DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIAN_DSA-5035.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-5035-1 : apache2 - security update", "description": "The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5035 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2022-01-05T00:00:00", "modified": "2023-11-21T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/156466", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/buster/apache2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790", "https://www.debian.org/security/2022/dsa-5035", "https://security-tracker.debian.org/tracker/CVE-2021-44790", "https://packages.debian.org/source/bullseye/apache2", "https://security-tracker.debian.org/tracker/source-package/apache2", "https://security-tracker.debian.org/tracker/CVE-2021-44224", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224"], "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "immutableFields": [], "lastseen": "2023-12-01T15:06:07", "viewCount": 25, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0258", "ALSA-2022:1915"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-44224", "ALPINE:CVE-2021-44790"]}, {"type": "altlinux", "idList": ["596A9CAA9A81D5BD1227566BB6F78A4F", "61F1EA197CA661F7F50608E7BD35CFA3"]}, {"type": "amazon", "idList": ["ALAS-2022-1560", "ALAS2-2022-1737"]}, {"type": "apple", "idList": ["APPLE:63CA0F4232480C58A7826938831F5D5B", "APPLE:9A4969F10DDA950938D09FB74CC40FF8", "APPLE:E82A2A3D978FD519CBF58A36F587B070"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:7034", "CBLMARINER:7035", "CBLMARINER:7043", "CBLMARINER:7044"]}, {"type": "centos", "idList": ["CESA-2022:0143"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-1389"]}, {"type": "cisa", "idList": ["CISA:9A63A82185908DF2BCB5D41CDBBEDC3A"]}, {"type": "cnvd", "idList": ["CNVD-2021-102386", "CNVD-2021-102387"]}, {"type": "cve", "idList": ["CVE-2021-44224", "CVE-2021-44790"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2907-1:982EB", "DEBIAN:DSA-5035-1:9CF94"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-44224", "DEBIANCVE:CVE-2021-44790"]}, {"type": "exploitdb", "idList": ["EDB-ID:51193"]}, {"type": "f5", "idList": ["F5:K16090693", "F5:K53280389"]}, {"type": "fedora", "idList": ["FEDORA:495F130B9B1C", "FEDORA:55B1B31B81E8", "FEDORA:71CB730B3C94", "FEDORA:9BA73312EC38"]}, {"type": "fortinet", "idList": ["FG-IR-21-253"]}, {"type": "freebsd", "idList": ["CA982E2D-61A9-11EC-8BE6-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-202208-20"]}, {"type": "hackerone", "idList": ["H1:1434056"]}, {"type": "httpd", "idList": ["HTTPD:9BCBE3C14201AFC4B0F36F15CB40C0F8", "HTTPD:A7133572D328CD65C350E33F20834FAD"]}, {"type": "ibm", "idList": ["3B7F97F521F500AB20E9F9C2CEC2D1A756BBBEFB946AC3E47BE87698E90B1E30", "3D55A48846F1F0B47B953543BA99A7A4FBF1CA77F4CE17B39C0FB856F8E3237C", "402D27EE71FB983854BE2AF9D5F120FF6B97913A6343020A377730459665ED86", "4BCDF9C550D3ED72E14DD722120ADB03F42A150573F93F87AE411598D918A8C5", "6057C2D64AC48C014C9DC84FCD84146794FE149A5B6554007EFDD963A552D12F", "6081058175901D53AC76131FFD5892A9758A2B8B996DAE6C63CC02E20E7DBE9E", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "822E1A1C2A729D1391289F16CEBC1B291F0AAFF917670750096C9FC6C25ED3C4", "96080ECFBE42CEF2D63B1341838131BE1CCC2B5F08130E2F678CCDCE13FAE376", "B1B72DA8B731EA54273C4F12D37D64CB4C3470962BFA973B286468AA61409763", "C0C635C3D1BDFFF4279719843730FED33753DFD9A52C5B43AE4A48433A539739", "D9C7CED11B565FB246194D9A8673AFAE17E817623EA3BB7DC96C788D43582670", "DA688EF9C8D9386F2056674FA29514E843CCD7A040BA8ADC567D935F2C42DF7D", "DF16AB7A179048958DC2086B0A71FDB338ECAFCD8280E68E66D57BBC42D83CEC"]}, {"type": "ics", "idList": ["ICSA-22-132-02"]}, {"type": "kaspersky", "idList": ["KLA12400"]}, {"type": "mageia", "idList": ["MGASA-2021-0577"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-202.NASL", "AL2023_ALAS2023-2023-072.NASL", "ALA_ALAS-2022-1560.NASL", "ALMA_LINUX_ALSA-2022-0258.NASL", "ALMA_LINUX_ALSA-2022-1915.NASL", "APACHE_2_4_52.NASL", "APACHE_2_4_52_CVE-2021-44790.NASL", "CENTOS8_RHSA-2022-0258.NASL", "CENTOS8_RHSA-2022-1915.NASL", "CENTOS_RHSA-2022-0143.NASL", "DEBIAN_DLA-2907.NASL", "EULEROS_SA-2022-1290.NASL", "EULEROS_SA-2022-1306.NASL", "EULEROS_SA-2022-1326.NASL", "EULEROS_SA-2022-1349.NASL", "EULEROS_SA-2022-1488.NASL", "EULEROS_SA-2022-1507.NASL", "EULEROS_SA-2022-1671.NASL", "EULEROS_SA-2022-1730.NASL", "EULEROS_SA-2022-2025.NASL", "EULEROS_SA-2022-2053.NASL", "EULEROS_SA-2022-2506.NASL", "EULEROS_SA-2022-2564.NASL", "EULEROS_SA-2023-1074.NASL", "EULEROS_SA-2023-1260.NASL", "FREEBSD_PKG_CA982E2D61A911EC8BE6D4C9EF517024.NASL", "GENTOO_GLSA-202208-20.NASL", "MACOS_HT213255.NASL", "MACOS_HT213256.NASL", "MACOS_HT213257.NASL", "NEWSTART_CGSL_NS-SA-2022-0021_HTTPD.NASL", "NEWSTART_CGSL_NS-SA-2023-0011_HTTPD.NASL", "NEWSTART_CGSL_NS-SA-2023-1001_HTTPD.NASL", "NUTANIX_NXSA-AOS-5_20_3_5.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-6_0_2_6.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "OPENSUSE-2022-0091-1.NASL", "ORACLELINUX_ELSA-2022-0143.NASL", "ORACLELINUX_ELSA-2022-0258.NASL", "ORACLELINUX_ELSA-2022-1915.NASL", "ORACLE_HTTP_SERVER_CPU_APR_2022.NASL", "PHOTONOS_PHSA-2021-3_0-0346_HTTPD.NASL", "REDHAT-RHSA-2022-0143.NASL", "REDHAT-RHSA-2022-0258.NASL", "REDHAT-RHSA-2022-0288.NASL", "REDHAT-RHSA-2022-0303.NASL", "REDHAT-RHSA-2022-1136.NASL", "REDHAT-RHSA-2022-1137.NASL", "REDHAT-RHSA-2022-1138.NASL", "REDHAT-RHSA-2022-1139.NASL", "REDHAT-RHSA-2022-1915.NASL", "REDHAT-RHSA-2022-6753.NASL", "REDHAT-RHSA-2022-7143.NASL", "ROCKY_LINUX_RLSA-2022-0258.NASL", "ROCKY_LINUX_RLSA-2022-1915.NASL", "SECURITYCENTER_5_20_0_TNS_2022_01.NASL", "SLACKWARE_SSA_2021-354-01.NASL", "SL_20220118_HTTPD_ON_SL7_X.NASL", "SUSE_SU-2022-0065-1.NASL", "SUSE_SU-2022-0091-1.NASL", "SUSE_SU-2022-0091-2.NASL", "SUSE_SU-2022-0119-1.NASL", "SUSE_SU-2022-0440-1.NASL", "UBUNTU_USN-5212-1.NASL", "UBUNTU_USN-5212-2.NASL", "WEB_APPLICATION_SCANNING_113079"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUJAN2022", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0143", "ELSA-2022-0258", "ELSA-2022-1915"]}, {"type": "osv", "idList": ["OSV:CVE-2021-44224", "OSV:CVE-2021-44790", "OSV:DLA-2907-1", "OSV:DSA-5035-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:171631"]}, {"type": "photon", "idList": ["PHSA-2021-0346", "PHSA-2021-0427", "PHSA-2021-0458", "PHSA-2021-3.0-0346", "PHSA-2022-0142", "PHSA-2022-3.0-0346", "PHSA-2022-4.0-0142"]}, {"type": "prion", "idList": ["PRION:CVE-2021-44224", "PRION:CVE-2021-44790"]}, {"type": "redhat", "idList": ["RHSA-2022:0143", "RHSA-2022:0258", "RHSA-2022:0288", "RHSA-2022:0303", "RHSA-2022:0580", "RHSA-2022:0682", "RHSA-2022:1136", "RHSA-2022:1137", "RHSA-2022:1138", "RHSA-2022:1139", "RHSA-2022:1915", "RHSA-2022:6753", "RHSA-2022:7143", "RHSA-2022:7144"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-44224", "RH:CVE-2021-44790"]}, {"type": "redos", "idList": ["ROS-20211223-04"]}, {"type": "rocky", "idList": ["RLSA-2022:0258", "RLSA-2022:1915"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2023-2155", "ROSA-SA-2023-2158", "ROSA-SA-2023-2160"]}, {"type": "slackware", "idList": ["SSA-2021-354-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0091-1"]}, {"type": "thn", "idList": ["THN:368B6517F020AB4BF1B2344EDC8234A4"]}, {"type": "threatpost", "idList": ["THREATPOST:6BEB55D8FA8C618B09A43D9F8FFB921B"]}, {"type": "ubuntu", "idList": ["USN-5212-1", "USN-5212-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-44224", "UB:CVE-2021-44790"]}, {"type": "veracode", "idList": ["VERACODE:33417", "VERACODE:33419"]}, {"type": "zdt", "idList": ["1337DAY-ID-38427"]}]}, "score": {"value": 9.8, "uncertanity": 0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0258"]}, {"type": "amazon", "idList": ["ALAS-2022-1560"]}, {"type": "centos", "idList": ["CESA-2022:0143"]}, {"type": "cisa", "idList": ["CISA:9A63A82185908DF2BCB5D41CDBBEDC3A"]}, {"type": "cve", "idList": ["CVE-2021-44224", "CVE-2021-44790"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5035-1:9CF94"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-44224", "DEBIANCVE:CVE-2021-44790"]}, {"type": "f5", "idList": ["F5:K16090693", "F5:K53280389"]}, {"type": "fedora", "idList": ["FEDORA:55B1B31B81E8"]}, {"type": "freebsd", "idList": ["CA982E2D-61A9-11EC-8BE6-D4C9EF517024"]}, {"type": "hackerone", "idList": ["H1:1434056"]}, {"type": "ibm", "idList": ["7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE"]}, {"type": "kaspersky", "idList": ["KLA12400"]}, {"type": "nessus", "idList": ["ALA_ALAS-2022-1560.NASL", "FREEBSD_PKG_CA982E2D61A911EC8BE6D4C9EF517024.NASL", "OPENSUSE-2022-0091-1.NASL", "ORACLELINUX_ELSA-2022-0143.NASL", "PHOTONOS_PHSA-2021-3_0-0346_HTTPD.NASL", "REDHAT-RHSA-2022-0143.NASL", "SECURITYCENTER_5_20_0_TNS_2022_01.NASL", "SLACKWARE_SSA_2021-354-01.NASL", "SL_20220118_HTTPD_ON_SL7_X.NASL", "SUSE_SU-2022-0065-1.NASL", "SUSE_SU-2022-0091-1.NASL", "SUSE_SU-2022-0091-2.NASL", "SUSE_SU-2022-0119-1.NASL", "SUSE_SU-2022-0440-1.NASL", "UBUNTU_USN-5212-1.NASL", "UBUNTU_USN-5212-2.NASL", "WEB_APPLICATION_SCANNING_113079"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107444"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0143", "ELSA-2022-0258"]}, {"type": "photon", "idList": ["PHSA-2022-3.0-0346"]}, {"type": "redhat", "idList": ["RHSA-2022:0580"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-44224", "RH:CVE-2021-44790"]}, {"type": "slackware", "idList": ["SSA-2021-354-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0091-1"]}, {"type": "thn", "idList": ["THN:368B6517F020AB4BF1B2344EDC8234A4"]}, {"type": "threatpost", "idList": ["THREATPOST:6BEB55D8FA8C618B09A43D9F8FFB921B"]}, {"type": "ubuntu", "idList": ["USN-5212-1", "USN-5212-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-44224", "UB:CVE-2021-44790"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-44224", "epss": 0.77905, "percentile": 0.97712, "modified": "2023-05-02"}, {"cve": "CVE-2021-44790", "epss": 0.2818, "percentile": 0.96153, "modified": "2023-05-02"}], "vulnersScore": 9.8}, "_state": {"dependencies": 1701455110, "score": 1701455782, "epss": 0}, "_internal": {"score_hash": "c71542966dc4ea14b2165c52b165109f"}, "pluginID": "156466", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5035. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156466);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/21\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"Debian DSA-5035-1 : apache2 - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5035 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/apache2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/apache2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/apache2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the apache2 packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.4.52-1~deb11u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-ssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-pristine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-proxy-uwsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'apache2', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'apache2-bin', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'apache2-data', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'apache2-dev', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'apache2-doc', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'apache2-ssl-dev', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'apache2-suexec-custom', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'apache2-suexec-pristine', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'apache2-utils', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'libapache2-mod-md', 'reference': '2.4.38-3+deb10u7'},\n {'release': '10.0', 'prefix': 'libapache2-mod-proxy-uwsgi', 'reference': '2.4.38-3+deb10u7'},\n {'release': '11.0', 'prefix': 'apache2', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'apache2-bin', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'apache2-data', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'apache2-dev', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'apache2-doc', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'apache2-ssl-dev', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'apache2-suexec-custom', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'apache2-suexec-pristine', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'apache2-utils', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'libapache2-mod-md', 'reference': '2.4.52-1~deb11u2'},\n {'release': '11.0', 'prefix': 'libapache2-mod-proxy-uwsgi', 'reference': '2.4.52-1~deb11u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dev / apache2-doc / etc');\n}\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-bin", "p-cpe:/a:debian:debian_linux:apache2-data", "p-cpe:/a:debian:debian_linux:apache2-dev", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-ssl-dev", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-suexec-pristine", "p-cpe:/a:debian:debian_linux:apache2-utils", "p-cpe:/a:debian:debian_linux:libapache2-mod-md", "p-cpe:/a:debian:debian_linux:libapache2-mod-proxy-uwsgi", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0"], "solution": "Upgrade the apache2 packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.4.52-1~deb11u2.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-44790", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-01-04T00:00:00", "vulnerabilityPublicationDate": "2021-12-20T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-12-01T15:06:10", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0091-2 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-21T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:0091-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-event", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0091-2.NASL", "href": "https://www.tenable.com/plugins/nessus/156923", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0091-2. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156923);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0091-2\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:0091-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0091-2 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44790\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010042.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b35ca336\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected apache2-event package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-event-2.4.51-3.37.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-event');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:11:23", "description": "The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2907 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-02T00:00:00", "type": "nessus", "title": "Debian DLA-2907-1 : apache2 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-17T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2-dev", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-ssl-dev", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-suexec-pristine", "p-cpe:/a:debian:debian_linux:apache2-utils", "cpe:/o:debian:debian_linux:9.0", "p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-bin", "p-cpe:/a:debian:debian_linux:apache2-data", "p-cpe:/a:debian:debian_linux:apache2-dbg"], "id": "DEBIAN_DLA-2907.NASL", "href": "https://www.tenable.com/plugins/nessus/157321", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2907. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157321);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"Debian DLA-2907-1 : apache2 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-2907 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/apache2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-2907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/apache2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the apache2 packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.4.25-3+deb9u12.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-ssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-pristine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'apache2', 'reference': '2.4.25-3+deb9u12'},\n {'release': '9.0', 'prefix': 'apache2-bin', 'reference': '2.4.25-3+deb9u12'},\n {'release': '9.0', 'prefix': 'apache2-data', 'reference': '2.4.25-3+deb9u12'},\n {'release': '9.0', 'prefix': 'apache2-dbg', 'reference': '2.4.25-3+deb9u12'},\n {'release': '9.0', 'prefix': 'apache2-dev', 'reference': '2.4.25-3+deb9u12'},\n {'release': '9.0', 'prefix': 'apache2-doc', 'reference': '2.4.25-3+deb9u12'},\n {'release': '9.0', 'prefix': 'apache2-ssl-dev', 'reference': '2.4.25-3+deb9u12'},\n {'release': '9.0', 'prefix': 'apache2-suexec-custom', 'reference': '2.4.25-3+deb9u12'},\n {'release': '9.0', 'prefix': 'apache2-suexec-pristine', 'reference': '2.4.25-3+deb9u12'},\n {'release': '9.0', 'prefix': 'apache2-utils', 'reference': '2.4.25-3+deb9u12'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dbg / apache2-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:06:04", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0091-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2022:0091-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-event", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0091-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156776", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0091-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156776);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0091-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2022:0091-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0091-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44790\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010009.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?690f602a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-2.4.51-3.37.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'apache2-2.4.51-3.37.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'apache2-prefork-2.4.51-3.37.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'apache2-prefork-2.4.51-3.37.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'apache2-utils-2.4.51-3.37.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'apache2-utils-2.4.51-3.37.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'apache2-2.4.51-3.37.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apache2-2.4.51-3.37.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apache2-prefork-2.4.51-3.37.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apache2-prefork-2.4.51-3.37.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apache2-utils-2.4.51-3.37.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apache2-utils-2.4.51-3.37.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'apache2-event-2.4.51-3.37.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.3']},\n {'reference':'apache2-devel-2.4.51-3.37.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.2']},\n {'reference':'apache2-doc-2.4.51-3.37.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.2']},\n {'reference':'apache2-worker-2.4.51-3.37.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.2']},\n {'reference':'apache2-devel-2.4.51-3.37.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.3']},\n {'reference':'apache2-doc-2.4.51-3.37.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.3']},\n {'reference':'apache2-worker-2.4.51-3.37.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-server-applications-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-devel / apache2-doc / apache2-event / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:06:06", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0091-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-18T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : apache2 (openSUSE-SU-2022:0091-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-worker", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0091-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156778", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0091-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156778);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/20\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"openSUSE 15 Security Update : apache2 (openSUSE-SU-2022:0091-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0091-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193943\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LQX4BVMFKUTV6DOPDTL26H5DQJJFUPXZ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbb79ac6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'apache2-2.4.51-3.37.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-devel-2.4.51-3.37.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-event-2.4.51-3.37.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-example-pages-2.4.51-3.37.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-prefork-2.4.51-3.37.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-utils-2.4.51-3.37.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'apache2-worker-2.4.51-3.37.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-devel / apache2-event / apache2-example-pages / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:11:22", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0440-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:0440-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0440-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158128", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0440-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158128);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0440-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:0440-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0440-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44790\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010231.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38f59bdc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-2.4.51-35.7.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-doc-2.4.51-35.7.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-example-pages-2.4.51-35.7.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-prefork-2.4.51-35.7.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-utils-2.4.51-35.7.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-worker-2.4.51-35.7.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'apache2-devel-2.4.51-35.7.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'apache2-2.4.51-35.7.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-doc-2.4.51-35.7.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-example-pages-2.4.51-35.7.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-prefork-2.4.51-35.7.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-utils-2.4.51-35.7.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'apache2-worker-2.4.51-35.7.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-devel / apache2-doc / apache2-example-pages / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:56", "description": "The version of httpd24 installed on the remote host is prior to 2.4.52-1.95. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1560 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd24 (ALAS-2022-1560)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd24", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_md", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:mod24_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1560.NASL", "href": "https://www.tenable.com/plugins/nessus/156868", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1560.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156868);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/20\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"ALAS\", value:\"2022-1560\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 (ALAS-2022-1560)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of httpd24 installed on the remote host is prior to 2.4.52-1.95. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2022-1560 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1560.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44224.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44790.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update httpd24' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'httpd24-2.4.52-1.95.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-2.4.52-1.95.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-debuginfo-2.4.52-1.95.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-debuginfo-2.4.52-1.95.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-devel-2.4.52-1.95.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-devel-2.4.52-1.95.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-manual-2.4.52-1.95.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-tools-2.4.52-1.95.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-tools-2.4.52-1.95.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_ldap-2.4.52-1.95.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_ldap-2.4.52-1.95.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_md-2.4.52-1.95.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_md-2.4.52-1.95.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_proxy_html-2.4.52-1.95.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_proxy_html-2.4.52-1.95.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_session-2.4.52-1.95.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_session-2.4.52-1.95.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_ssl-2.4.52-1.95.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod24_ssl-2.4.52-1.95.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:06:06", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0119-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-19T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:0119-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0119-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156808", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0119-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156808);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0119-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:0119-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0119-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44790\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010025.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?280226d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-doc-2.4.33-3.61.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-doc-2.4.33-3.61.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-doc-2.4.33-3.61.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-doc-2.4.33-3.61.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-doc-2.4.33-3.61.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-doc-2.4.33-3.61.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'apache2-2.4.33-3.61.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'apache2-devel-2.4.33-3.61.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'apache2-prefork-2.4.33-3.61.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'apache2-utils-2.4.33-3.61.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'apache2-worker-2.4.33-3.61.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-devel / apache2-doc / apache2-prefork / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:23", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5212-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-5212-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "p-cpe:/a:canonical:ubuntu_linux:apache2-data", "p-cpe:/a:canonical:ubuntu_linux:apache2-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-ssl-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-md", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-uwsgi"], "id": "UBUNTU_USN-5212-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156544", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5212-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156544);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"USN\", value:\"5212-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-5212-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 / 21.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5212-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5212-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-ssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-uwsgi\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'apache2', 'pkgver': '2.4.29-1ubuntu4.21'},\n {'osver': '18.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.29-1ubuntu4.21'},\n {'osver': '18.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.29-1ubuntu4.21'},\n {'osver': '18.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.29-1ubuntu4.21'},\n {'osver': '18.04', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.29-1ubuntu4.21'},\n {'osver': '18.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.29-1ubuntu4.21'},\n {'osver': '18.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.29-1ubuntu4.21'},\n {'osver': '18.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.29-1ubuntu4.21'},\n {'osver': '20.04', 'pkgname': 'apache2', 'pkgver': '2.4.41-4ubuntu3.9'},\n {'osver': '20.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.41-4ubuntu3.9'},\n {'osver': '20.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.41-4ubuntu3.9'},\n {'osver': '20.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.41-4ubuntu3.9'},\n {'osver': '20.04', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.41-4ubuntu3.9'},\n {'osver': '20.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.41-4ubuntu3.9'},\n {'osver': '20.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.41-4ubuntu3.9'},\n {'osver': '20.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.41-4ubuntu3.9'},\n {'osver': '20.04', 'pkgname': 'libapache2-mod-md', 'pkgver': '2.4.41-4ubuntu3.9'},\n {'osver': '20.04', 'pkgname': 'libapache2-mod-proxy-uwsgi', 'pkgver': '2.4.41-4ubuntu3.9'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:12:28", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1306)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1306.NASL", "href": "https://www.tenable.com/plugins/nessus/158541", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158541);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1306)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1306\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b322ec84\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-24.h11.eulerosv2r9\",\n \"httpd-filesystem-2.4.34-24.h11.eulerosv2r9\",\n \"httpd-tools-2.4.34-24.h11.eulerosv2r9\",\n \"mod_ssl-2.4.34-24.h11.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:26:17", "description": "The version of Apache httpd installed on the remote host is equal to or greater than 2.4.7 and prior to 2.4.52.\nIt is, therefore, affected by a flaw related to acting as a forward proxy.\n\nA crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-23T00:00:00", "type": "nessus", "title": "Apache 2.4.x >= 2.4.7 / < 2.4.52 Forward Proxy DoS / SSRF", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-22T00:00:00", "cpe": ["cpe:/a:apache:httpd", "cpe:/a:apache:http_server"], "id": "APACHE_2_4_52.NASL", "href": "https://www.tenable.com/plugins/nessus/156255", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156255);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/22\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"Apache 2.4.x >= 2.4.7 / < 2.4.52 Forward Proxy DoS / SSRF\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a denial of service or server-side request forgery vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache httpd installed on the remote host is equal to or greater than 2.4.7 and prior to 2.4.52.\nIt is, therefore, affected by a flaw related to acting as a forward proxy.