Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass
2004-07-31T00:00:00
ID APACHE_ACCESS_WO_NETMASK.NASL Type nessus Reporter This script is Copyright (C) 2004-2020 George A. Theall Modified 2020-06-12T00:00:00
Description
The remote host is running a version of Apache web server prior to 1.3.31. It is, therefore, affected by an access control bypass vulnerability due to a failure, on big-endian 64-bit platforms, to properly match 'allow' or 'deny' rules that contain an IP address but lack a corresponding netmask.
Nessus has determined the vulnerability exists only by looking at the Server header returned by the web server running on the target. If the target is not a big-endian 64-bit platform, consider this a false positive.
#
# This script was written by George A. Theall, <theall@tifaware.com>.
#
# See the Nessus Scripts License for details.
#
include("compat.inc");
if (description)
{
script_id(14177);
script_version("1.31");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_cve_id("CVE-2003-0993");
script_bugtraq_id(9829);
script_xref(name:"GLSA", value:"GLSA 200405-22");
script_xref(name:"MDKSA", value:"MDKSA-2004:046");
script_xref(name:"SSA", value:"SSA:2004-133-01");
script_xref(name:"Secunia", value:"11088");
script_xref(name:"Secunia", value:"11681");
script_xref(name:"Secunia", value:"11719");
script_xref(name:"Secunia", value:"12246");
script_name(english:"Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass");
script_summary(english:"Checks for Apache version");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by an access control bypass
vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of Apache web server prior to
1.3.31. It is, therefore, affected by an access control bypass
vulnerability due to a failure, on big-endian 64-bit platforms, to
properly match 'allow' or 'deny' rules that contain an IP address but
lack a corresponding netmask.
Nessus has determined the vulnerability exists only by looking at the
Server header returned by the web server running on the target. If the
target is not a big-endian 64-bit platform, consider this a false
positive.");
script_set_attribute(attribute:"see_also", value:"http://www.apacheweek.com/features/security-13");
script_set_attribute(attribute:"see_also", value:"http://marc.info/?l=apache-cvs&m=107869603013722" );
script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=23850" );
script_set_attribute(attribute:"solution", value:"Upgrade to Apache web server version 1.3.31 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2020 George A. Theall");
script_family(english:"Web Servers");
script_dependencie("apache_http_version.nasl", "ssh_get_info.nasl");
script_require_keys("installed_sw/Apache", "Settings/ParanoidReport");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("backport.inc");
include("global_settings.inc");
include("http_func.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
uname = get_kb_item("Host/uname");
if ( uname )
{
if ( pgrep(pattern:"i.86", string:uname) ) exit(0);
}
host = get_host_name();
port = get_http_port(default:80, embedded:TRUE);
if (!get_port_state(port)) exit(0);
# Check the web server's banner for the version.
banner = get_http_banner(port:port);
if (!banner) exit(0);
banner = get_backport_banner(banner:banner);
sig = strstr(banner, "Server:");
if (!sig) exit(0);
if(preg(pattern:"^Server:.*Apache(-AdvancedExtranetServer)?/1\.([0-2]\.[0-9]|3\.([0-9][^0-9]|[0-2][0-9]))", string:sig)) {
security_hole(port);
}
{"id": "APACHE_ACCESS_WO_NETMASK.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass", "description": "The remote host is running a version of Apache web server prior to 1.3.31. It is, therefore, affected by an access control bypass vulnerability due to a failure, on big-endian 64-bit platforms, to properly match 'allow' or 'deny' rules that contain an IP address but lack a corresponding netmask.\n\nNessus has determined the vulnerability exists only by looking at the Server header returned by the web server running on the target. If the target is not a big-endian 64-bit platform, consider this a false positive.", "published": "2004-07-31T00:00:00", "modified": "2020-06-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nessus/14177", "reporter": "This script is Copyright (C) 2004-2020 George A. Theall", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0993", "https://bz.apache.org/bugzilla/show_bug.cgi?id=23850", "http://www.apacheweek.com/features/security-13", "http://marc.info/?l=apache-cvs&m=107869603013722"], "cvelist": ["CVE-2003-0993"], "immutableFields": [], "lastseen": "2021-08-19T13:19:39", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0993"]}, {"type": "freebsd", "idList": ["09D418DB-70FD-11D8-873F-0020ED76EF5A"]}, {"type": "gentoo", "idList": ["GLSA-200405-22"]}, {"type": "httpd", "idList": ["HTTPD:0576286DB2485FBB76346020044ABE4A"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_09D418DB70FD11D8873F0020ED76EF5A.NASL", "GENTOO_GLSA-200405-22.NASL", "MANDRAKE_MDKSA-2004-046.NASL", "SLACKWARE_SSA_2004-133-01.NASL", "SOLARIS8_116973.NASL", "SOLARIS8_X86_116974.NASL", "SOLARIS9_113146.NASL", "SOLARIS9_X86_114145.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231014177", "OPENVAS:136141256231053931", "OPENVAS:14177", "OPENVAS:52501", "OPENVAS:53931", "OPENVAS:54582"]}, {"type": "slackware", "idList": ["SSA-2004-133-01"]}, {"type": "suse", "idList": ["SUSE-SA:2004:014", "SUSE-SA:2004:015"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2003-0993"]}], "rev": 4}, "score": {"value": 5.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2003-0993"]}, {"type": "freebsd", "idList": ["09D418DB-70FD-11D8-873F-0020ED76EF5A"]}, {"type": "nessus", "idList": ["APACHE_HTTP_VERSION.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:53931"]}, {"type": "slackware", "idList": ["SSA-2004-133-01"]}, {"type": "suse", "idList": ["SUSE-SA:2004:014", "SUSE-SA:2004:015"]}]}, "exploitation": null, "vulnersScore": 5.8}, "pluginID": "14177", "sourceData": "#\n# This script was written by George A. Theall, <theall@tifaware.com>.\n#\n# See the Nessus Scripts License for details.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14177);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/12\");\n\n script_cve_id(\"CVE-2003-0993\");\n script_bugtraq_id(9829);\n script_xref(name:\"GLSA\", value:\"GLSA 200405-22\");\n script_xref(name:\"MDKSA\", value:\"MDKSA-2004:046\");\n script_xref(name:\"SSA\", value:\"SSA:2004-133-01\");\n script_xref(name:\"Secunia\", value:\"11088\");\n script_xref(name:\"Secunia\", value:\"11681\");\n script_xref(name:\"Secunia\", value:\"11719\");\n script_xref(name:\"Secunia\", value:\"12246\");\n\n script_name(english:\"Apache < 1.3.31 mod_access IP Address Netmask Rule Bypass\");\n script_summary(english:\"Checks for Apache version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an access control bypass\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Apache web server prior to\n1.3.31. It is, therefore, affected by an access control bypass\nvulnerability due to a failure, on big-endian 64-bit platforms, to\nproperly match 'allow' or 'deny' rules that contain an IP address but\nlack a corresponding netmask.\n\nNessus has determined the vulnerability exists only by looking at the\nServer header returned by the web server running on the target. If the\ntarget is not a big-endian 64-bit platform, consider this a false\npositive.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.apacheweek.com/features/security-13\");\n script_set_attribute(attribute:\"see_also\", value:\"http://marc.info/?l=apache-cvs&m=107869603013722\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=23850\" );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache web server version 1.3.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2020 George A. Theall\");\n script_family(english:\"Web Servers\");\n\n script_dependencie(\"apache_http_version.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"installed_sw/Apache\", \"Settings/ParanoidReport\"); \n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nuname = get_kb_item(\"Host/uname\");\nif ( uname )\n{\n if ( pgrep(pattern:\"i.86\", string:uname) ) exit(0);\n}\nhost = get_host_name();\nport = get_http_port(default:80, embedded:TRUE);\n\nif (!get_port_state(port)) exit(0);\n\n# Check the web server's banner for the version.\nbanner = get_http_banner(port:port);\nif (!banner) exit(0);\nbanner = get_backport_banner(banner:banner);\n\nsig = strstr(banner, \"Server:\");\nif (!sig) exit(0);\n\nif(preg(pattern:\"^Server:.*Apache(-AdvancedExtranetServer)?/1\\.([0-2]\\.[0-9]|3\\.([0-9][^0-9]|[0-2][0-9]))\", string:sig)) {\n security_hole(port);\n}\n", "naslFamily": "Web Servers", "cpe": ["cpe:/a:apache:http_server"], "solution": "Upgrade to Apache web server version 1.3.31 or later.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": "2004-03-08T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"openvas": [{"lastseen": "2017-07-02T21:10:12", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0993"], "modified": "2016-09-15T00:00:00", "id": "OPENVAS:52501", "href": "http://plugins.openvas.org/nasl.php?oid=52501", "sourceData": "#\n#VID 09d418db-70fd-11d8-873f-0020ed76ef5a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n apache\n apache+mod_ssl\n apache+ssl\n ru-apache\n ru-apache+mod_ssl\n\nCVE-2003-0993\nmod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit\nplatforms, does not properly parse Allow/Deny rules using IP addresses\nwithout a netmask, which could allow remote attackers to bypass\nintended access restrictions.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47\nhttp://www.apacheweek.com/features/security-13\nhttp://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850\nhttp://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722\nhttp://www.vuxml.org/freebsd/09d418db-70fd-11d8-873f-0020ed76ef5a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52501);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2003-0993\");\n script_bugtraq_id(9829);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.29_2\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.29+2.8.16_1\")<0) {\n txt += 'Package apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.29.1.53_1\")<0) {\n txt += 'Package apache+ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.29+30.19_1\")<0) {\n txt += 'Package ru-apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.29+30.19+2.8.16_1\")<0) {\n txt += 'Package ru-apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:32:01", "description": "The target is running an Apache web server that may not properly handle\n access controls.", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "Apache mod_access rule bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0993"], "modified": "2018-10-22T00:00:00", "id": "OPENVAS:136141256231014177", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231014177", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: apache_access_wo_netmask.nasl 12007 2018-10-22 07:43:49Z cfischer $\n#\n# Description: Apache mod_access rule bypass\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>.\n#\n# Copyright:\n# Copyright (C) 2004 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.14177\");\n script_version(\"$Revision: 12007 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-22 09:43:49 +0200 (Mon, 22 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(9829);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2003-0993\");\n script_name(\"Apache mod_access rule bypass\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2004 George A. Theall\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"GLSA\", value:\"GLSA 200405-22\");\n script_xref(name:\"MDKSA\", value:\"MDKSA-2004:046\");\n script_xref(name:\"OpenPKG-SA\", value:\"OpenPKG-SA-2004.021-apache\");\n script_xref(name:\"SSA\", value:\"SSA:2004-133-01\");\n script_xref(name:\"TSLSA\", value:\"TSLSA-2004-0027\");\n\n script_xref(name:\"URL\", value:\"http://www.apacheweek.com/features/security-13\");\n script_xref(name:\"URL\", value:\"https://marc.info/?l=apache-cvs&m=107869603013722\");\n script_xref(name:\"URL\", value:\"http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache version 1.3.31 or newer.