "F5:K50116122", "href": "https://support.f5.com/csp/article/K50116122", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:45:15", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nBIG-IP and Enterprise Manager\n\nTo mitigate this vulnerability, you can limit access to the Configuration utility to only use secure networks.\n\n**ARX and Traffix SDC**\n\nTo mitigate this vulnerability, you can limit access to the ARX GUI and Traffix SDC Management Console to only use secure networks.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.7}, "published": "2016-12-01T00:00:00", "type": "f5", "title": "SOL50116122 - Apache Tomcat vulnerability CVE-2016-6816", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6816"], "modified": "2016-12-01T00:00:00", "id": "SOL50116122", "href": "http://support.f5.com/kb/en-us/solutions/public/k/50/sol50116122.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-09-01T13:01:14", "description": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. ([CVE-2016-8743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743>))\n\nImpact\n\nAn attacker may be able to perform HTTP request smuggling through specially crafted HTTP requests. For more information about HTTP request smuggling, refer to **Section 9.5 Request Smuggling** of [Internet Engineering Task Force (RFC 7230)](<https://tools.ietf.org/html/rfc7230#section-9.5>).\n\n**Note**: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-02-03T23:10:00", "type": "f5", "title": "Apache vulnerability CVE-2016-8743", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743"], "modified": "2020-03-16T17:15:00", "id": "F5:K00373024", "href": "https://support.f5.com/csp/article/K00373024", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:45:09", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "cvss3": {}, "published": "2015-09-09T00:00:00", "type": "f5", "title": "SOL17251 - Apache vulnerability CVE-2015-3183", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2016-05-25T00:00:00", "id": "SOL17251", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17251.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:20", "description": "\nF5 Product Development has assigned ID 537255 (BIG-IP), ID 538018 (BIG-IQ), ID 538016 (Enterprise Manager), and ID 431234 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Apache \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low| Apache \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Apache \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low| Apache \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Apache \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Apache \nBIG-IP DNS| 12.0.0| 12.1.0| Low| Apache \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Apache \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low| Apache \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low| Apache \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low| Apache \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| Apache \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Apache \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| Apache \nARX| 6.0.0 - 6.4.0| None| Low| Apache \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Apache \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Apache \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Apache \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Apache \nBIG-IQ ADC| 4.5.0| None| Low| Apache \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should permit management access to F5 products only over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13902>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "cvss3": {}, "published": "2015-09-10T05:07:00", "type": "f5", "title": "Apache vulnerability CVE-2015-3183", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3183"], "modified": "2017-03-13T23:05:00", "id": "F5:K17251", "href": "https://support.f5.com/csp/article/K17251", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ibm": [{"lastseen": "2023-02-21T05:48:29", "description": "## Summary\n\nSome versions of Rational DOORS Web Access are shipped with an Apache Tomcat application server that con