\n\nA crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\npointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\nrequests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.52 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nvar constraints = [\n { 'min_version' : '2.4.7', 'max_version' : '2.4.51', 'fixed_version' : '2.4.52' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:23", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0065-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:0065-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0065-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156701", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0065-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156701);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0065-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:0065-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0065-1 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44790\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2bdbb81c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3/4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'apache2-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-doc-2.4.23-29.83.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-example-pages-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-prefork-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-utils-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-worker-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'apache2-2.4.23-29.83.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-doc-2.4.23-29.83.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-example-pages-2.4.23-29.83.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-prefork-2.4.23-29.83.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-utils-2.4.23-29.83.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-worker-2.4.23-29.83.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'apache2-2.4.23-29.83.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-doc-2.4.23-29.83.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-example-pages-2.4.23-29.83.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-prefork-2.4.23-29.83.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-utils-2.4.23-29.83.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-worker-2.4.23-29.83.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'apache2-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-2.4.23-29.83.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-doc-2.4.23-29.83.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-doc-2.4.23-29.83.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-example-pages-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-example-pages-2.4.23-29.83.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-prefork-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-prefork-2.4.23-29.83.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-utils-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-utils-2.4.23-29.83.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-worker-2.4.23-29.83.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-worker-2.4.23-29.83.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'apache2-2.4.23-29.83.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-doc-2.4.23-29.83.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-example-pages-2.4.23-29.83.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-prefork-2.4.23-29.83.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-utils-2.4.23-29.83.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'apache2-worker-2.4.23-29.83.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-doc / apache2-example-pages / apache2-prefork / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:14:22", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1507)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-10-31T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1507.NASL", "href": "https://www.tenable.com/plugins/nessus/160017", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160017);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/31\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1507)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1507\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a053f66a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.43-4.h12.eulerosv2r10\",\n \"httpd-filesystem-2.4.43-4.h12.eulerosv2r10\",\n \"httpd-tools-2.4.43-4.h12.eulerosv2r10\",\n \"mod_ssl-2.4.43-4.h12.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T16:29:38", "description": "The version of httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-354-01 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-20T00:00:00", "type": "nessus", "title": "Slackware Linux 14.0 / 14.1 / 14.2 / current httpd Multiple Vulnerabilities (SSA:2021-354-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-22T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2021-354-01.NASL", "href": "https://www.tenable.com/plugins/nessus/156200", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Slackware Security Advisory SSA:2021-354-01. The text\n# itself is copyright (C) Slackware Linux, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156200);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/22\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n\n script_name(english:\"Slackware Linux 14.0 / 14.1 / 14.2 / current httpd Multiple Vulnerabilities (SSA:2021-354-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Slackware Linux host is missing a security update to httpd.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by multiple\nvulnerabilities as referenced in the SSA:2021-354-01 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Slackware Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\nvar flag = 0;\nvar constraints = [\n { 'fixed_version' : '2.4.52', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.0', 'service_pack' : '1_slack14.0', 'arch' : 'i486' },\n { 'fixed_version' : '2.4.52', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.0', 'service_pack' : '1_slack14.0', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.4.52', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.1', 'service_pack' : '1_slack14.1', 'arch' : 'i486' },\n { 'fixed_version' : '2.4.52', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.1', 'service_pack' : '1_slack14.1', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.4.52', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.2', 'service_pack' : '1_slack14.2', 'arch' : 'i586' },\n { 'fixed_version' : '2.4.52', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : '14.2', 'service_pack' : '1_slack14.2', 'arch' : 'x86_64' },\n { 'fixed_version' : '2.4.52', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i586' },\n { 'fixed_version' : '2.4.52', 'product' : 'httpd', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' }\n];\n\nforeach constraint (constraints) {\n var pkg_arch = constraint['arch'];\n var arch = NULL;\n if (pkg_arch == \"x86_64\") {\n arch = pkg_arch;\n }\n if (slackware_check(osver:constraint['os_version'],\n arch:arch,\n pkgname:constraint['product'],\n pkgver:constraint['fixed_version'],\n pkgarch:pkg_arch,\n pkgnum:constraint['service_pack'])) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : slackware_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:25:52", "description": "The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.52 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-21T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.52 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_113079", "href": "https://www.tenable.com/plugins/was/113079", "sourceData": "No source data", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:12:28", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1290)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1290.NASL", "href": "https://www.tenable.com/plugins/nessus/158529", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158529);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/07\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1290)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1290\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b64db391\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-24.h11.eulerosv2r9\",\n \"httpd-filesystem-2.4.34-24.h11.eulerosv2r9\",\n \"httpd-tools-2.4.34-24.h11.eulerosv2r9\",\n \"mod_ssl-2.4.34-24.h11.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:26:54", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ca982e2d-61a9-11ec-8be6-d4c9ef517024 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-20T00:00:00", "type": "nessus", "title": "FreeBSD : Apache httpd -- Multiple vulnerabilities (ca982e2d-61a9-11ec-8be6-d4c9ef517024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-22T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache24", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CA982E2D61A911EC8BE6D4C9EF517024.NASL", "href": "https://www.tenable.com/plugins/nessus/156199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156199);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/22\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n\n script_name(english:\"FreeBSD : Apache httpd -- Multiple vulnerabilities (ca982e2d-61a9-11ec-8be6-d4c9ef517024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ca982e2d-61a9-11ec-8be6-d4c9ef517024 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n # https://vuxml.freebsd.org/freebsd/ca982e2d-61a9-11ec-8be6-d4c9ef517024.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6401a966\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'apache24<2.4.52'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:00", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5212-2 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5212-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin", "p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk", "p-cpe:/a:canonical:ubuntu_linux:apache2-data", "p-cpe:/a:canonical:ubuntu_linux:apache2-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-macro", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-html", "cpe:/o:canonical:ubuntu_linux:16.04:-:esm"], "id": "UBUNTU_USN-5212-2.NASL", "href": "https://www.tenable.com/plugins/nessus/156568", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5212-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156568);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"USN\", value:\"5212-2\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5212-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5212-2 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5212-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-macro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-html\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'apache2', 'pkgver': '2.4.18-2ubuntu3.17+esm4'},\n {'osver': '16.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.18-2ubuntu3.17+esm4'},\n {'osver': '16.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.18-2ubuntu3.17+esm4'},\n {'osver': '16.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.18-2ubuntu3.17+esm4'},\n {'osver': '16.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.18-2ubuntu3.17+esm4'},\n {'osver': '16.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.18-2ubuntu3.17+esm4'},\n {'osver': '16.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.18-2ubuntu3.17+esm4'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:14:32", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1488)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1488.NASL", "href": "https://www.tenable.com/plugins/nessus/160002", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160002);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-1488)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1488\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?389473c9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.43-4.h12.eulerosv2r10\",\n \"httpd-filesystem-2.4.43-4.h12.eulerosv2r10\",\n \"httpd-tools-2.4.43-4.h12.eulerosv2r10\",\n \"mod_ssl-2.4.43-4.h12.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:12:27", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-1349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790"], "modified": "2023-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1349.NASL", "href": "https://www.tenable.com/plugins/nessus/159251", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159251);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-1349)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1349\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1401a017\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-8.h23.eulerosv2r8\",\n \"httpd-devel-2.4.34-8.h23.eulerosv2r8\",\n \"httpd-filesystem-2.4.34-8.h23.eulerosv2r8\",\n \"httpd-manual-2.4.34-8.h23.eulerosv2r8\",\n \"httpd-tools-2.4.34-8.h23.eulerosv2r8\",\n \"mod_session-2.4.34-8.h23.eulerosv2r8\",\n \"mod_ssl-2.4.34-8.h23.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:57", "description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.20.0 and is therefore affected by multiple vulnerabilities:\n\n- A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n- A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790) Note that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {}, "published": "2022-01-07T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter < 5.20.0 Multiple Vulnerabilities (TNS-2022-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-0130"], "modified": "2023-11-21T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_5_20_0_TNS_2022_01.NASL", "href": "https://www.tenable.com/plugins/nessus/156557", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156557);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/21\");\n\n script_cve_id(\"CVE-2021-44224\", \"CVE-2021-44790\", \"CVE-2022-0130\");\n\n script_name(english:\"Tenable SecurityCenter < 5.20.0 Multiple Vulnerabilities (TNS-2022-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less \nthan 5.20.0 and is therefore affected by multiple vulnerabilities:\n\n- A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer \n dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be \n directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP \n Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n- A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called \n from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible \n to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n \nNote that successful exploitation of the most serious issues can result in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2022-01\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the security patch referenced in the vendor advisory or upgrade to 5.20.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\");\n script_require_ports(\"installed_sw/SecurityCenter\");\n\n exit(0);\n}\n\ninclude('vcf_extras.inc');\n\nvar patches = make_list('SC-202201.1');\nvar app_info = vcf::tenable_sc::get_app_info();\n\nvcf::tenable_sc::check_for_patch(app_info:app_info, patches:patches);\n\nvar constraints = [\n { 'min_version' : '5.14.0', 'max_version': '5.15', 'fixed_display' : 'Upgrade to 5.20.0 or later'},\n { 'min_version' : '5.16.0', 'max_version' : '5.19.1', 'fixed_display' : 'Apply Patch SC-202201.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:17:23", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-07T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.0 : httpd (EulerOS-SA-2022-1671)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-10-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2022-1671.NASL", "href": "https://www.tenable.com/plugins/nessus/160697", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160697);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/30\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.0 : httpd (EulerOS-SA-2022-1671)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1671\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b59472a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-80.1.h15\",\n \"httpd-tools-2.4.6-80.1.h15\",\n \"mod_ssl-2.4.6-80.1.h15\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:25:27", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0303 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-08T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd24-httpd (RHSA-2022:0303)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ssl"], "id": "REDHAT-RHSA-2022-0303.NASL", "href": "https://www.tenable.com/plugins/nessus/164852", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0303. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164852);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/12\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"RHSA\", value:\"2022:0303\");\n\n script_name(english:\"RHEL 7 : httpd24-httpd (RHSA-2022:0303)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0303 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd24-httpd-2.4.34-23.el7.1', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-2.4.34-23.el7.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-2.4.34-23.el7.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-devel-2.4.34-23.el7.1', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-devel-2.4.34-23.el7.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-devel-2.4.34-23.el7.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-manual-2.4.34-23.el7.1', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-tools-2.4.34-23.el7.1', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-tools-2.4.34-23.el7.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-httpd-tools-2.4.34-23.el7.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_ldap-2.4.34-23.el7.1', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_ldap-2.4.34-23.el7.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_ldap-2.4.34-23.el7.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_proxy_html-2.4.34-23.el7.1', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_proxy_html-2.4.34-23.el7.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_proxy_html-2.4.34-23.el7.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_session-2.4.34-23.el7.1', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_session-2.4.34-23.el7.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_session-2.4.34-23.el7.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd24-mod_ssl-2.4.34-23.el7.1', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_ssl-2.4.34-23.el7.1', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'httpd24-mod_ssl-2.4.34-23.el7.1', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd24-httpd / httpd24-httpd-devel / httpd24-httpd-manual / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:12:34", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0258 advisory.\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-11T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : httpd:2.4 (ALSA-2022:0258)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:alma:linux:httpd", "p-cpe:/a:alma:linux:httpd-devel", "p-cpe:/a:alma:linux:httpd-filesystem", "p-cpe:/a:alma:linux:httpd-manual", "p-cpe:/a:alma:linux:httpd-tools", "p-cpe:/a:alma:linux:mod_http2", "p-cpe:/a:alma:linux:mod_ldap", "p-cpe:/a:alma:linux:mod_md", "p-cpe:/a:alma:linux:mod_proxy_html", "p-cpe:/a:alma:linux:mod_session", "p-cpe:/a:alma:linux:mod_ssl", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-0258.NASL", "href": "https://www.tenable.com/plugins/nessus/158859", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:0258.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158859);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"ALSA\", value:\"2022:0258\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"AlmaLinux 8 : httpd:2.4 (ALSA-2022:0258)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2022:0258 advisory.\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-0258.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar module_ver = get_kb_item('Host/AlmaLinux/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar appstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module_el8.5.0+2609+b30d9eec', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module_el8.5.0+2609+b30d9eec', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:12:05", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : httpd (EulerOS-SA-2022-1326)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1326.NASL", "href": "https://www.tenable.com/plugins/nessus/159102", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159102);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"EulerOS 2.0 SP5 : httpd (EulerOS-SA-2022-1326)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1326\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77b12b08\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-80.1.h15.eulerosv2r7\",\n \"httpd-devel-2.4.6-80.1.h15.eulerosv2r7\",\n \"httpd-manual-2.4.6-80.1.h15.eulerosv2r7\",\n \"httpd-tools-2.4.6-80.1.h15.eulerosv2r7\",\n \"mod_session-2.4.6-80.1.h15.eulerosv2r7\",\n \"mod_ssl-2.4.6-80.1.h15.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:11", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0258 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "RHEL 8 : httpd:2.4 (RHSA-2022:0258)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-11-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-filesystem", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_http2", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_md", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-0258.NASL", "href": "https://www.tenable.com/plugins/nessus/157099", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0258. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157099);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"RHSA\", value:\"2022:0258\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"RHEL 8 : httpd:2.4 (RHSA-2022:0258)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0258 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'httpd:2.4': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-21.module+el8.2.0+13808+dea277df.3', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-21.module+el8.2.0+13808+dea277df.3', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-21.module+el8.2.0+13808+dea277df.3', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-21.module+el8.2.0+13808+dea277df.3', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-21.module+el8.2.0+13808+dea277df.3', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.11.3-3.module+el8.2.0+7758+84b4ca3e.1', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-21.module+el8.2.0+13808+dea277df.3', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-7.module+el8.2.0+5531+7e4d69a2', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-21.module+el8.2.0+13808+dea277df.3', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-21.module+el8.2.0+13808+dea277df.3', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-21.module+el8.2.0+13808+dea277df.3', 'sp':'2', 'release':'8', 'el_string':'el8.2.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-39.module+el8.4.0+13807+c8c001ae.3', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-39.module+el8.4.0+13807+c8c001ae.3', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-39.module+el8.4.0+13807+c8c001ae.3', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-39.module+el8.4.0+13807+c8c001ae.3', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-39.module+el8.4.0+13807+c8c001ae.3', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-39.module+el8.4.0+13807+c8c001ae.3', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'sp':'4', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-39.module+el8.4.0+13807+c8c001ae.3', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-39.module+el8.4.0+13807+c8c001ae.3', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-39.module+el8.4.0+13807+c8c001ae.3', 'sp':'4', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-43.module+el8.5.0+13806+b30d9eec.1', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:00", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0258 advisory.\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : httpd:2.4 (ELSA-2022-0258)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-11-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:mod_ssl", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:httpd-filesystem", "p-cpe:/a:oracle:linux:mod_http2", "p-cpe:/a:oracle:linux:mod_md"], "id": "ORACLELINUX_ELSA-2022-0258.NASL", "href": "https://www.tenable.com/plugins/nessus/157121", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-0258.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157121);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"Oracle Linux 8 : httpd:2.4 (ELSA-2022-0258)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-0258 advisory.\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-0258.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar appstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:06:08", "description": "An update of the httpd package has been released.\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)", "cvss3": {}, "published": "2022-01-10T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Httpd PHSA-2021-3.0-0346", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-11-21T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:httpd", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0346_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/156585", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0346. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156585);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/21\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"Photon OS 3.0: Httpd PHSA-2021-3.0-0346\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the httpd package has been released.\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-346.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'httpd-2.4.52-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'httpd-devel-2.4.52-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'httpd-docs-2.4.52-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'httpd-tools-2.4.52-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:06:07", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:0258 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "CentOS 8 : httpd:2.4 (CESA-2022:0258)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-11-17T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-filesystem", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_http2", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_md", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl"], "id": "CENTOS8_RHSA-2022-0258.NASL", "href": "https://www.tenable.com/plugins/nessus/157080", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:0258. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157080);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"RHSA\", value:\"2022:0258\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"CentOS 8 : httpd:2.4 (CESA-2022:0258)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2022:0258 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0258\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'httpd-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module_el8.4.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-43.module_el8.5.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-43.module_el8.5.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:26:21", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0288 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-08T00:00:00", "type": "nessus", "title": "RHEL 8 : httpd:2.4 (RHSA-2022:0288)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-10-12T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-filesystem", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_http2", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_md", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-0288.NASL", "href": "https://www.tenable.com/plugins/nessus/164873", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0288. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164873);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/12\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"RHSA\", value:\"2022:0288\");\n\n script_name(english:\"RHEL 8 : httpd:2.4 (RHSA-2022:0288)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0288 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'httpd:2.4': [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.11.3-3.module+el8.1.0+7763+babdfe5b.1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-16.module+el8.1.0+13809+822d170a.3', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:17:03", "description": "The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by a flaw related to mod_lua when handling multipart content. A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-24T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-10-26T00:00:00", "cpe": ["cpe:/a:apache:httpd", "cpe:/a:apache:http_server"], "id": "APACHE_2_4_52_CVE-2021-44790.NASL", "href": "https://www.tenable.com/plugins/nessus/161454", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161454);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/26\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a buffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by \na flaw related to mod_lua when handling multipart content. A carefully crafted request body can cause a \nbuffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd\nteam is not aware of an exploit for the vulnerability though it might be possible to craft one.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.52 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nvar constraints = [\n { 'min_version' : '2.4.0', 'max_version' : '2.4.51', 'fixed_version' : '2.4.52' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:31:09", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0258 advisory.\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-07T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : httpd:2.4 (RLSA-2022:0258)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790"], "modified": "2023-11-07T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:httpd", "p-cpe:/a:rocky:linux:httpd-debuginfo", "p-cpe:/a:rocky:linux:httpd-debugsource", "p-cpe:/a:rocky:linux:httpd-devel", "p-cpe:/a:rocky:linux:httpd-filesystem", "p-cpe:/a:rocky:linux:httpd-manual", "p-cpe:/a:rocky:linux:httpd-tools", "p-cpe:/a:rocky:linux:httpd-tools-debuginfo", "p-cpe:/a:rocky:linux:mod_http2", "p-cpe:/a:rocky:linux:mod_http2-debuginfo", "p-cpe:/a:rocky:linux:mod_http2-debugsource", "p-cpe:/a:rocky:linux:mod_ldap", "p-cpe:/a:rocky:linux:mod_ldap-debuginfo", "p-cpe:/a:rocky:linux:mod_md", "p-cpe:/a:rocky:linux:mod_md-debuginfo", "p-cpe:/a:rocky:linux:mod_md-debugsource", "p-cpe:/a:rocky:linux:mod_proxy_html", "p-cpe:/a:rocky:linux:mod_proxy_html-debuginfo", "p-cpe:/a:rocky:linux:mod_session", "p-cpe:/a:rocky:linux:mod_session-debuginfo", "p-cpe:/a:rocky:linux:mod_ssl", "p-cpe:/a:rocky:linux:mod_ssl-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-0258.NASL", "href": "https://www.tenable.com/plugins/nessus/185035", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:0258.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(185035);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/07\");\n\n script_cve_id(\"CVE-2021-44790\");\n script_xref(name:\"RLSA\", value:\"2022:0258\");\n\n script_name(english:\"Rocky Linux 8 : httpd:2.4 (RLSA-2022:0258)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2022:0258 advisory.\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:0258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2034674\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_http2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_http2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_md-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_md-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_proxy_html-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_ssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RockyLinux/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar appstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-39.module+el8.4.0+571+fd70afb1', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-39.module+el8.4.0+571+fd70afb1', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-3.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debuginfo-1.15.7-3.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debuginfo-1.15.7-3.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debuginfo-1.15.7-3.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debuginfo-1.15.7-3.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debugsource-1.15.7-3.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debugsource-1.15.7-3.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debugsource-1.15.7-3.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debugsource-1.15.7-3.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debugsource-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debugsource-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debugsource-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debugsource-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-debuginfo-2.4.37-39.module+el8.4.0+571+fd70afb1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-debuginfo-2.4.37-43.module+el8.5.0+714+5ec56ee8', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-debuginfo / httpd-debugsource / httpd-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:22:07", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2022-2025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-10-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2022-2025.NASL", "href": "https://www.tenable.com/plugins/nessus/163151", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163151);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/18\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2022-2025)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2025\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?84447ff8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-filesystem-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-tools-2.4.43-4.h14.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:21:53", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2022-2053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-10-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-tools", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-2053.NASL", "href": "https://www.tenable.com/plugins/nessus/163204", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163204);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/18\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2022-2053)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2053\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3db9cdcc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-filesystem-2.4.43-4.h14.eulerosv2r10\",\n \"httpd-tools-2.4.43-4.h14.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:15:22", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1139 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-02T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:1139)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-11-03T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.3", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1139.NASL", "href": "https://www.tenable.com/plugins/nessus/159470", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1139. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159470);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2021-44790\", \"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1139\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:1139)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1139 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 444, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.3')) audit(AUDIT_OS_NOT, 'Red Hat 7.3', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.3/x86_64/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.3/x86_64/os',\n 'content/aus/rhel/server/7/7.3/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-45.el7_3.8', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-45.el7_3.8', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:14:00", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1138 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-02T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:1138)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-11-03T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1138.NASL", "href": "https://www.tenable.com/plugins/nessus/159469", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1138. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159469);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2021-44790\", \"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1138\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:1138)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1138 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 444, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-67.el7_4.9', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-67.el7_4.9', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:15:21", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1137 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-02T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:1137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-11-03T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1137.NASL", "href": "https://www.tenable.com/plugins/nessus/159467", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1137. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159467);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2021-44790\", \"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1137\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:1137)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1137 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 444, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-90.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-90.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:14:22", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1136 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-02T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:1136)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-11-03T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1136.NASL", "href": "https://www.tenable.com/plugins/nessus/159468", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1136. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159468);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/03\");\n\n script_cve_id(\"CVE-2021-44790\", \"CVE-2022-22720\");\n script_xref(name:\"RHSA\", value:\"2022:1136\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0124-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:1136)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1136 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling\n (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-22720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1136\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064321\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(400, 444, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-89.el7_6.4', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-89.el7_6.4', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:06:42", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1915 advisory.\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow (CVE-2020-35452)\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : httpd:2.4 (ALSA-2022:1915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35452", "CVE-2021-33193", "CVE-2021-36160", "CVE-2021-44224"], "modified": "2023-10-27T00:00:00", "cpe": ["p-cpe:/a:alma:linux:httpd", "p-cpe:/a:alma:linux:httpd-devel", "p-cpe:/a:alma:linux:httpd-filesystem", "p-cpe:/a:alma:linux:httpd-manual", "p-cpe:/a:alma:linux:httpd-tools", "p-cpe:/a:alma:linux:mod_http2", "p-cpe:/a:alma:linux:mod_ldap", "p-cpe:/a:alma:linux:mod_md", "p-cpe:/a:alma:linux:mod_proxy_html", "p-cpe:/a:alma:linux:mod_session", "p-cpe:/a:alma:linux:mod_ssl", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-1915.NASL", "href": "https://www.tenable.com/plugins/nessus/161133", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:1915.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161133);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/27\");\n\n script_cve_id(\n \"CVE-2020-35452\",\n \"CVE-2021-33193\",\n \"CVE-2021-36160\",\n \"CVE-2021-44224\"\n );\n script_xref(name:\"ALSA\", value:\"2022:1915\");\n\n script_name(english:\"AlmaLinux 8 : httpd:2.4 (ALSA-2022:1915)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:1915 advisory.\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in\n mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team\n could create one, though some particular compiler and/or compilation option might make it possible, with\n limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow\n (CVE-2020-35452)\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead\n to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and\n crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-1915.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35452\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-44224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar module_ver = get_kb_item('Host/AlmaLinux/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar appstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module_el8.6.0+2872+fe0ff7aa', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module_el8.6.0+2872+fe0ff7aa', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:04:19", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1915 advisory.\n\n - httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)\n\n - httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n - httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n - httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "CentOS 8 : httpd:2.4 (CESA-2022:1915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35452", "CVE-2021-33193", "CVE-2021-36160", "CVE-2021-44224"], "modified": "2023-10-27T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-filesystem", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_http2", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_md", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl"], "id": "CENTOS8_RHSA-2022-1915.NASL", "href": "https://www.tenable.com/plugins/nessus/160957", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:1915. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160957);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/27\");\n\n script_cve_id(\n \"CVE-2020-35452\",\n \"CVE-2021-33193\",\n \"CVE-2021-36160\",\n \"CVE-2021-44224\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1915\");\n script_xref(name:\"IAVA\", value:\"2021-A-0259-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0171\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0440-S\");\n\n script_name(english:\"CentOS 8 : httpd:2.4 (CESA-2022:1915)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2022:1915 advisory.\n\n - httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)\n\n - httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n - httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n - httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1915\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35452\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-44224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'httpd-2.4.37-47.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-47.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-47.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-47.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-47.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-47.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module_el8.3.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-47.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-47.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-47.module_el8.6.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-47.module_el8.6.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:06:06", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1915 advisory.\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow (CVE-2020-35452)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : httpd:2.4 (ELSA-2022-1915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35452", "CVE-2021-33193", "CVE-2021-36160", "CVE-2021-44224"], "modified": "2023-10-27T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-filesystem", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_http2", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_md", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl"], "id": "ORACLELINUX_ELSA-2022-1915.NASL", "href": "https://www.tenable.com/plugins/nessus/161278", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-1915.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161278);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/27\");\n\n script_cve_id(\n \"CVE-2020-35452\",\n \"CVE-2021-33193\",\n \"CVE-2021-36160\",\n \"CVE-2021-44224\"\n );\n\n script_name(english:\"Oracle Linux 8 : httpd:2.4 (ELSA-2022-1915)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-1915 advisory.\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead\n to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in\n mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team\n could create one, though some particular compiler and/or compilation option might make it possible, with\n limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow\n (CVE-2020-35452)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and\n crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-1915.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35452\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-44224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar appstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module+el8.6.0+20548+01710940', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module+el8.6.0+20548+01710940', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-47.0.1.module+el8.6.0+20649+083145da.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:32:40", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1915 advisory.\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow (CVE-2020-35452)\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-06T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : httpd:2.4 (RLSA-2022:1915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35452", "CVE-2021-33193", "CVE-2021-36160", "CVE-2021-44224"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:httpd-debuginfo", "p-cpe:/a:rocky:linux:httpd", "p-cpe:/a:rocky:linux:mod_http2-debugsource", "p-cpe:/a:rocky:linux:httpd-filesystem", "p-cpe:/a:rocky:linux:mod_session", "p-cpe:/a:rocky:linux:mod_ssl", "p-cpe:/a:rocky:linux:mod_md", "p-cpe:/a:rocky:linux:mod_proxy_html", "p-cpe:/a:rocky:linux:mod_session-debuginfo", "p-cpe:/a:rocky:linux:httpd-manual", "p-cpe:/a:rocky:linux:httpd-tools", "p-cpe:/a:rocky:linux:httpd-debugsource", "p-cpe:/a:rocky:linux:mod_http2-debuginfo", "p-cpe:/a:rocky:linux:mod_md-debugsource", "p-cpe:/a:rocky:linux:mod_proxy_html-debuginfo", "p-cpe:/a:rocky:linux:mod_http2", "p-cpe:/a:rocky:linux:mod_md-debuginfo", "p-cpe:/a:rocky:linux:mod_ssl-debuginfo", "p-cpe:/a:rocky:linux:httpd-devel", "p-cpe:/a:rocky:linux:httpd-tools-debuginfo", "p-cpe:/a:rocky:linux:mod_ldap", "p-cpe:/a:rocky:linux:mod_ldap-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-1915.NASL", "href": "https://www.tenable.com/plugins/nessus/184621", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:1915.