\");\n\n script_tag(name:\"summary\", value:\"The target is running an Apache web server that may not properly handle\n access controls.\");\n\n script_tag(name:\"insight\", value:\"In effect, on big-endian 64-bit platforms, Apache\n fails to match allow or deny rules containing an IP address but not a netmask.\n Additional information on the vulnerability can be found at the referenced links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! info = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) ) exit( 0 );\nvers = info['version'];\npath = info['location'];\n\nif( version_is_less( version:vers, test_version:\"1.3.31\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.3.31\", install_path:path );\n security_message( port:port, data:report );\n}\n\nexit( 0 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:08", "description": "The target is running an Apache web server that may not properly handle\naccess controls. In effect, on big-endian 64-bit platforms, Apache\nfails to match allow or deny rules containing an IP address but not a\nnetmask. \n\n***** OpenVAS has determined the vulnerability exists only by looking at\n***** the Server header returned by the web server running on the target.\n***** If the target is not a big-endian 64-bit platform, consider this a \n***** false positive. \n\nAdditional information on the vulnerability can be found at :\n\n - http://www.apacheweek.com/features/security-13\n - http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722\n - http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850", "cvss3": {}, "published": "2005-11-03T00:00:00", "type": "openvas", "title": "Apache mod_access rule bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0993"], "modified": "2017-04-27T00:00:00", "id": "OPENVAS:14177", "href": "http://plugins.openvas.org/nasl.php?oid=14177", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: apache_access_wo_netmask.nasl 6040 2017-04-27 09:02:38Z teissa $\n# Description: Apache mod_access rule bypass\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>.\n#\n# Copyright:\n# Copyright (C) 2004 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The target is running an Apache web server that may not properly handle\naccess controls. In effect, on big-endian 64-bit platforms, Apache\nfails to match allow or deny rules containing an IP address but not a\nnetmask. \n\n***** OpenVAS has determined the vulnerability exists only by looking at\n***** the Server header returned by the web server running on the target.\n***** If the target is not a big-endian 64-bit platform, consider this a \n***** false positive. \n\nAdditional information on the vulnerability can be found at :\n\n - http://www.apacheweek.com/features/security-13\n - http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722\n - http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850\";\n\ntag_solution = \"Upgrade to Apache version 1.3.31 or newer.\";\n\nif (description) {\n script_id(14177);\n script_version(\"$Revision: 6040 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-27 11:02:38 +0200 (Thu, 27 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_bugtraq_id(9829);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_cve_id(\"CVE-2003-0993\");\n script_xref(name:\"GLSA\", value:\"GLSA 200405-22\");\n script_xref(name:\"MDKSA\", value:\"MDKSA-2004:046\");\n script_xref(name:\"OpenPKG-SA\", value:\"OpenPKG-SA-2004.021-apache\");\n script_xref(name:\"SSA\", value:\"SSA:2004-133-01\");\n script_xref(name:\"TSLSA\", value:\"TSLSA-2004-0027\");\n\n name = \"Apache mod_access rule bypass\";\n script_name(name);\n \n summary = \"Checks for Apache mod_access Rule Bypass Vulnerability\";\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2004 George A. Theall\");\n\n family = \"General\";\n script_family(family);\n\n script_dependencies(\"find_service.nasl\", \"global_settings.nasl\", \"http_version.nasl\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_keys(\"www/apache\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\n\nuname = get_kb_item(\"ssh/login/uname\");\nif ( uname )\n{\n if ( egrep(pattern:\"i.86\", string:uname) ) exit(0);\n}\nhost = get_host_name();\nport = get_http_port(default:80);\nif (debug_level) display(\"debug: checking for mod_access Rule Bypass vulnerability on \", host, \":\", port, \".\\n\");\n\nif (!get_port_state(port)) exit(0);\n\n# Check the web server's banner for the version.\nbanner = get_http_banner(port:port);\nif (!banner) exit(0);\n\nsig = strstr(banner, \"Server:\");\nif (!sig) exit(0);\nif (debug_level) display(\"debug: server sig = >>\", sig, \"<<.\\n\");\n\nif(ereg(pattern:\"^Server:.*Apache(-AdvancedExtranetServer)?/1\\.([0-2]\\.[0-9]|3\\.([0-9][^0-9]|[0-2][0-9]))\", string:sig)) {\n security_message(port);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-30T10:46:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200405-22.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200405-22 (Apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2017-10-26T00:00:00", "id": "OPENVAS:54582", "href": "http://plugins.openvas.org/nasl.php?oid=54582", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several security vulnerabilities have been fixed in the latest release of\nApache 1.3.\";\ntag_solution = \"All users should upgrade to the latest stable version of Apache 1.3.\n\n # emerge sync\n\n # emerge -pv '>=net-www/apache-1.3.31'\n # emerge '>=net-www/apache-1.3.31'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200405-22\nhttp://bugs.gentoo.org/show_bug.cgi?id=51815\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200405-22.\";\n\n \n\nif(description)\n{\n script_id(54582);\n script_version(\"$Revision: 7585 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-26 17:03:01 +0200 (Thu, 26 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2003-0993\", \"CVE-2003-0020\", \"CVE-2003-0987\", \"CVE-2004-0174\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200405-22 (Apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/apache\", unaffected: make_list(\"ge 1.3.31\"), vulnerable: make_list(\"lt 1.3.31\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:54", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-133-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2004-133-01 apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53931", "href": "http://plugins.openvas.org/nasl.php?oid=53931", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_133_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to\nfix security issues. These include a possible denial-of-service attack as well\nas the ability to possible pipe shell escapes through Apache's errorlog (which\ncould create an exploit if the error log is read in a terminal program that\ndoes not filter such escapes). We recommend that sites running Apache upgrade\nto the new Apache package.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2004-133-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-133-01\";\n \nif(description)\n{\n script_id(53931);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2003-0987\", \"CVE-2003-0020\", \"CVE-2004-0174\", \"CVE-2003-0993\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2004-133-01 apache \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-2\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-2\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i486-2\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:51", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-133-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2004-133-01 apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231053931", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053931", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2004_133_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53931\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2003-0987\", \"CVE-2003-0020\", \"CVE-2004-0174\", \"CVE-2003-0993\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2004-133-01 apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2004-133-01\");\n\n script_tag(name:\"insight\", value:\"New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to\nfix security issues. These include a possible denial-of-service attack as well\nas the ability to possible pipe shell escapes through Apache's errorlog (which\ncould create an exploit if the error log is read in a terminal program that\ndoes not filter such escapes). We recommend that sites running Apache upgrade\nto the new Apache package.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2004-133-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-2\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i386-2\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.29-i486-2\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:50:30", "description": "mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.", "cvss3": {}, "published": "2004-03-29T05:00:00", "type": "cve", "title": "CVE-2003-0993", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0993"], "modified": "2021-06-06T11:15:00", "cpe": ["cpe:/a:apache:http_server:1.3.19", "cpe:/a:apache:http_server:1.3.14", "cpe:/a:apache:http_server:1.3.22", "cpe:/a:apache:http_server:1.3.18", "cpe:/a:apache:http_server:1.3.25", "cpe:/a:apache:http_server:1.3.7", "cpe:/a:apache:http_server:1.3.24", "cpe:/a:apache:http_server:1.3", "cpe:/a:apache:http_server:1.3.4", "cpe:/a:apache:http_server:1.3.28", "cpe:/a:apache:http_server:1.3.9", "cpe:/a:apache:http_server:1.3.3", "cpe:/a:apache:http_server:1.3.23", "cpe:/a:apache:http_server:1.3.6", "cpe:/a:apache:http_server:1.3.17", "cpe:/a:apache:http_server:1.3.1", "cpe:/a:apache:http_server:1.3.26", "cpe:/a:apache:http_server:1.3.27", "cpe:/a:apache:http_server:1.3.11", "cpe:/a:apache:http_server:1.3.29", "cpe:/a:apache:http_server:1.3.20", "cpe:/a:apache:http_server:1.3.12"], "id": "CVE-2003-0993", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0993", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2022-01-19T16:03:51", "description": "\n\nHenning Brauer discovered a programming error in Apache\n\t 1.3's mod_access that results in the netmasks in IP address\n\t access control rules being interpreted incorrectly on\n\t 64-bit, big-endian platforms. In some cases, this could\n\t cause a `deny from' IP address access control rule including\n\t a netmask to fail.\n\n", "cvss3": {}, "published": "2004-03-07T00:00:00", "type": "freebsd", "title": "Apache 1.3 IP address access control failure on some 64-bit platforms", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0993"], "modified": "2004-03-12T00:00:00", "id": "09D418DB-70FD-11D8-873F-0020ED76EF5A", "href": "https://vuxml.freebsd.org/freebsd/09d418db-70fd-11d8-873f-0020ed76ef5a.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T22:04:51", "description": "", "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "ubuntucve", "title": "CVE-2003-0993", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0993"], "modified": "1976-01-01T00:00:00", "id": "UB:CVE-2003-0993", "href": "https://ubuntu.com/security/CVE-2003-0993", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T13:16:58", "description": "Henning Brauer discovered a programming error in Apache 1.3's mod_access that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms.\nIn some cases, this could cause a `deny from' IP address access control rule including a netmask to fail.", "cvss3": {"score": null, "vector": null}, "published": "2005-07-13T00:00:00", "type": "nessus", "title": "FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0993"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache", "p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl", "p-cpe:/a:freebsd:freebsd:apache%2bssl", "p-cpe:/a:freebsd:freebsd:ru-apache", "p-cpe:/a:freebsd:freebsd:ru-apache%2bmod_ssl", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_09D418DB70FD11D8873F0020ED76EF5A.NASL", "href": "https://www.tenable.com/plugins/nessus/18833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18833);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0993\");\n script_bugtraq_id(9829);\n\n script_name(english:\"FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Henning Brauer discovered a programming error in Apache 1.3's\nmod_access that results in the netmasks in IP address access control\nrules being interpreted incorrectly on 64-bit, big-endian platforms.\nIn some cases, this could cause a `deny from' IP address access\ncontrol rule including a netmask to fail.\"\n );\n # http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_access.c?r1=1.46&r2=1.47\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fef70f41\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apacheweek.com/features/security-13\"\n );\n # http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=apache-cvs&m=107869603013722\"\n );\n # https://vuxml.freebsd.org/freebsd/09d418db-70fd-11d8-873f-0020ed76ef5a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?815f5d53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-apache+mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache<1.3.29_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl<1.3.29+2.8.16_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+ssl<1.3.29.1.53_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-apache<1.3.29+30.19_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-apache+mod_ssl<1.3.29+30.19+2.8.16_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:18:59", "description": "The remote host is affected by the vulnerability described in GLSA-200405-22 (Apache 1.3: Multiple vulnerabilities)\n\n On 64-bit big-endian platforms, mod_access does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses.\n Terminal escape sequences are not filtered from error logs. This could be used by an attacker to insert escape sequences into a terminal emulator vulnerable to escape sequences.\n mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could permit an attacker to replay the response of another website. This does not affect mod_auth_digest.\n On certain platforms there is a starvation issue where listening sockets fails to handle short-lived connection on a rarely-accessed listening socket. This causes the child to hold the accept mutex and block out new connections until another connection arrives on the same rarely-accessed listening socket thus leading to a denial of service.\n Impact :\n\n These vulnerabilities could lead to attackers bypassing intended access restrictions, denial of service, and possibly execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2004-08-30T00:00:00", "type": "nessus", "title": "GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200405-22.NASL", "href": "https://www.tenable.com/plugins/nessus/14508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200405-22.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14508);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\");\n script_xref(name:\"GLSA\", value:\"200405-22\");\n\n script_name(english:\"GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200405-22\n(Apache 1.3: Multiple vulnerabilities)\n\n On 64-bit big-endian platforms, mod_access does not properly parse\n Allow/Deny rules using IP addresses without a netmask which could result in\n failure to match certain IP addresses.\n Terminal escape sequences are not filtered from error logs. This could be\n used by an attacker to insert escape sequences into a terminal emulator\n vulnerable to escape sequences.\n mod_digest does not properly verify the nonce of a client response by using\n a AuthNonce secret. This could permit an attacker to replay the response of\n another website. This does not affect mod_auth_digest.\n On certain platforms there is a starvation issue where listening sockets\n fails to handle short-lived connection on a rarely-accessed listening\n socket. This causes the child to hold the accept mutex and block out new\n connections until another connection arrives on the same rarely-accessed\n listening socket thus leading to a denial of service.\n \nImpact :\n\n These vulnerabilities could lead to attackers bypassing intended access\n restrictions, denial of service, and possibly execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200405-22\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users should upgrade to the latest stable version of Apache 1.3.