Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL15889.NASL
HistoryDec 05, 2014 - 12:00 a.m.

F5 Networks BIG-IP : Apache HTTP server vulnerabilities (SOL15889)

2014-12-0500:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36
JSON

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution SOL15889.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(79733);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");

  script_cve_id("CVE-2011-3368", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053");
  script_bugtraq_id(49957, 50802, 51705);

  script_name(english:"F5 Networks BIG-IP : Apache HTTP server vulnerabilities (SOL15889)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,
2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly
interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern
matches for configuration of a reverse proxy, which allows remote
attackers to send requests to intranet servers via a malformed URI
containing an initial @ (at sign) character."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K15889"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL15889."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "SOL15889";
vmatrix = make_array();

if (report_paranoia < 2) audit(AUDIT_PARANOID);

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("11.0.0-11.1.0","10.1.0-10.2.4");
vmatrix["APM"]["unaffected"] = make_list("11.2.0-11.6.0","10.2.4HF12");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("11.0.0-11.1.0","10.0.0-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("11.2.0-11.6.0","10.2.4HF12");

# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected"  ] = make_list("11.0.0-11.1.0");
vmatrix["AVR"]["unaffected"] = make_list("11.2.0-11.6.0");

# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected"  ] = make_list("11.0.0-11.1.0","10.0.0-10.2.4");
vmatrix["GTM"]["unaffected"] = make_list("11.2.0-11.6.0","10.2.4HF12");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("11.0.0-11.1.0","10.0.0-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("11.2.0-11.6.0","10.2.4HF12");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("11.0.0-11.1.0","10.0.0-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("11.2.0-11.6.0","10.2.4HF12");

# PSM
vmatrix["PSM"] = make_array();
vmatrix["PSM"]["affected"  ] = make_list("11.0.0-11.1.0","10.0.0-10.2.4");
vmatrix["PSM"]["unaffected"] = make_list("11.2.0-11.4.1","10.2.4HF12");

# WAM
vmatrix["WAM"] = make_array();
vmatrix["WAM"]["affected"  ] = make_list("11.0.0-11.1.0","10.0.0-10.2.4");
vmatrix["WAM"]["unaffected"] = make_list("11.2.0-11.3.0","10.2.4HF12");

# WOM
vmatrix["WOM"] = make_array();
vmatrix["WOM"]["affected"  ] = make_list("11.0.0-11.1.0","10.0.0-10.2.4");
vmatrix["WOM"]["unaffected"] = make_list("11.2.0-11.3.0","10.2.4HF12");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
VendorProductVersionCPE
f5big-ip_access_policy_managercpe:/a:f5:big-ip_access_policy_manager
f5big-ip_application_security_managercpe:/a:f5:big-ip_application_security_manager
f5big-ip_application_visibility_and_reportingcpe:/a:f5:big-ip_application_visibility_and_reporting
f5big-ip_global_traffic_managercpe:/a:f5:big-ip_global_traffic_manager
f5big-ip_link_controllercpe:/a:f5:big-ip_link_controller
f5big-ip_local_traffic_managercpe:/a:f5:big-ip_local_traffic_manager
f5big-ip_wan_optimization_managercpe:/a:f5:big-ip_wan_optimization_manager
f5big-ip_webacceleratorcpe:/a:f5:big-ip_webaccelerator
f5big-ipcpe:/h:f5:big-ip
f5big-ip_protocol_security_managercpe:/h:f5:big-ip_protocol_security_manager