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(184621);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2020-35452\",\n \"CVE-2021-33193\",\n \"CVE-2021-36160\",\n \"CVE-2021-44224\"\n );\n script_xref(name:\"RLSA\", value:\"2022:1915\");\n\n script_name(english:\"Rocky Linux 8 : httpd:2.4 (RLSA-2022:1915)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:1915 advisory.\n\n - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in\n mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team\n could create one, though some particular compiler and/or compilation option might make it possible, with\n limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow\n (CVE-2020-35452)\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead\n to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and\n crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:1915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1966724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1966728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1984828\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2001046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2005124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2034672\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35452\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-44224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:httpd-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_http2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_http2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_md-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_md-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_proxy_html-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:mod_ssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RockyLinux/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar appstreams = {\n 'httpd:2.4': [\n {'reference':'httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module+el8.6.0+823+f143cee1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debuginfo-1.15.7-5.module+el8.6.0+823+f143cee1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debuginfo-1.15.7-5.module+el8.6.0+823+f143cee1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debugsource-1.15.7-5.module+el8.6.0+823+f143cee1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-debugsource-1.15.7-5.module+el8.6.0+823+f143cee1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debugsource-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debugsource-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debugsource-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_md-debugsource-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-debuginfo-2.4.37-47.module+el8.6.0+823+f143cee1.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-debuginfo / httpd-debugsource / httpd-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-28T15:06:39", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1915 advisory.\n\n - httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)\n\n - httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n - httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n - httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "RHEL 8 : httpd:2.4 (RHSA-2022:1915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35452", "CVE-2021-33193", "CVE-2021-36160", "CVE-2021-44224"], "modified": "2023-10-27T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-filesystem", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_http2", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_md", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-1915.NASL", "href": "https://www.tenable.com/plugins/nessus/161044", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1915. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161044);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/27\");\n\n script_cve_id(\n \"CVE-2020-35452\",\n \"CVE-2021-33193\",\n \"CVE-2021-36160\",\n \"CVE-2021-44224\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0259-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0440-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0171\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"RHSA\", value:\"2022:1915\");\n\n script_name(english:\"RHEL 8 : httpd:2.4 (RHSA-2022:1915)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1915 advisory.\n\n - httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)\n\n - httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n - httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n - httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-36160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2005124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034672\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35452\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-44224\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 125, 476, 918);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'httpd:2.4': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-47.module+el8.6.0+14529+083145da.1', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-47.module+el8.6.0+14529+083145da.1', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-47.module+el8.6.0+14529+083145da.1', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module+el8.6.0+13996+01710940', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'sp':'6', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.37-47.module+el8.6.0+14529+083145da.1', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.37-47.module+el8.6.0+14529+083145da.1', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.37-47.module+el8.6.0+14529+083145da.1', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.37-47.module+el8.6.0+14529+083145da.1', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.37-47.module+el8.6.0+14529+083145da.1', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_http2-1.15.7-5.module+el8.6.0+13996+01710940', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.37-47.module+el8.6.0+14529+083145da.1', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.37-47.module+el8.6.0+14529+083145da.1', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.37-47.module+el8.6.0+14529+083145da.1', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.37-47.module+el8.6.0+14529+083145da.1', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/httpd');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\nif ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-filesystem / httpd-manual / httpd-tools / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-04T15:19:03", "description": "The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory.\n\n - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener (Apache HTTP Server)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server.\n CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). (CVE-2021-39275)\n\n - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2021-22901)\n\n - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP Server)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts).\n CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "Oracle HTTP Server (Apr 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-24977", "CVE-2021-22901", "CVE-2021-39275", "CVE-2021-44224"], "modified": "2023-11-01T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:http_server"], "id": "ORACLE_HTTP_SERVER_CPU_APR_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/159947", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159947);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\n \"CVE-2020-24977\",\n \"CVE-2021-22901\",\n \"CVE-2021-39275\",\n \"CVE-2021-44224\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0171\");\n\n script_name(english:\"Oracle HTTP Server (Apr 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced\nin the April 2022 CPU advisory.\n\n - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener\n (Apache HTTP Server)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise\n Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server.\n CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). (CVE-2021-39275)\n\n - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module\n (cURL)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit\n vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP\n Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1\n Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2021-22901)\n\n - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache\n HTTP Server)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable\n vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP\n Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete\n access to some of Oracle HTTP Server accessible data and unauthorized ability to cause a partial denial of\n service (partial DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts).\n CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). (CVE-2021-44224)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-39275\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:http_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_http_server_installed.nbin\");\n script_require_keys(\"Oracle/OHS/Installed\");\n\n exit(0);\n}\n\ninclude('oracle_http_server_patch_func.inc');\n\nget_kb_item_or_exit('Oracle/OHS/Installed');\nvar install_list = get_kb_list_or_exit('Oracle/OHS/*/EffectiveVersion');\n\nvar install = branch(install_list, key:TRUE, value:TRUE);\n\nvar patches = make_array();\npatches['12.2.1.3'] = make_array('fix_ver', '12.2.1.3.220315', 'patch', '33960919');\npatches['12.2.1.4'] = make_array('fix_ver', '12.2.1.4.220330', 'patch', '34015729');\n\noracle_http_server_check_vuln(\n install : install,\n min_patches : patches,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:06:06", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0143 advisory.\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow (CVE-2021-26691)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-18T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : httpd (ELSA-2022-0143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26691", "CVE-2021-34798", "CVE-2021-39275", "CVE-2021-44790"], "modified": "2023-11-20T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl"], "id": "ORACLELINUX_ELSA-2022-0143.NASL", "href": "https://www.tenable.com/plugins/nessus/156797", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-0143.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156797);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/20\");\n\n script_cve_id(\n \"CVE-2021-26691\",\n \"CVE-2021-34798\",\n \"CVE-2021-39275\",\n \"CVE-2021-44790\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0259-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0482\");\n script_xref(name:\"IAVA\", value:\"2021-A-0440-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"Oracle Linux 7 : httpd (ELSA-2022-0143)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-0143 advisory.\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server\n could cause a heap overflow (CVE-2021-26691)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP\n Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-0143.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'httpd-2.4.6-97.0.5.el7_9.4', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.6-97.0.5.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.0.5.el7_9.4', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.0.5.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-97.0.5.el7_9.4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.0.5.el7_9.4', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.0.5.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.0.5.el7_9.4', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.0.5.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-97.0.5.el7_9.4', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.6-97.0.5.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-97.0.5.el7_9.4', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.0.5.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-97.0.5.el7_9.4', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.6-97.0.5.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:17:04", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities:\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow (CVE-2021-26691)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2022-0021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26691", "CVE-2021-34798", "CVE-2021-39275", "CVE-2021-44790"], "modified": "2023-10-30T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:httpd", "cpe:/o:zte:cgsl_main:5", "cpe:/o:zte:cgsl_core:5", "p-cpe:/a:zte:cgsl_main:httpd", "p-cpe:/a:zte:cgsl_main:httpd-devel", "p-cpe:/a:zte:cgsl_main:httpd-manual", "p-cpe:/a:zte:cgsl_main:httpd-tools", "p-cpe:/a:zte:cgsl_main:mod_ssl", "p-cpe:/a:zte:cgsl_main:httpd-debuginfo", "p-cpe:/a:zte:cgsl_core:httpd-debuginfo", "p-cpe:/a:zte:cgsl_core:httpd-devel", "p-cpe:/a:zte:cgsl_core:httpd-manual", "p-cpe:/a:zte:cgsl_core:httpd-tools", "p-cpe:/a:zte:cgsl_core:mod_ldap", "p-cpe:/a:zte:cgsl_core:mod_proxy_html", "p-cpe:/a:zte:cgsl_core:mod_session", "p-cpe:/a:zte:cgsl_core:mod_ssl", "p-cpe:/a:zte:cgsl_main:mod_ldap", "p-cpe:/a:zte:cgsl_main:mod_proxy_html", "p-cpe:/a:zte:cgsl_main:mod_session"], "id": "NEWSTART_CGSL_NS-SA-2022-0021_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/160800", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0021. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160800);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/30\");\n\n script_cve_id(\n \"CVE-2021-26691\",\n \"CVE-2021-34798\",\n \"CVE-2021-39275\",\n \"CVE-2021-44790\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0259-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0482\");\n script_xref(name:\"IAVA\", value:\"2022-A-0175\");\n script_xref(name:\"IAVA\", value:\"2022-A-0171\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0440-S\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2022-0021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by\nmultiple vulnerabilities:\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server\n could cause a heap overflow (CVE-2021-26691)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP\n Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0021\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-26691\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-34798\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-39275\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-44790\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'httpd-2.4.6-97.el7_9.4',\n 'httpd-debuginfo-2.4.6-97.el7_9.4',\n 'httpd-devel-2.4.6-97.el7_9.4',\n 'httpd-manual-2.4.6-97.el7_9.4',\n 'httpd-tools-2.4.6-97.el7_9.4',\n 'mod_ldap-2.4.6-97.el7_9.4',\n 'mod_proxy_html-2.4.6-97.el7_9.4',\n 'mod_session-2.4.6-97.el7_9.4',\n 'mod_ssl-2.4.6-97.el7_9.4'\n ],\n 'CGSL MAIN 5.04': [\n 'httpd-2.4.6-97.el7_9.4',\n 'httpd-debuginfo-2.4.6-97.el7_9.4',\n 'httpd-devel-2.4.6-97.el7_9.4',\n 'httpd-manual-2.4.6-97.el7_9.4',\n 'httpd-tools-2.4.6-97.el7_9.4',\n 'mod_ldap-2.4.6-97.el7_9.4',\n 'mod_proxy_html-2.4.6-97.el7_9.4',\n 'mod_session-2.4.6-97.el7_9.4',\n 'mod_ssl-2.4.6-97.el7_9.4'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:25", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0143-1 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)\n\n - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n - httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL7.x x86_64 (2022:0143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26691", "CVE-2021-34798", "CVE-2021-39275", "CVE-2021-44790"], "modified": "2023-11-20T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ldap", "p-cpe:/a:fermilab:scientific_linux:mod_proxy_html", "p-cpe:/a:fermilab:scientific_linux:mod_session", "cpe:/o:fermilab:scientific_linux"], "id": "SL_20220118_HTTPD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/156803", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156803);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/20\");\n\n script_cve_id(\n \"CVE-2021-26691\",\n \"CVE-2021-34798\",\n \"CVE-2021-39275\",\n \"CVE-2021-44790\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0259-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0482\");\n script_xref(name:\"IAVA\", value:\"2021-A-0440-S\");\n script_xref(name:\"RHSA\", value:\"RHSA-2022:0143\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL7.x x86_64 (2022:0143)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2022:0143-1 advisory.