Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5662.NASL
HistoryApr 16, 2024 - 12:00 a.m.

Debian dsa-5662 : apache2 - security update

2024-04-1600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
debian 11/12
apache http server
security update
vulnerability
out-of-bounds read
input validation
http/2 connection
slow loris attack
memory resources
http response splitting
http desynchronization attack
cve-2023
cve-2024

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

0.732 High

EPSS

Percentile

98.1%

JSON

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory.

  • Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server:
    through 2.4.57. (CVE-2023-31122)

  • Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709)

  • An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known slow loris attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. (CVE-2023-43622)

  • When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request’s memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During normal HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. (CVE-2023-45802)

  • HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. (CVE-2024-24795)

  • HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
    (CVE-2024-27316)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5662. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(193369);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/07");

  script_cve_id(
    "CVE-2023-31122",
    "CVE-2023-38709",
    "CVE-2023-43622",
    "CVE-2023-45802",
    "CVE-2024-24795",
    "CVE-2024-27316"
  );
  script_xref(name:"IAVA", value:"2023-A-0572-S");
  script_xref(name:"IAVA", value:"2024-A-0202");

  script_name(english:"Debian dsa-5662 : apache2 - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5662 advisory.

  - Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server:
    through 2.4.57. (CVE-2023-31122)

  - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators
    to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58. (CVE-2023-38709)

  - An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of
    that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the
    server, similar to the well known slow loris attack pattern. This has been fixed in version 2.4.58, so
    that such connection are terminated properly after the configured connection timeout. This issue affects
    Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which
    fixes the issue. (CVE-2023-43622)

  - When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory
    resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A
    client could send new requests and resets, keeping the connection busy and open and causing the memory
    footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run
    out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid
    Reset Exploit) with their own test client. During normal HTTP/2 use, the probability to hit this bug is
    very low. The kept memory would not become noticeable before the connection closes or times out. Users are
    recommended to upgrade to version 2.4.58, which fixes the issue. (CVE-2023-45802)

  - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject
    malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are
    recommended to upgrade to version 2.4.59, which fixes this issue. (CVE-2024-24795)

  - HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an
    informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
    (CVE-2024-27316)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/apache2");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-31122");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38709");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-43622");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-45802");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-24795");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-27316");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/apache2");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/apache2");
  script_set_attribute(attribute:"solution", value:
"Upgrade the apache2 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-27316");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-ssl-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-suexec-custom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-suexec-pristine");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apache2-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-md");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapache2-mod-proxy-uwsgi");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+|^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0 / 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'apache2', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'apache2-bin', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'apache2-data', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'apache2-dev', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'apache2-doc', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'apache2-ssl-dev', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'apache2-suexec-custom', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'apache2-suexec-pristine', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'apache2-utils', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libapache2-mod-md', 'reference': '2.4.59-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libapache2-mod-proxy-uwsgi', 'reference': '2.4.59-1~deb11u1'},
    {'release': '12.0', 'prefix': 'apache2', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'apache2-bin', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'apache2-data', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'apache2-dev', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'apache2-doc', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'apache2-ssl-dev', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'apache2-suexec-custom', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'apache2-suexec-pristine', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'apache2-utils', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libapache2-mod-md', 'reference': '2.4.59-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libapache2-mod-proxy-uwsgi', 'reference': '2.4.59-1~deb12u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dev / apache2-doc / etc');
}
VendorProductVersionCPE
debiandebian_linux11.0cpe:/o:debian:debian_linux:11.0
debiandebian_linuxapache2-datap-cpe:/a:debian:debian_linux:apache2-data
debiandebian_linuxapache2-suexec-customp-cpe:/a:debian:debian_linux:apache2-suexec-custom
debiandebian_linuxapache2-utilsp-cpe:/a:debian:debian_linux:apache2-utils
debiandebian_linuxlibapache2-mod-mdp-cpe:/a:debian:debian_linux:libapache2-mod-md
debiandebian_linuxapache2-suexec-pristinep-cpe:/a:debian:debian_linux:apache2-suexec-pristine
debiandebian_linuxapache2-binp-cpe:/a:debian:debian_linux:apache2-bin
debiandebian_linuxlibapache2-mod-proxy-uwsgip-cpe:/a:debian:debian_linux:libapache2-mod-proxy-uwsgi
debiandebian_linuxapache2-docp-cpe:/a:debian:debian_linux:apache2-doc
debiandebian_linuxapache2-devp-cpe:/a:debian:debian_linux:apache2-dev
Rows per page:
1-10 of 131