\n # emerge sync\n # emerge -pv '>=www-servers/apache-1.3.31'\n # emerge '>=www-servers/apache-1.3.31'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 1.3.31\"), vulnerable:make_list(\"lt 1.3.31\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache 1.3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:17:05", "description": "New apache packages are available for Slackware 8.1, 9.0, 9.1, and\n-current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package.", "cvss3": {"score": null, "vector": null}, "published": "2005-07-13T00:00:00", "type": "nessus", "title": "Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:apache", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1"], "id": "SLACKWARE_SSA_2004-133-01.NASL", "href": "https://www.tenable.com/plugins/nessus/18787", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2004-133-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18787);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\");\n script_xref(name:\"SSA\", value:\"2004-133-01\");\n\n script_name(english:\"Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New apache packages are available for Slackware 8.1, 9.0, 9.1, and\n-current to fix security issues. These include a possible\ndenial-of-service attack as well as the ability to possible pipe shell\nescapes through Apache's errorlog (which could create an exploit if\nthe error log is read in a terminal program that does not filter such\nescapes). We recommend that sites running Apache upgrade to the new\nApache package.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e6ddedc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i386\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i386\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"apache\", pkgver:\"1.3.29\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"apache\", pkgver:\"1.3.31\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:19:38", "description": "Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches.\n\nApache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020).\n\nmod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a 'AuthDigestRealmSeed' secret exposed as an MD5 checksum (CVE-2003-0987).\n\nmod_access in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CVE-2003-0993).\n\nApache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CVE-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix.\n\nUpdate :\n\nDue to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available.", "cvss3": {"score": null, "vector": null}, "published": "2004-07-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-1082"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:HTML-Embperl", "p-cpe:/a:mandriva:linux:apache-mod_perl", "p-cpe:/a:mandriva:linux:mod_perl-common", "p-cpe:/a:mandriva:linux:mod_perl-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "cpe:/o:mandrakesoft:mandrake_linux:9.2"], "id": "MANDRAKE_MDKSA-2004-046.NASL", "href": "https://www.tenable.com/plugins/nessus/14145", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:046. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14145);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-1082\");\n script_xref(name:\"MDKSA\", value:\"2004:046-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Four security vulnerabilities were fixed with the 1.3.31 release of\nApache. All of these issues have been backported and applied to the\nprovided packages. Thanks to Ralf Engelschall of OpenPKG for providing\nthe patches.\n\nApache 1.3 prior to 1.3.30 did not filter terminal escape sequences\nfrom its error logs. This could make it easier for attackers to insert\nthose sequences into the terminal emulators of administrators viewing\nthe error logs that contain vulnerabilities related to escape sequence\nhandling (CVE-2003-0020).\n\nmod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the\nnonce of a client response by using an AuthNonce secret. Apache now\nverifies the nonce returned in the client response to check whether it\nwas issued by itself by means of a 'AuthDigestRealmSeed' secret\nexposed as an MD5 checksum (CVE-2003-0987).\n\nmod_access in Apache 1.3 prior to 1.3.30, when running on big-endian\n64-bit platforms, did not properly parse Allow/Deny rules using IP\naddresses without a netmask. This could allow a remote attacker to\nbypass intended access restrictions (CVE-2003-0993).\n\nApache 1.3 prior to 1.3.30, when using multiple listening sockets on\ncertain platforms, allows a remote attacker to cause a DoS by blocking\nnew connections via a short-lived connection on a rarely-accessed\nlistening socket (CVE-2004-0174). While this particular vulnerability\ndoes not affect Linux, we felt it prudent to include the fix.\n\nUpdate :\n\nDue to the changes in mod_digest.so, mod_perl needed to be rebuilt\nagainst the patched Apache packages in order for httpd-perl to\nproperly load the module. The appropriate mod_perl packages have been\nrebuilt and are now available.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:HTML-Embperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mod_perl-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mod_perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"HTML-Embperl-1.3.29_1.3.6-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache-mod_perl-1.3.29_1.29-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mod_perl-common-1.3.29_1.29-3.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"mod_perl-devel-1.3.29_1.29-3.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"HTML-Embperl-1.3.27_1.3.4-7.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"apache-mod_perl-1.3.27_1.27-7.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"mod_perl-common-1.3.27_1.27-7.1.91mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"mod_perl-devel-1.3.27_1.27-7.1.91mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"HTML-Embperl-1.3.28_1.3.4-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache-mod_perl-1.3.28_1.28-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mod_perl-common-1.3.28_1.28-1.1.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"mod_perl-devel-1.3.28_1.28-1.1.