Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.APACHE_2_4_20.NASL
HistoryFeb 08, 2019 - 12:00 a.m.

Apache 2.4.17 / 2.4.18 DoS

2019-02-0800:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
177
JSON

According to its banner, the version of Apache running on the remote host is either 2.4.17 or 2.4.18.

A denial of service (DoS) vulnerability exists in server threads due to a lengthy thread-block time. An unauthenticated, remote attacker can exploit this issue, to block server threads, and causing the application to stop responding.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(122059);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2016-1546");
  script_bugtraq_id(92331);

  script_name(english:"Apache 2.4.17 / 2.4.18 DoS");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a denial of service
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of Apache running on the remote
host is either 2.4.17 or 2.4.18.

A denial of service (DoS) vulnerability exists in server threads due 
to a lengthy thread-block time. An unauthenticated, remote attacker 
can exploit this issue, to block server threads, and causing the 
application to stop responding.");
  script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.4.20");
  script_set_attribute(attribute:"see_also", value:"https://httpd.apache.org/security/vulnerabilities_24.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apache version 2.4.20 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1546");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/08");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("alpn_protocol_enumeration.nasl", "apache_http_version.nasl", "apache_http_server_nix_installed.nbin", "apache_httpd_win_installed.nbin");
  script_require_keys("installed_sw/Apache");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');


app_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');

constraints = [
  { "min_version" : "2.4.17", "max_version" : "2.4.18", "fixed_version" : "2.4.20" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
apachehttp_servercpe:/a:apache:http_server

Related

ubuntucve 1
veracode 1
httpd 1
f5 2
prion 1
nessus 4
debiancve 1
openvas 1
cve 1
gentoo 1
thn 1
redhat 1
ibm 1
photon 1
oracle 1
ubuntucve
ubuntucve
CVE-2016-1546
2016-07-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:10:15
httpd
httpd
Apache Httpd < 2.4.20 : mod_http2: denial of service by thread starvation
2016-02-02 00:00:00
f5
f5
K12254802 : Apache httpd HTTP/2 vulnerability CVE-2016-1546
2016-06-07 00:00:00
SOL12254802 - Apache httpd HTTP/2 vulnerability CVE-2016-1546
2016-06-07 00:00:00
prion
prion
Buffer overflow
2016-07-06 14:59:00
nessus
nessus
Photon OS 1.0: Httpd PHSA-2017-0013
2019-02-07 00:00:00
Apache HTTP Server 2.4.x < 2.4.23 Multiple Vulnerabilities
2016-07-15 00:00:00
GLSA-201610-02 : Apache: Multiple vulnerabilities
2016-10-07 00:00:00
debiancve
debiancve
CVE-2016-1546
2016-07-06 14:59:00
openvas
openvas
Apache HTTP Server Denial of Service Vulnerability (Jul 2016)
2016-07-08 00:00:00
cve
cve
CVE-2016-1546
2016-07-06 14:59:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2016-10-06 00:00:00
thn
thn
4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers
2016-08-03 20:10:00
redhat
redhat
(RHSA-2017:1161) Moderate: httpd24-httpd security, bug fix, and enhancement update
2017-04-26 09:54:23
ibm
ibm
Security Bulletin: IBM i Integrated Web Application Server version 8.5 is affected by multiple vulnerabilities.
2019-12-18 14:26:38
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0013
2017-04-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
JSON
Related for APACHE_2_4_20.NASL
ubuntucve1veracode1httpd1f52prion1nessus4debiancve1openvas1cve1gentoo1thn1redhat1ibm1photon1oracle1