Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.ALA_ALAS-2017-863.NASL
HistoryAug 04, 2017 - 12:00 a.m.

Amazon Linux AMI : httpd24 (ALAS-2017-863)

2017-08-0400:00:00
This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
www.tenable.com
28
JSON

ap_find_token() buffer overread :

A buffer over-read flaw was found in the httpd’s ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668 )

Apache HTTP Request Parsing Whitespace Defects :

It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)

ap_get_basic_auth_pw() authentication bypass :

It was discovered that the use of httpd’s ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)

mod_mime buffer overread :

A buffer over-read flaw was found in the httpd’s mod_mime module. A user permitted to modify httpd’s MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)

mod_http2 NULL pointer dereference :

A NULL pointer dereference flaw was found in the mod_http2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request.
(CVE-2017-7659)

mod_ssl NULL pointer dereference :

A NULL pointer dereference flaw was found in the httpd’s mod_ssl module. A remote attacker could use this flaw to cause a httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-863.
#

include("compat.inc");

if (description)
{
  script_id(102178);
  script_version("3.5");
  script_cvs_date("Date: 2018/04/18 15:09:36");

  script_cve_id("CVE-2016-8743", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679");
  script_xref(name:"ALAS", value:"2017-863");

  script_name(english:"Amazon Linux AMI : httpd24 (ALAS-2017-863)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"ap_find_token() buffer overread :

A buffer over-read flaw was found in the httpd's ap_find_token()
function. A remote attacker could use this flaw to cause httpd child
process to crash via a specially crafted HTTP request. (CVE-2017-7668
)

Apache HTTP Request Parsing Whitespace Defects :

It was discovered that the HTTP parser in httpd incorrectly allowed
certain characters not permitted by the HTTP protocol specification to
appear unencoded in HTTP request headers. If httpd was used in
conjunction with a proxy or backend server that interpreted those
characters differently, a remote attacker could possibly use this flaw
to inject data into HTTP responses, resulting in proxy cache
poisoning. (CVE-2016-8743)

ap_get_basic_auth_pw() authentication bypass :

It was discovered that the use of httpd's ap_get_basic_auth_pw() API
function outside of the authentication phase could lead to
authentication bypass. A remote attacker could possibly use this flaw
to bypass required authentication if the API was used incorrectly by
one of the modules used by httpd. (CVE-2017-3167)

mod_mime buffer overread :

A buffer over-read flaw was found in the httpd's mod_mime module. A
user permitted to modify httpd's MIME configuration could use this
flaw to cause httpd child process to crash. (CVE-2017-7679)

mod_http2 NULL pointer dereference :

A NULL pointer dereference flaw was found in the mod_http2 module of
httpd. A remote attacker could use this flaw to cause httpd child
process to crash via a specially crafted HTTP/2 request.
(CVE-2017-7659)

mod_ssl NULL pointer dereference :

A NULL pointer dereference flaw was found in the httpd's mod_ssl
module. A remote attacker could use this flaw to cause a httpd child
process to crash if another module used by httpd called a certain API
function during the processing of an HTTPS request. (CVE-2017-3169)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2017-863.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update httpd24' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd24-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_proxy_html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_session");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod24_ssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"httpd24-2.4.27-3.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"httpd24-debuginfo-2.4.27-3.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"httpd24-devel-2.4.27-3.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"httpd24-manual-2.4.27-3.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"httpd24-tools-2.4.27-3.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mod24_ldap-2.4.27-3.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mod24_proxy_html-2.4.27-3.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mod24_session-2.4.27-3.71.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"mod24_ssl-2.4.27-3.71.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc");
}
VendorProductVersionCPE
amazonlinuxhttpd24p-cpe:/a:amazon:linux:httpd24
amazonlinuxhttpd24-debuginfop-cpe:/a:amazon:linux:httpd24-debuginfo
amazonlinuxhttpd24-develp-cpe:/a:amazon:linux:httpd24-devel
amazonlinuxhttpd24-manualp-cpe:/a:amazon:linux:httpd24-manual
amazonlinuxhttpd24-toolsp-cpe:/a:amazon:linux:httpd24-tools
amazonlinuxmod24_ldapp-cpe:/a:amazon:linux:mod24_ldap
amazonlinuxmod24_proxy_htmlp-cpe:/a:amazon:linux:mod24_proxy_html
amazonlinuxmod24_sessionp-cpe:/a:amazon:linux:mod24_session
amazonlinuxmod24_sslp-cpe:/a:amazon:linux:mod24_ssl
amazonlinuxcpe:/o:amazon:linux