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:20:05", "description": "SunOS 5.9_x86: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10", "cvss3": {"score": null, "vector": null}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 114145-12", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_114145.NASL", "href": "https://www.tenable.com/plugins/nessus/13593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13593);\n script_version(\"1.39\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 9 (x86) : 114145-12\");\n script_summary(english:\"Check for patch 114145-12\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 114145-12\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9_x86: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.oracle.com/sunalerts/1021709.1.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114145-12\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.9.0,REV=2002.08.06.16.05\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114145-12\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.9.0,REV=2002.08.06.16.05\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114145-12\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.9.0,REV=2002.08.06.16.05\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114145-12\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.9.0,REV=2002.08.06.16.05\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:18:32", "description": "SunOS 5.8_x86: Apache Patch.\nDate this patch was last updated by Sun : Apr/23/08", "cvss3": {"score": null, "vector": null}, "published": "2004-10-17T00:00:00", "type": "nessus", "title": "Solaris 8 (x86) : 116974-07", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_X86_116974.NASL", "href": "https://www.tenable.com/plugins/nessus/15483", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15483);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 8 (x86) : 116974-07\");\n script_summary(english:\"Check for patch 116974-07\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116974-07\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8_x86: Apache Patch.\nDate this patch was last updated by Sun : Apr/23/08\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116974-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"116974-07\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:20:12", "description": "SunOS 5.9: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10", "cvss3": {"score": null, "vector": null}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 113146-13", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_113146.NASL", "href": "https://www.tenable.com/plugins/nessus/13530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13530);\n script_version(\"1.41\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 9 (sparc) : 113146-13\");\n script_summary(english:\"Check for patch 113146-13\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 113146-13\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9: Apache Security Patch.\nDate this patch was last updated by Sun : Mar/05/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.oracle.com/sunalerts/1021709.1.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"113146-13\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.9.0,REV=2002.03.02.00.35\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:18:36", "description": "SunOS 5.8: Apache Patch.\nDate this patch was last updated by Sun : Apr/24/08", "cvss3": {"score": null, "vector": null}, "published": "2004-10-17T00:00:00", "type": "nessus", "title": "Solaris 8 (sparc) : 116973-07", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-0020", "CVE-2003-0542", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2004-0492", "CVE-2007-1349"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_116973.NASL", "href": "https://www.tenable.com/plugins/nessus/15482", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15482);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0020\", \"CVE-2003-0542\", \"CVE-2003-0987\", \"CVE-2003-0993\", \"CVE-2004-0174\", \"CVE-2004-0492\", \"CVE-2007-1349\");\n\n script_name(english:\"Solaris 8 (sparc) : 116973-07\");\n script_summary(english:\"Check for patch 116973-07\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 116973-07\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8: Apache Patch.\nDate this patch was last updated by Sun : Apr/24/08\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/116973-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchu\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchd\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchS\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"116973-07\", obsoleted_by:\"\", package:\"SUNWapchr\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "httpd": [{"lastseen": "2021-07-28T15:48:19", "description": "A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match.", "cvss3": {}, "published": "2003-10-15T00:00:00", "type": "httpd", "title": "Apache Httpd < 1.3.31 : Allow/Deny parsing on big-endian 64-bit platforms", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0993"], "modified": "2004-05-12T00:00:00", "id": "HTTPD:0576286DB2485FBB76346020044ABE4A", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:37:04", "description": "New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to\nfix security issues. These include a possible denial-of-service attack as well\nas the ability to possible pipe shell escapes through Apache's errorlog (which\ncould create an exploit if the error log is read in a terminal program that\ndoes not filter such escapes). We recommend that sites running Apache upgrade\nto the new Apache package.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993\n\n\nHere are the details from the Slackware 9.1 ChangeLog:\n\nWed May 12 13:06:39 PDT 2004\npatches/packages/apache-1.3.29-i486-2.tgz: Patched four security issues\n in the Apache web server as noted on http://httpd.apache.org.