According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.(CVE-2019-10098)
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.(CVE-2020-1927)
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.(CVE-2019-10092)
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.(CVE-2014-3523)
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.(CVE-2020-1934)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(140870);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/19");
script_cve_id(
"CVE-2014-3523",
"CVE-2019-10092",
"CVE-2019-10098",
"CVE-2020-1927",
"CVE-2020-1934"
);
script_bugtraq_id(68747);
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"EulerOS 2.0 SP3 : httpd (EulerOS-SA-2020-2103)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the httpd packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- In Apache HTTP server 2.4.0 to 2.4.39, Redirects
configured with mod_rewrite that were intended to be
self-referential might be fooled by encoded newlines
and redirect instead to an unexpected URL within the
request URL.(CVE-2019-10098)
- In Apache HTTP Server 2.4.0 to 2.4.41, redirects
configured with mod_rewrite that were intended to be
self-referential might be fooled by encoded newlines
and redirect instead to an an unexpected URL within the
request URL.(CVE-2020-1927)
- In Apache HTTP Server 2.4.0-2.4.39, a limited
cross-site scripting issue was reported affecting the
mod_proxy error page. An attacker could cause the link
on the error page to be malformed and instead point to
a page of their choice. This would only be exploitable
where a server was set up with proxying enabled but was
misconfigured in such a way that the Proxy Error page
was displayed.(CVE-2019-10092)
- Memory leak in the winnt_accept function in
server/mpm/winnt/child.c in the WinNT MPM in the Apache
HTTP Server 2.4.x before 2.4.10 on Windows, when the
default AcceptFilter is enabled, allows remote
attackers to cause a denial of service (memory
consumption) via crafted requests.(CVE-2014-3523)
- In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp
may use uninitialized memory when proxying to a
malicious FTP server.(CVE-2020-1934)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2103
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1b77a035");
script_set_attribute(attribute:"solution", value:
"Update the affected httpd packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1927");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-manual");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mod_ssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["httpd-2.4.6-45.0.1.4.h19",
"httpd-devel-2.4.6-45.0.1.4.h19",
"httpd-manual-2.4.6-45.0.1.4.h19",
"httpd-tools-2.4.6-45.0.1.4.h19",
"mod_ssl-2.4.6-45.0.1.4.h19"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
}
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | euleros | httpd | p-cpe:/a:huawei:euleros:httpd |
huawei | euleros | httpd-devel | p-cpe:/a:huawei:euleros:httpd-devel |
huawei | euleros | httpd-manual | p-cpe:/a:huawei:euleros:httpd-manual |
huawei | euleros | httpd-tools | p-cpe:/a:huawei:euleros:httpd-tools |
huawei | euleros | mod_ssl | p-cpe:/a:huawei:euleros:mod_ssl |
huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |