Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 Tenable Network Security, Inc.APACHE_2_4_7.NASL
HistoryJul 30, 2014 - 12:00 a.m.

Apache 2.4.6 Remote DoS

2014-07-3000:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
1821
JSON

According to its banner, the version of Apache 2.4.x running on the remote host is version 2.4.6. It is, therefore, affected by a flaw in the mod_cache module involving a NULL pointer dereference. An attacker may be able to specially craft a request designed to cause a denial of service.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76914);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2013-4352");
  script_bugtraq_id(68863);

  script_name(english:"Apache 2.4.6 Remote DoS");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a denial of service
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of Apache 2.4.x running on the
remote host is version 2.4.6. It is, therefore, affected by a flaw in
the mod_cache module involving a NULL pointer dereference. An attacker
may be able to specially craft a request designed to cause a denial of
service.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://httpd.apache.org/security/vulnerabilities_24.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apache version 2.4.7 or later. Alternatively, ensure that
the affected module is not in use");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4352");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/30");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");

  script_dependencies("apache_http_version.nasl", "apache_http_server_nix_installed.nbin", "apache_httpd_win_installed.nbin");
  script_require_keys("installed_sw/Apache");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');


app_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');

constraints = [
  { 'min_version' : '2.3.0', 'fixed_version' : '2.4.7' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
apachehttp_servercpe:/a:apache:http_server

Related

checkpoint_advisories 1
veracode 2
httpd 1
f5 1
ubuntucve 1
prion 1
cve 1
debiancve 1
openvas 5
nessus 6
oraclelinux 2
redhat 2
centos 1
ibm 1
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_cache Denial of Service (CVE-2013-4352)
2014-10-06 00:00:00
veracode
veracode
Denial Of Service
2019-01-15 08:57:20
Denial Of Service (DoS)
2019-05-02 05:03:43
httpd
httpd
Apache Httpd < 2.4.7 : mod_cache crash
2013-09-14 00:00:00
f5
f5
K28508558 : Apache mod_cache vulnerability CVE-2013-4352
2022-11-28 00:00:00
ubuntucve
ubuntucve
CVE-2013-4352
2014-07-20 00:00:00
prion
prion
Null pointer dereference
2014-07-20 11:12:00
cve
cve
CVE-2013-4352
2014-07-20 11:12:00
debiancve
debiancve
CVE-2013-4352
2014-07-20 11:12:00
openvas
openvas
Apache HTTP Server 'mod_cache' Denial of Service Vulnerability (May 2015)
2015-05-27 00:00:00
RedHat Update for httpd RHSA-2014:0921-01
2014-07-28 00:00:00
Oracle: Security Advisory (ELSA-2014-0921)
2015-10-06 00:00:00
nessus
nessus
Oracle Solaris Third-Party Patch Update : apache (multiple_denial_of_service_dos5)
2015-01-19 00:00:00
CentOS 7 : httpd (CESA-2014:0921)
2014-07-24 00:00:00
RHEL 7 : httpd (RHSA-2014:0921)
2014-07-30 00:00:00
oraclelinux
oraclelinux
httpd security update
2014-07-23 00:00:00
httpd24-httpd security and bug fix update
2016-02-04 00:00:00
redhat
redhat
(RHSA-2014:0921) Important: httpd security update
2014-07-23 00:00:00
(RHSA-2014:0922) Important: httpd24-httpd security update
2014-07-23 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2014-07-23 15:36:55
ibm
ibm
Security Bulletin: Multiple vulnerabilities fixed in IBM HTTP Server (APAR PI22070)
2018-06-15 07:00:11
JSON
Related for APACHE_2_4_7.NASL
checkpoint_advisories1veracode2httpd1f51ubuntucve1prion1cve1debiancve1openvas5nessus6oraclelinux2redhat2centos1ibm1