\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\n - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)\n\n - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n - httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20220143-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'httpd-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-97.el7_9.4', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-debuginfo / httpd-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:24", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0143 advisory.\n\n - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)\n\n - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n - httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-17T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2022:0143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26691", "CVE-2021-34798", "CVE-2021-39275", "CVE-2021-44790"], "modified": "2023-11-20T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl"], "id": "REDHAT-RHSA-2022-0143.NASL", "href": "https://www.tenable.com/plugins/nessus/156774", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0143. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156774);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/20\");\n\n script_cve_id(\n \"CVE-2021-26691\",\n \"CVE-2021-34798\",\n \"CVE-2021-39275\",\n \"CVE-2021-44790\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0143\");\n script_xref(name:\"IAVA\", value:\"2021-A-0259-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0482\");\n script_xref(name:\"IAVA\", value:\"2021-A-0440-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2022:0143)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0143 advisory.\n\n - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)\n\n - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n - httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26691\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-34798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-39275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1966732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2005119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2005128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034674\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 400, 476, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'httpd-2.4.6-97.el7_9.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.6-97.el7_9.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.6-97.el7_9.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7_9.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7_9.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7_9.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-97.el7_9.4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7_9.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7_9.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7_9.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7_9.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7_9.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7_9.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-97.el7_9.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.6-97.el7_9.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.6-97.el7_9.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_proxy_html-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_session-2.4.6-97.el7_9.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.el7_9.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.el7_9.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-97.el7_9.4', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.6-97.el7_9.4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.6-97.el7_9.4', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mod_ssl-2.4.6-97.el7_9.4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T16:05:24", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : httpd (EulerOS-SA-2023-1074)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-34798", "CVE-2021-39275", "CVE-2021-40438", "CVE-2021-44790"], "modified": "2023-04-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2023-1074.NASL", "href": "https://www.tenable.com/plugins/nessus/169642", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169642);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/07\");\n\n script_cve_id(\n \"CVE-2021-34798\",\n \"CVE-2021-39275\",\n \"CVE-2021-40438\",\n \"CVE-2021-44790\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/12/15\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : httpd (EulerOS-SA-2023-1074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP\n Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the\n remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1074\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c847b6e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"x86\" >!< cpu) audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-80.1.h15.eulerosv2r7\",\n \"httpd-tools-2.4.6-80.1.h15.eulerosv2r7\",\n \"mod_ssl-2.4.6-80.1.h15.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:07:56", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:0143 advisory.\n\n - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)\n\n - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n - httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "CentOS 7 : httpd (CESA-2022:0143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26691", "CVE-2021-34798", "CVE-2021-39275", "CVE-2021-44790"], "modified": "2023-11-17T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2022-0143.NASL", "href": "https://www.tenable.com/plugins/nessus/157118", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0143 and\n# CentOS Errata and Security Advisory 2022:0143 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157118);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\n \"CVE-2021-26691\",\n \"CVE-2021-34798\",\n \"CVE-2021-39275\",\n \"CVE-2021-44790\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0259-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0482\");\n script_xref(name:\"IAVA\", value:\"2021-A-0440-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0604-S\");\n script_xref(name:\"RHSA\", value:\"2022:0143\");\n\n script_name(english:\"CentOS 7 : httpd (CESA-2022:0143)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2022:0143 advisory.\n\n - httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)\n\n - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n - httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n - httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2022-January/073551.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c1968c4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 400, 476, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'httpd-2.4.6-97.el7.centos.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.6-97.el7.centos.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.6-97.el7.centos.4', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.6-97.el7.centos.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.6-97.el7.centos.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.6-97.el7.centos.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.6-97.el7.centos.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.6-97.el7.centos.4', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:28:19", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2022-2564)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31813"], "modified": "2023-10-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-filesystem", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-2564.NASL", "href": "https://www.tenable.com/plugins/nessus/165955", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165955);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/10\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\",\n \"CVE-2022-30556\",\n \"CVE-2022-31813\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2022-2564)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point\n past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on\n client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on\n the origin server/application. (CVE-2022-31813)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2564\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92bc760b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31813\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.34-8.h25.eulerosv2r8\",\n \"httpd-devel-2.4.34-8.h25.eulerosv2r8\",\n \"httpd-filesystem-2.4.34-8.h25.eulerosv2r8\",\n \"httpd-manual-2.4.34-8.h25.eulerosv2r8\",\n \"httpd-tools-2.4.34-8.h25.eulerosv2r8\",\n \"mod_session-2.4.34-8.h25.eulerosv2r8\",\n \"mod_ssl-2.4.34-8.h25.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T13:04:05", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-072 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. (CVE-2022-28330)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28330", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31813"], "modified": "2023-04-21T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-core", "p-cpe:/a:amazon:linux:httpd-core-debuginfo", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-debugsource", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-filesystem", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:httpd-tools-debuginfo", "p-cpe:/a:amazon:linux:mod_ldap", "p-cpe:/a:amazon:linux:mod_ldap-debuginfo", "p-cpe:/a:amazon:linux:mod_lua", "p-cpe:/a:amazon:linux:mod_lua-debuginfo", "p-cpe:/a:amazon:linux:mod_proxy_html", "p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo", "p-cpe:/a:amazon:linux:mod_session", "p-cpe:/a:amazon:linux:mod_session-debuginfo", "p-cpe:/a:amazon:linux:mod_ssl", "p-cpe:/a:amazon:linux:mod_ssl-debuginfo", "cpe:/o:amazon:linux:2023"], "id": "AL2023_ALAS2023-2023-072.NASL", "href": "https://www.tenable.com/plugins/nessus/173084", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-072.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173084);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28330\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\",\n \"CVE-2022-30556\",\n \"CVE-2022-31813\"\n );\n\n script_name(english:\"Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2023 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-072 advisory.\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process\n requests with the mod_isapi module. (CVE-2022-28330)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point\n past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on\n client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on\n the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2023/ALAS-2023-072.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44224.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-44790.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22719.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22720.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-22721.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23943.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28614.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28615.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29404.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-30522.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-30556.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-31813.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update httpd --releasever=2023.0.20230222 ' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31813\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2023\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2023\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2023\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'httpd-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.54-3.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.54-3.amzn2023.0.4', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2023.0.4', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-core / httpd-core-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T15:30:03", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-202 advisory.\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. (CVE-2022-28330)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-04T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28330", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31813"], "modified": "2023-10-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-core", "p-cpe:/a:amazon:linux:httpd-core-debuginfo", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-debugsource", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-filesystem", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:httpd-tools-debuginfo", "p-cpe:/a:amazon:linux:mod_ldap", "p-cpe:/a:amazon:linux:mod_ldap-debuginfo", "p-cpe:/a:amazon:linux:mod_lua", "p-cpe:/a:amazon:linux:mod_lua-debuginfo", "p-cpe:/a:amazon:linux:mod_proxy_html", "p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo", "p-cpe:/a:amazon:linux:mod_session", "p-cpe:/a:amazon:linux:mod_session-debuginfo", "p-cpe:/a:amazon:linux:mod_ssl", "p-cpe:/a:amazon:linux:mod_ssl-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-202.NASL", "href": "https://www.tenable.com/plugins/nessus/167004", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-202.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167004);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/05\");\n\n script_cve_id(\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28330\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\",\n \"CVE-2022-30556\",\n \"CVE-2022-31813\"\n );\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-202)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-202 advisory.\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process\n requests with the mod_isapi module. (CVE-2022-28330)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point\n past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on\n client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on\n the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-202.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28614.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28615.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29404.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-30522.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-30556.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-31813.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update httpd --releasever=2022.0.20221102' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31813\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-filesystem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_lua-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_proxy_html-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_session-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'httpd-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-core-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-debugsource-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-devel-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-filesystem-2.4.54-3.amzn2022.0.3', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-manual-2.4.54-3.amzn2022.0.3', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'httpd-tools-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ldap-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_lua-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_proxy_html-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_session-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mod_ssl-debuginfo-2.4.54-3.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-core / httpd-core-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:17:23", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : httpd (EulerOS-SA-2022-1730)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943"], "modified": "2023-10-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1730.NASL", "href": "https://www.tenable.com/plugins/nessus/161557", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161557);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/26\");\n\n script_cve_id(\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : httpd (EulerOS-SA-2022-1730)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1730\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a10c7799\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-45.0.1.4.h26\",\n \"httpd-devel-2.4.6-45.0.1.4.h26\",\n \"httpd-manual-2.4.6-45.0.1.4.h26\",\n \"httpd-tools-2.4.6-45.0.1.4.h26\",\n \"mod_ssl-2.4.6-45.0.1.4.h26\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T14:02:39", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities:\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow (CVE-2021-26691)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-11T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2023-0011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26691", "CVE-2021-34798", "CVE-2021-39275", "CVE-2021-40438", "CVE-2021-44790", "CVE-2022-22720"], "modified": "2023-04-11T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:httpd", "p-cpe:/a:zte:cgsl_core:httpd-debuginfo", "p-cpe:/a:zte:cgsl_core:httpd-devel", "p-cpe:/a:zte:cgsl_core:httpd-manual", "p-cpe:/a:zte:cgsl_core:httpd-tools", "p-cpe:/a:zte:cgsl_core:mod_ldap", "p-cpe:/a:zte:cgsl_core:mod_proxy_html", "p-cpe:/a:zte:cgsl_core:mod_session", "p-cpe:/a:zte:cgsl_core:mod_ssl", "p-cpe:/a:zte:cgsl_main:httpd", "p-cpe:/a:zte:cgsl_main:httpd-debuginfo", "p-cpe:/a:zte:cgsl_main:httpd-devel", "p-cpe:/a:zte:cgsl_main:httpd-manual", "p-cpe:/a:zte:cgsl_main:httpd-tools", "p-cpe:/a:zte:cgsl_main:mod_ldap", "p-cpe:/a:zte:cgsl_main:mod_proxy_html", "p-cpe:/a:zte:cgsl_main:mod_session", "p-cpe:/a:zte:cgsl_main:mod_ssl", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2023-0011_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/174053", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2023-0011. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174053);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/11\");\n\n script_cve_id(\n \"CVE-2021-26691\",\n \"CVE-2021-34798\",\n \"CVE-2021-39275\",\n \"CVE-2021-40438\",\n \"CVE-2021-44790\",\n \"CVE-2022-22720\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/12/15\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2023-0011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by\nmultiple vulnerabilities:\n\n - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server\n could cause a heap overflow (CVE-2021-26691)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP\n Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the\n remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2023-0011\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-26691\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-34798\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-39275\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-40438\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-44790\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2022-22720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-22720\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar os_release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(os_release) || os_release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (os_release !~ \"CGSL CORE 5.05\" &&\n os_release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'httpd-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-debuginfo-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-devel-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-manual-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-tools-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_ldap-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_proxy_html-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_session-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_ssl-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66'\n ],\n 'CGSL MAIN 5.05': [\n 'httpd-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-debuginfo-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-devel-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-manual-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'httpd-tools-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_ldap-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_proxy_html-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_session-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66',\n 'mod_ssl-2.4.6-97.el7_9.5.cgslv5_5.0.2.gf2adb66'\n ]\n};\nvar pkg_list = pkgs[os_release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:02:31", "description": "The remote host is affected by the vulnerability described in GLSA-202208-20 (Apache HTTPD: Multiple Vulnerabilities)\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.\n (CVE-2021-41524)\n\n - A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration require all denied, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. (CVE-2021-41773)\n\n - It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration require all denied, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. (CVE-2021-42013)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-15T00:00:00", "type": "nessus", "title": "GLSA-202208-20 : Apache HTTPD: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33193", "CVE-2021-34798", "CVE-2021-36160", "CVE-2021-39275", "CVE-2021-40438", "CVE-2021-41524", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-44224", "CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31813"], "modified": "2023-10-16T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "p-cpe:/a:gentoo:linux:apache-tools", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202208-20.NASL", "href": "https://www.tenable.com/plugins/nessus/164114", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202208-20.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164114);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2021-33193\",\n \"CVE-2021-34798\",\n \"CVE-2021-36160\",\n \"CVE-2021-39275\",\n \"CVE-2021-40438\",\n \"CVE-2021-41524\",\n \"CVE-2021-41773\",\n \"CVE-2021-42013\",\n \"CVE-2021-44224\",\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\",\n \"CVE-2022-30556\",\n \"CVE-2022-31813\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/12/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0046\");\n\n script_name(english:\"GLSA-202208-20 : Apache HTTPD: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202208-20 (Apache HTTPD: Multiple Vulnerabilities)\n\n - A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead\n to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.\n (CVE-2021-33193)\n\n - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP\n Server 2.4.48 and earlier. (CVE-2021-34798)\n\n - A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and\n crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). (CVE-2021-36160)\n\n - ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules\n pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache\n HTTP Server 2.4.48 and earlier. (CVE-2021-39275)\n\n - A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the\n remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)\n\n - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request\n processing, allowing an external source to DoS the server. This requires a specially crafted request. The\n vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.\n (CVE-2021-41524)\n\n - A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could\n use a path traversal attack to map URLs to files outside the directories configured by Alias-like\n directives. If files outside of these directories are not protected by the usual default configuration\n require all denied, these requests can succeed. If CGI scripts are also enabled for these aliased\n pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This\n issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found\n to be incomplete, see CVE-2021-42013. (CVE-2021-41773)\n\n - It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker\n could use a path traversal attack to map URLs to files outside the directories configured by Alias-like\n directives. If files outside of these directories are not protected by the usual default configuration\n require all denied, these requests can succeed. If CGI scripts are also enabled for these aliased\n pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache\n 2.4.50 and not earlier versions. (CVE-2021-42013)\n\n - A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL\n pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for\n requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This\n issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\n - Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point\n past the end of the storage allocated for the buffer. (CVE-2022-30556)\n\n - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on\n client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on\n the origin server/application. (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202208-20\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=813429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=816399\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=816864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=829722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=835131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=850622\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-servers/apache-2.4.54\n \nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=app-admin/apache-tools-2.4.54\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-31813\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache 2.4.50 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache 2.4.49/2.4.50 Traversal RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : \"app-admin/apache-tools\",\n 'unaffected' : make_list(\"ge 2.4.54\"),\n 'vulnerable' : make_list(\"lt 2.4.54\")\n },\n {\n 'name' : \"www-servers/apache\",\n 'unaffected' : make_list(\"ge 2.4.54\"),\n 'vulnerable' : make_list(\"lt 2.4.54\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache HTTPD\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:27:56", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2022-2506)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-44790", "CVE-2022-22719", "CVE-2022-22720", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522"], "modified": "2023-10-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_session", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2022-2506.NASL", "href": "https://www.tenable.com/plugins/nessus/165921", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165921);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/10\");\n\n script_cve_id(\n \"CVE-2021-44790\",\n \"CVE-2022-22719\",\n \"CVE-2022-22720\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : httpd (EulerOS-SA-2022-2506)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser\n (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the\n vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and\n earlier. (CVE-2021-44790)\n\n - A carefully crafted request body can cause a read to a random memory area which could cause the process to\n crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)\n\n - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered\n discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)\n\n - If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems\n an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server\n 2.4.52 and earlier. (CVE-2022-22721)\n\n - Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap\n memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and\n prior versions. (CVE-2022-23943)\n\n - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of\n Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This\n issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.\n (CVE-2022-26377)\n\n - The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an\n attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with\n mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use\n the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against\n current headers to resolve the issue. (CVE-2022-28614)\n\n - Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in\n ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the\n server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may\n hypothetically be affected. (CVE-2022-28615)\n\n - In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0)\n may cause a denial of service due to no default limit on possible input size. (CVE-2022-29404)\n\n - If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input\n to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.\n (CVE-2022-30522)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2506\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf285a56\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23943\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"httpd-2.4.6-80.1.h17.eulerosv2r7\",\n \"httpd-devel-2.4.6-80.1.h17.eulerosv2r7\",\n \"httpd-manual-2.4.6-80.1.h17.eulerosv2r7\",\n \"httpd-tools-2.4.6-80.1.h17.eulerosv2r7\",\n \"mod_session-2.4.6-80.1.h17.eulerosv2r7\",\n \"mod_ssl-2.4.6-80.1.h17.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:06:14", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6753 advisory.\n\n - httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n - httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n - httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n - httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\n - httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)\n\n - httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)\n\n - httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n - httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n - httpd: Out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n - httpd: Out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n - httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n - httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n - httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\n - httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd24-httpd (RHSA-2022:6753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33193", "CVE-2021-34798", "CVE-2021-36160", "CVE-2021-39275", "CVE-2021-44224", "CVE-2022-22719", "CVE-2022-22721", "CVE-2022-23943", "CVE-2022-26377", "CVE-2022-28614", "CVE-2022-28615", "CVE-2022-29404", "CVE-2022-30522", "CVE-2022-30556", "CVE-2022-31813"], "modified": "2023-10-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ssl"], "id": "REDHAT-RHSA-2022-6753.NASL", "href": "https://www.tenable.com/plugins/nessus/165553", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6753. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165553);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/10\");\n\n script_cve_id(\n \"CVE-2021-33193\",\n \"CVE-2021-34798\",\n \"CVE-2021-36160\",\n \"CVE-2021-39275\",\n \"CVE-2021-44224\",\n \"CVE-2022-22719\",\n \"CVE-2022-22721\",\n \"CVE-2022-23943\",\n \"CVE-2022-26377\",\n \"CVE-2022-28614\",\n \"CVE-2022-28615\",\n \"CVE-2022-29404\",\n \"CVE-2022-30522\",\n \"CVE-2022-30556\",\n \"CVE-2022-31813\"\n );\n script_xref(name:\"RHSA\", value:\"2022:6753\");\n\n script_name(english:\"RHEL 7 : httpd24-httpd (RHSA-2022:6753)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:6753 advisory.\n\n - httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n - httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n - httpd: mod