EulerOS Virtualization 2.10.1 httpd vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2053) | 14 Jul 202200:00 | – | openvas |
OpenVAS | Fedora: Security Advisory for httpd (FEDORA-2022-b4103753e9) | 23 Mar 202200:00 | – | openvas |
OpenVAS | Fedora: Security Advisory for httpd (FEDORA-2022-78e3211c55) | 27 Mar 202200:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2025) | 14 Jul 202200:00 | – | openvas |
OpenVAS | Fedora: Security Advisory for httpd (FEDORA-2022-21264ec6db) | 26 Mar 202200:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1730) | 25 May 202200:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-5333-1) | 18 Mar 202200:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2022:0918-1) | 22 Mar 202200:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1790) | 7 Jun 202200:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1893) | 17 Jun 202200:00 | – | openvas |
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(163204);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/18");
script_cve_id(
"CVE-2021-44224",
"CVE-2021-44790",
"CVE-2022-22719",
"CVE-2022-22720",
"CVE-2022-22721",
"CVE-2022-23943"
);
script_name(english:"EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2022-2053)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :
- A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL
pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for
requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This
issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). (CVE-2021-44224)
- A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser
(r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the
vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and
earlier. (CVE-2021-44790)
- A carefully crafted request body can cause a read to a random memory area which could cause the process to
crash. This issue affects Apache HTTP Server 2.4.52 and earlier. (CVE-2022-22719)
- Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered
discarding the request body, exposing the server to HTTP Request Smuggling (CVE-2022-22720)
- If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems
an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server
2.4.52 and earlier. (CVE-2022-22721)
- Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap
memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and
prior versions. (CVE-2022-23943)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2053
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3db9cdcc");
script_set_attribute(attribute:"solution", value:
"Update the affected httpd packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23943");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/20");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-filesystem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.10.1");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"httpd-2.4.43-4.h14.eulerosv2r10",
"httpd-filesystem-2.4.43-4.h14.eulerosv2r10",
"httpd-tools-2.4.43-4.h14.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo