EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1289)

2020-03-2300:00:00

www.tenable.com

7 High

AI Score

Confidence

Low

JSON

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.(CVE-2019-10092)
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.(CVE-2019-10098)
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set ‘H2Upgrade on’ are unaffected by this issue.(CVE-2019-0197)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(134781);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/21");

  script_cve_id("CVE-2019-0197", "CVE-2019-10092", "CVE-2019-10098");
  script_xref(name:"CEA-ID", value:"CEA-2019-0203");

  script_name(english:"EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1289)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the httpd packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - In Apache HTTP Server 2.4.0-2.4.39, a limited
    cross-site scripting issue was reported affecting the
    mod_proxy error page. An attacker could cause the link
    on the error page to be malformed and instead point to
    a page of their choice. This would only be exploitable
    where a server was set up with proxying enabled but was
    misconfigured in such a way that the Proxy Error page
    was displayed.(CVE-2019-10092)

  - In Apache HTTP server 2.4.0 to 2.4.39, Redirects
    configured with mod_rewrite that were intended to be
    self-referential might be fooled by encoded newlines
    and redirect instead to an unexpected URL within the
    request URL.(CVE-2019-10098)

  - A vulnerability was found in Apache HTTP Server 2.4.34
    to 2.4.38. When HTTP/2 was enabled for a http: host or
    H2Upgrade was enabled for h2 on a https: host, an
    Upgrade request from http/1.1 to http/2 that was not
    the first request on a connection could lead to a
    misconfiguration and crash. Server that never enabled
    the h2 protocol or that only enabled it for https: and
    did not set 'H2Upgrade on' are unaffected by this
    issue.(CVE-2019-0197)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1289
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9b03eedc");
  script_set_attribute(attribute:"solution", value:
"Update the affected httpd packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10098");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mod_session");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["httpd-2.4.34-8.h12.eulerosv2r8",
        "httpd-devel-2.4.34-8.h12.eulerosv2r8",
        "httpd-filesystem-2.4.34-8.h12.eulerosv2r8",
        "httpd-manual-2.4.34-8.h12.eulerosv2r8",
        "httpd-tools-2.4.34-8.h12.eulerosv2r8",
        "mod_session-2.4.34-8.h12.eulerosv2r8",
        "mod_ssl-2.4.34-8.h12.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
}

VendorProductVersionCPE
huaweieuleroshttpdp-cpe:/a:huawei:euleros:httpd
huaweieuleroshttpd-develp-cpe:/a:huawei:euleros:httpd-devel
huaweieuleroshttpd-filesystemp-cpe:/a:huawei:euleros:httpd-filesystem
huaweieuleroshttpd-manualp-cpe:/a:huawei:euleros:httpd-manual
huaweieuleroshttpd-toolsp-cpe:/a:huawei:euleros:httpd-tools
huaweieulerosmod_sessionp-cpe:/a:huawei:euleros:mod_session
huaweieulerosmod_sslp-cpe:/a:huawei:euleros:mod_ssl
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Vendor	Product	Version	CPE
huawei	euleros	httpd	p-cpe:/a:huawei:euleros:httpd
huawei	euleros	httpd-devel	p-cpe:/a:huawei:euleros:httpd-devel
huawei	euleros	httpd-filesystem	p-cpe:/a:huawei:euleros:httpd-filesystem
huawei	euleros	httpd-manual	p-cpe:/a:huawei:euleros:httpd-manual
huawei	euleros	httpd-tools	p-cpe:/a:huawei:euleros:httpd-tools
huawei	euleros	mod_session	p-cpe:/a:huawei:euleros:mod_session
huawei	euleros	mod_ssl	p-cpe:/a:huawei:euleros:mod_ssl
huawei	euleros	2.0	cpe:/o:huawei:euleros:2.0