Related

f5 5
nessus 46
altlinux 6
openvas 54
freebsd 2
securityvulns 6
fedora 2
slackware 1
ubuntu 1
osv 1
redhat 5
amazon 1
centos 1
debian 2
thn 1
prion 6
debiancve 5
veracode 5
ubuntucve 6
cve 6
oraclelinux 4
suse 3
gentoo 1
kaspersky 1
seebug 6
httpd 9
packetstorm 3
checkpoint_advisories 6
threatpost 1
exploitpack 1
zdt 1
exploitdb 1
f5
f5
K15889 : Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053
2015-08-03 00:00:00
SOL15889 - Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053
2014-12-03 00:00:00
K15273 : Apache vulnerability CVE-2012-0053
2015-08-07 00:00:00
nessus
nessus
FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)
2012-02-02 00:00:00
Fedora 16 : httpd-2.2.22-1.fc16 (2012-1598)
2012-02-21 00:00:00
Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2012-041-01)
2012-02-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
openvas
openvas
Fedora Update for httpd FEDORA-2012-1598
2012-04-02 00:00:00
Fedora Update for httpd FEDORA-2012-1642
2012-03-07 00:00:00
Fedora Update for httpd FEDORA-2012-1598
2012-04-02 00:00:00
freebsd
freebsd
apache -- multiple vulnerabilities
2011-10-05 00:00:00
Apache 1.3 -- mod_proxy reverse proxy exposure
2011-10-05 00:00:00
securityvulns
securityvulns
[Announce] Apache HTTP Server 2.2.22 Released
2012-02-03 00:00:00
Apache multiple security vulnerabilities
2012-02-03 00:00:00
Apache mod_proxy unauthorized internal network access
2012-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: httpd-2.2.22-1.fc15
2012-03-06 19:30:50
[SECURITY] Fedora 16 Update: httpd-2.2.22-1.fc16
2012-02-21 01:28:42
slackware
slackware
[slackware-security] httpd
2012-02-10 17:43:57
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2012-02-16 00:00:00
osv
osv
apache2 - multiple issues
2012-02-06 00:00:00
redhat
redhat
(RHSA-2012:0128) Moderate: httpd security update
2012-02-13 00:00:00
(RHSA-2012:0543) Moderate: httpd security and bug fix update
2012-05-07 18:13:40
(RHSA-2012:0542) Moderate: httpd security and bug fix update
2012-05-07 00:00:00
amazon
amazon
Medium: httpd
2012-02-16 10:48:00
centos
centos
httpd, mod_ssl security update
2012-02-14 11:13:29
debian
debian
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
thn
thn
New Apache Reverse Proxy Flaw Allows Access to Internal Network
2011-11-27 08:58:00
prion
prion
Design/Logic Flaw
2011-11-30 04:05:00
Design/Logic Flaw
2011-10-05 22:55:00
Format string
2012-01-28 04:05:00
debiancve
debiancve
CVE-2011-4317
2011-11-30 04:05:00
CVE-2011-3368
2011-10-05 22:55:00
CVE-2012-0021
2012-01-28 04:05:00
veracode
veracode
Unauthorized Reverse Proxy Connection
2020-04-10 01:10:16
Information Disclosure
2020-04-10 01:03:06
Denial Of Service (DoS)
2020-04-10 01:10:16
ubuntucve
ubuntucve
CVE-2011-4317
2011-11-29 00:00:00
CVE-2011-3368
2011-10-05 00:00:00
CVE-2012-0021
2012-01-27 00:00:00
cve
cve
CVE-2011-4317
2011-11-30 04:05:00
CVE-2011-3368
2011-10-05 22:55:00
CVE-2012-0031
2012-01-18 20:55:00
oraclelinux
oraclelinux
httpd security update
2012-02-13 00:00:00
httpd security, bug fix, and enhancement update
2013-02-22 00:00:00
httpd security and bug fix update
2011-10-20 00:00:00
suse
suse
Security update for Apache2 (important)
2012-02-18 13:08:15
Security update for Apache2 (important)
2012-03-06 21:08:42
apache2: fixed various security bugs (important)
2012-02-28 18:08:26
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
kaspersky
kaspersky
KLA10065 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00
seebug
seebug
Apache HTTP Server mod_proxy反向代理模式安全限制绕过漏洞
2011-11-25 00:00:00
Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
2011-10-12 00:00:00
Apache HTTP Server 'mod_proxy'反向代理信息泄露漏洞
2011-10-08 00:00:00
httpd
httpd
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
2011-10-20 00:00:00
Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure
2011-09-16 00:00:00
Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure
2011-09-16 00:00:00
packetstorm
packetstorm
Apache Reverse Proxy Bypass
2011-10-06 00:00:00
Apache mod_proxy Proof Of Concept
2011-10-11 00:00:00
Apache protocol.c Cookie Disclosure
2012-01-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTPD mod_proxy Security Bypass (CVE-2011-3368)
2012-03-05 00:00:00
Apache HTTPD mod_proxy Information Disclosure (CVE-2011-3368)
2011-11-01 00:00:00
Apache HTTPD mod_log_config Cookie Handling Denial of Service - High Confidence (CVE-2012-0021)
2013-04-23 00:00:00
threatpost
threatpost
New Apache Reverse Proxy Issue Uncovered
2011-11-26 23:41:49
exploitpack
exploitpack
Apache mod_proxy - Reverse Proxy Exposure
2011-10-11 00:00:00
zdt
zdt
Apache 2.2 - Scoreboard Invalid Free On Shutdown Vulnerability
2017-03-29 00:00:00
exploitdb
exploitdb
Apache mod_proxy - Reverse Proxy Exposure
2011-10-11 00:00:00
JSON
Related for F5_BIGIP_SOL15889.NASL
f55nessus46altlinux6openvas54freebsd2securityvulns6fedora2slackware1ubuntu1osv1redhat5amazon1centos1debian2thn1prion6debiancve5veracode5ubuntucve6cve6oraclelinux4suse3gentoo1kaspersky1seebug6httpd9packetstorm3checkpoint_advisories6threatpost1exploitpack1zdt1exploitdb1