Related

osv 17
debian 2
openvas 43
nessus 62
mageia 2
slackware 2
ubuntu 4
amazon 3
kaspersky 2
freebsd 2
almalinux 2
redhat 5
rocky 1
photon 2
oraclelinux 3
fedora 7
ibm 9
prion 2
cvelist 4
nvd 3
redhatcve 4
debiancve 2
cve 1
attackerkb 1
alpinelinux 2
ubuntucve 3
f5 1
veracode 2
redos 3
cbl_mariner 1
vulnrichment 2
osv
osv
apache2 - security update
2024-04-16 00:00:00
apache2 - security update
2024-05-24 00:00:00
apache2 vulnerabilities
2024-04-29 11:31:21
debian
debian
[SECURITY] [DSA 5662-1] apache2 security update
2024-04-16 18:32:07
[SECURITY] [DLA 3818-1] apache2 security update
2024-05-25 11:06:45
openvas
openvas
Debian: Security Advisory (DSA-5662-1)
2024-04-17 00:00:00
Debian: Security Advisory (DLA-3818-1)
2024-05-27 00:00:00
Mageia: Security Advisory (MGASA-2023-0304)
2023-10-30 00:00:00
nessus
nessus
Debian dla-3818 : apache2 - security update
2024-05-25 00:00:00
Amazon Linux 2 : httpd (ALAS-2023-2322)
2023-11-02 00:00:00
FreeBSD : Apache httpd -- Multiple vulnerabilities (f923205f-6e66-11ee-85eb-84a93843eb75)
2023-10-19 00:00:00
mageia
mageia
Updated apache packages fix security vulnerabilities
2023-10-28 00:49:40
Updated apache packages fix security vulnerabilities
2024-04-10 07:03:52
slackware
slackware
[slackware-security] httpd
2024-04-04 19:16:44
[slackware-security] httpd
2023-10-19 19:21:22
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2024-04-17 00:00:00
Apache HTTP Server vulnerabilities
2023-11-22 00:00:00
Apache HTTP Server vulnerabilities
2024-04-11 00:00:00
amazon
amazon
Important: httpd24
2023-10-30 23:31:00
Important: httpd
2023-10-30 23:59:00
Medium: httpd
2024-04-24 22:15:00
kaspersky
kaspersky
KLA65470 Multiple vulnerabilities in Apache HTTP Server
2024-04-04 00:00:00
KLA61504 Multiple vulnerabilities in Apache HTTP Server
2023-10-19 00:00:00
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2023-10-19 00:00:00
Apache httpd -- multiple vulnerabilities
2024-04-04 00:00:00
almalinux
almalinux
Moderate: mod_http2 security update
2024-04-30 00:00:00
Moderate: httpd:2.4 security update
2024-05-22 00:00:00
redhat
redhat
(RHSA-2024:2368) Moderate: mod_http2 security update
2024-04-30 06:15:30
(RHSA-2024:2891) Moderate: httpd:2.4 security update
2024-05-16 11:37:17
(RHSA-2024:3121) Moderate: httpd:2.4 security update
2024-05-22 06:35:40
rocky
rocky
httpd:2.4 security update
2024-06-14 13:59:30
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0502
2023-11-01 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0680
2023-11-03 00:00:00
oraclelinux
oraclelinux
mod_http2 security update
2024-05-02 00:00:00
httpd:2.4 security update
2024-05-24 00:00:00
mod_http2 security update
2024-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: httpd-2.4.59-2.fc40
2024-04-19 21:45:00
[SECURITY] Fedora 38 Update: httpd-2.4.59-2.fc38
2024-05-04 02:19:58
[SECURITY] Fedora 39 Update: httpd-2.4.59-2.fc39
2024-05-03 01:33:21
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server in IBM Rational ClearQuest (CVE-2024-24795, CVE-2023-38709)
2024-04-22 11:02:48
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-24795, CVE-2023-38709]
2024-06-25 12:04:01
Security Bulletin: IBM HTTP Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server (CVE-2024-24795, CVE-2023-38709)
2024-04-10 15:21:26
prion
prion
Design/Logic Flaw
2023-10-23 07:15:00
Code injection
2023-10-23 07:15:00
cvelist
cvelist
CVE-2023-45802 Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST
2023-10-23 06:50:23
CVE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0
2023-10-23 06:50:51
CVE-2023-38709 Apache HTTP Server: HTTP response splitting
2024-04-04 19:19:35
nvd
nvd
CVE-2023-45802
2023-10-23 07:15:11
CVE-2024-27316
2024-04-04 20:15:08
CVE-2024-24795
2024-04-04 20:15:08
redhatcve
redhatcve
CVE-2023-45802
2023-10-19 19:44:57
CVE-2024-24795
2024-04-04 19:32:34
CVE-2024-27316
2024-04-03 19:27:03
debiancve
debiancve
CVE-2023-45802
2023-10-23 07:15:11
CVE-2023-38709
2024-04-04 20:15:08
cve
cve
CVE-2023-45802
2023-10-23 07:15:11
attackerkb
attackerkb
CVE-2023-44487
2023-10-10 00:00:00
alpinelinux
alpinelinux
CVE-2023-45802
2023-10-23 07:15:11
CVE-2024-27316
2024-04-04 20:15:08
ubuntucve
ubuntucve
CVE-2023-45802
2023-10-23 00:00:00
CVE-2024-24795
2024-04-04 00:00:00
CVE-2023-38709
2024-04-04 00:00:00
f5
f5
K000137327 : Apache mod_http2 vulnerability CVE-2023-45802
2023-10-23 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-10-21 07:38:44
HTTP Response Splitting
2024-04-10 21:30:32
redos
redos
ROS-20240425-01
2024-04-25 00:00:00
ROS-20240423-01
2024-04-23 00:00:00
ROS-20231030-05
2023-10-30 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-24795 affecting package httpd for versions less than 2.4.59-1
2024-05-06 17:48:02
vulnrichment
vulnrichment
CVE-2023-38709 Apache HTTP Server: HTTP response splitting
2024-04-04 19:19:35
CVE-2024-24795 Apache HTTP Server: HTTP Response Splitting in multiple modules
2024-04-04 19:20:48

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

0.732 High

EPSS

Percentile

98.1%

JSON
Related for DEBIAN_DSA-5662.NASL
osv17debian2openvas43nessus62mageia2slackware2ubuntu4amazon3kaspersky2freebsd2almalinux2redhat5rocky1photon2oraclelinux3fedora7ibm9prion2cvelist4nvd3redhatcve4debiancve2cve1attackerkb1alpinelinux2ubuntucve3f51veracode2redos3cbl_mariner1vulnrichment2