\n These security fixes were backported from Apache 1.3.31:\n\n In mod_digest, verify whether the nonce returned in the client\n response is one we issued ourselves. This problem does not affect\n mod_auth_digest. (CAN-2003-0987)\n\n Escape arbitrary data before writing into the errorlog. (CAN-2003-0020)\n\n Fix starvation issue on listening sockets where a short-lived connection\n on a rarely-accessed listening socket will cause a child to hold the\n accept mutex and block out new connections until another connection\n arrives on that rarely-accessed listening socket. (CAN-2004-0174)\n\n Fix parsing of Allow/Deny rules using IP addresses without a netmask;\n issue is only known to affect big-endian 64-bit platforms (CAN-2003-0993)\n\n For more details, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0993\n\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.29-i386-2.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.29-i386-2.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.29-i486-2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.31-i486-1.tgz\n(these related packages are also available)\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.17_1.3.31-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.3.6-i486-2.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n53949a74ba3dd0a01271e3aa1178e082 apache-1.3.29-i386-2.tgz\n\nSlackware 9.0 package:\n64ede1f5637736842502301eb5bd727d apache-1.3.29-i386-2.tgz\n\nSlackware 9.1 package:\nec5dad948d8b17b82b91d756a5c6b0f9 apache-1.3.29-i486-2.tgz\n\nSlackware -current packages:\na925f8be7b8bbcb7e4a77e2ef755988a apache-1.3.31-i486-1.tgz\n684626575e1c2a783b3d8d208876aab4 mod_ssl-2.8.17_1.3.31-i486-2.tgz\nad27d5f96281e11567184411b7c0720e php-4.3.6-i486-2.tgz\n\n\nInstallation instructions:\n\nFirst, stop apache:\n\n > apachectl stop\n\nNext, upgrade the Apache package as root:\n(if you're running -current, upgrade mod_ssl and php as well)\n\n > upgradepkg apache-1.3.29-i486-2.tgz\n\nFinally, restart apache:\n\n > apachectl start\n\nOr, if you're running a secure server with mod_ssl:\n\n > apachectl startssl", "cvss3": {}, "published": "2004-05-12T16:54:58", "type": "slackware", "title": "apache", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2004-05-12T16:54:58", "id": "SSA-2004-133-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:21:19", "description": "### Background\n\nThe Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. \n\n### Description\n\nOn 64-bit big-endian platforms, mod_access does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses. \n\nTerminal escape sequences are not filtered from error logs. This could be used by an attacker to insert escape sequences into a terminal emulater vulnerable to escape sequences. \n\nmod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could permit an attacker to replay the response of another website. This does not affect mod_auth_digest. \n\nOn certain platforms there is a starvation issue where listening sockets fails to handle short-lived connection on a rarely-accessed listening socket. This causes the child to hold the accept mutex and block out new connections until another connection arrives on the same rarely-accessed listening socket thus leading to a denial of service. \n\n### Impact\n\nThese vulnerabilities could lead to attackers bypassing intended access restrictions, denial of service, and possibly execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll users should upgrade to the latest stable version of Apache 1.3. \n \n \n # emerge sync\n \n # emerge -pv \">=www-servers/apache-1.3.31\"\n # emerge \">=www-servers/apache-1.3.31\"", "cvss3": {}, "published": "2004-05-26T00:00:00", "type": "gentoo", "title": "Apache 1.3: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0020", "CVE-2003-0987", "CVE-2003-0993", "CVE-2004-0174"], "modified": "2007-12-30T00:00:00", "id": "GLSA-200405-22", "href": "https://security.gentoo.org/glsa/200405-22", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:29:44", "description": "The kdelibs3 (kdelibs for SLES7 based products) package is a core package for the K desktop environment (KDE). The URI handler of the kdelibs3 and kdelibs class library contains a flaw which allows remote attackers to create arbitrary files as the user utilizing the kdelibs3/kdelibs package. Affected are applications which use the kdelibs3/kdelibs URI handler such as Konqueror or Kmail. The original KDE advisory can be found at http://www.kde.org/info/security/advisory-20040517-1.txt", "cvss3": {}, "published": "2004-05-26T11:35:37", "type": "suse", "title": "remote file creation in kdelibs/kdelibs3", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2003-0987", "CVE-2004-0411", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020"], "modified": "2004-05-26T11:35:37", "id": "SUSE-SA:2004:014", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-05/msg00009.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:39:27", "description": "The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. Various remotely exploitable conditions have been found during a source code review of CVS done by Stefan Esser and Sebastian Krahmer (SuSE Security-Team). These bugs allow remote attackers to execute arbitrary code as the user the CVS server runs as. Since there is no easy workaround we strongly recommend to update the cvs package. The update packages fix vulnerabilities which have been assigned the CAN numbers CAN-2004-0416, CAN-2004-0417 and CAN-2004-0418. The cvs packages shipped by SUSE (as well as our recent updates for CVS) are not vulnerable to CAN-2004-0414.", "cvss3": {}, "published": "2004-06-09T13:52:11", "type": "suse", "title": "remote command execution in cvs", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2004-0416", "CVE-2003-0987", "CVE-2004-0398", "CVE-2004-0418", "CVE-2004-0179", "CVE-2003-0993", "CVE-2004-0174", "CVE-2003-0020", "CVE-2004-0414", "CVE-2004-0417"], "modified": "2004-06-09T13:52:11", "id": "SUSE-SA:2004:015", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-06/msg00006.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}