Related

amazon 3
fedora 3
nessus 50
openvas 30
ubuntu 2
debian 7
archlinux 1
freebsd 1
ibm 27
slackware 1
symantec 1
osv 8
redhat 10
oraclelinux 3
centos 3
gentoo 1
mageia 1
veracode 4
f5 4
cve 4
httpd 9
ubuntucve 5
checkpoint_advisories 3
redhatcve 4
hackerone 1
debiancve 4
prion 4
alpinelinux 4
d0znpp 1
amazon
amazon
Medium: httpd24
2017-08-03 18:53:00
Important: httpd
2017-09-13 22:50:00
Medium: httpd
2017-06-22 19:25:00
fedora
fedora
[SECURITY] Fedora 25 Update: httpd-2.4.27-2.fc25
2017-07-15 19:56:05
[SECURITY] Fedora 26 Update: httpd-2.4.26-1.fc26
2017-07-07 23:20:56
[SECURITY] Fedora 24 Update: httpd-2.4.26-1.fc24
2017-07-12 01:54:48
nessus
nessus
FreeBSD : Apache httpd -- several vulnerabilities (0c2db2aa-5584-11e7-9a7d-b499baebfeaf)
2017-06-20 00:00:00
Apache 2.4.x < 2.4.26 Multiple Vulnerabilities
2019-01-09 00:00:00
Fedora 25 : httpd (2017-9ded7c5670)
2017-07-18 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2017-180-03)
2022-04-21 00:00:00
Debian: Security Advisory (DSA-3896-1)
2017-06-21 00:00:00
Fedora Update for httpd FEDORA-2017-cf9599a306
2017-07-14 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2017-07-31 00:00:00
Apache HTTP Server vulnerabilities
2017-06-26 00:00:00
debian
debian
[SECURITY] [DSA 3896-1] apache2 security update
2017-06-22 19:41:41
[SECURITY] [DSA 3896-1] apache2 security update
2017-06-22 19:41:41
[SECURITY] [DLA 1009-1] apache2 security update
2017-07-02 18:48:50
archlinux
archlinux
[ASA-201706-34] apache: multiple issues
2017-06-28 00:00:00
freebsd
freebsd
Apache httpd -- several vulnerabilities
2017-06-20 00:00:00
ibm
ibm
Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server
2019-12-18 14:26:38
Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM)
2023-04-14 14:32:25
Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearQuest (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)
2020-02-04 16:40:40
slackware
slackware
[slackware-security] httpd
2017-06-29 21:34:52
symantec
symantec
SA154: Apache httpd Vulnerabilities June 2017
2017-07-20 08:00:00
osv
osv
apache2 - security update
2017-06-22 00:00:00
apache2 - security update
2017-07-02 00:00:00
CVE-2017-7659
2017-07-26 21:29:00
redhat
redhat
(RHSA-2017:2483) Important: httpd24-httpd security update
2017-08-16 21:45:48
(RHSA-2017:2479) Important: httpd security update
2017-08-15 15:55:44
(RHSA-2017:3193) Important: httpd security update
2017-11-13 16:37:21
oraclelinux
oraclelinux
httpd security update
2017-08-15 00:00:00
httpd security and bug fix update
2017-07-11 00:00:00
httpd security update
2017-08-15 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2017-08-24 09:43:51
httpd, mod_ssl security update
2017-08-15 20:25:39
httpd, mod_ssl security update
2017-07-12 17:44:05
gentoo
gentoo
Apache: Multiple vulnerabilities
2017-10-29 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2018-01-01 13:38:51
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:45:16
Denial Of Service (DoS)
2019-05-02 06:45:16
Denial Of Service (DoS)
2019-05-02 06:45:13
f5
f5
K54624443 : Apache HTTPD vulnerability CVE-2017-7668
2017-07-14 00:00:00
K05415626 : Apache HTTPD vulnerability CVE-2017-7659
2017-07-17 00:00:00
Apache vulnerability CVE-2016-8743
2017-02-03 23:10:00
cve
cve
CVE-2017-7668
2017-06-20 01:29:00
CVE-2017-7679
2017-06-20 01:29:00
CVE-2017-7659
2017-07-26 21:29:00
httpd
httpd
Apache Httpd < 2.2.34 : ap_find_token() Buffer Overread
2017-05-06 00:00:00
Apache Httpd < 2.4.26 : mod_http2 Null Pointer Dereference
2016-11-18 00:00:00
Apache Httpd < 2.2.34 : mod_mime Buffer Overread
2015-11-15 00:00:00
ubuntucve
ubuntucve
CVE-2017-7659
2017-07-26 00:00:00
CVE-2017-7668
2017-06-19 00:00:00
CVE-2017-7679
2017-06-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache httpd ap_find_token Out of Bounds Read (CVE-2017-7668)
2017-07-31 00:00:00
Apache HTTPD mod_http2 Null Pointer Dereference (CVE-2017-7659)
2017-12-04 00:00:00
Apache httpd ap_find_token Out of Bounds Read - Ver2 (CVE-2017-7668)
2018-07-03 00:00:00
redhatcve
redhatcve
CVE-2017-7668
2019-10-08 10:48:59
CVE-2017-7659
2019-10-08 10:49:35
CVE-2017-7679
2019-10-11 17:04:37
hackerone
hackerone
Internet Bug Bounty: ap_find_token() Buffer Overread
2017-06-20 08:36:29
debiancve
debiancve
CVE-2017-7668
2017-06-20 01:29:00
CVE-2017-7659
2017-07-26 21:29:00
CVE-2017-7679
2017-06-20 01:29:00
prion
prion
Default credentials
2017-06-20 01:29:00
Null pointer dereference
2017-07-26 21:29:00
Design/Logic Flaw
2017-07-27 21:29:00
alpinelinux
alpinelinux
CVE-2017-7659
2017-07-26 21:29:00
CVE-2017-7668
2017-06-20 01:29:00
CVE-2017-7679
2017-06-20 01:29:00
d0znpp
d0znpp
The best Burp plugin I’ve ever seen
2017-10-24 01:35:57
JSON
Related for ALA_ALAS-2017-863.NASL
amazon3fedora3nessus50openvas30ubuntu2debian7archlinux1freebsd1ibm27slackware1symantec1osv8redhat10oraclelinux3centos3gentoo1mageia1veracode4f54cve4httpd9ubuntucve5checkpoint_advisories3redhatcve4hackerone1debiancve4prion4alpinelinux4d0znpp1