EulerOS Virtualization 3.0.6.0 affected by Apache HTTP Server vulnerabilitie
Reporter | Title | Published | Views | Family All 162 |
---|---|---|---|---|
Tenable Nessus | Photon OS 3.0: Httpd PHSA-2020-3.0-0079 | 21 Apr 202000:00 | – | nessus |
Tenable Nessus | Photon OS 1.0: Httpd PHSA-2020-1.0-0290 | 29 Apr 202000:00 | – | nessus |
Tenable Nessus | Photon OS 2.0: Httpd PHSA-2020-2.0-0228 | 22 Apr 202000:00 | – | nessus |
Tenable Nessus | IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.18 / 9.0.0.0 < 9.0.5.4 Multiple Vulnerabilities (6191631) | 10 Dec 202000:00 | – | nessus |
Tenable Nessus | Amazon Linux 2 : httpd (ALAS-2020-1427) | 21 May 202000:00 | – | nessus |
Tenable Nessus | Apache 2.4.x < 2.4.43 Multiple Vulnerabilities | 10 Apr 202000:00 | – | nessus |
Tenable Nessus | EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2020-2224) | 21 Oct 202000:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP5 : httpd (EulerOS-SA-2020-1601) | 2 Jun 202000:00 | – | nessus |
Tenable Nessus | Amazon Linux AMI : httpd24 (ALAS-2020-1370) | 4 Jun 202000:00 | – | nessus |
Tenable Nessus | Apache 2.4.x < 2.4.42 Multiple Vulnerabilities | 10 Apr 202000:00 | – | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(137968);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/05");
script_cve_id("CVE-2020-1927", "CVE-2020-1934");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2020-1749)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the httpd packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp
may use uninitialized memory when proxying to a
malicious FTP server.(CVE-2020-1934)
- In Apache HTTP Server 2.4.0 to 2.4.41, redirects
configured with mod_rewrite that were intended to be
self-referential might be fooled by encoded newlines
and redirect instead to an an unexpected URL within the
request URL.(CVE-2020-1927)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1749
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?384a145d");
script_set_attribute(attribute:"solution", value:
"Update the affected httpd packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1927");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mod_ssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["httpd-2.4.6-80.1.h9.eulerosv2r7",
"httpd-tools-2.4.6-80.1.h9.eulerosv2r7",
"mod_ssl-2.4.6-80.1.h9.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo