Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2006-007.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Mandrake Linux Security Advisory : apache2 (MDKSA-2006:007)

2006-01-1500:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
9
JSON

A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352).

Also, a NULL pointer dereference flaw was found in mod_ssl that affects server configurations where an SSL virtual host was configured with access controls and a custom 400 error document. This could allow a remote attacker to send a carefully crafted request to trigger the issue and cause a crash, but only with the non-default worker MPM (CVE-2005-3357).

The provided packages have been patched to prevent these problems.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:007. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20473);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-3352", "CVE-2005-3357");
  script_xref(name:"MDKSA", value:"2006:007");

  script_name(english:"Mandrake Linux Security Advisory : apache2 (MDKSA-2006:007)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was discovered in mod_imap when using the Referer directive
with image maps that could be used by a remote attacker to perform a
cross- site scripting attack, in certain site configurations, if a
victim could be forced to visit a malicious URL using certain web
browsers (CVE-2005-3352).

Also, a NULL pointer dereference flaw was found in mod_ssl that
affects server configurations where an SSL virtual host was configured
with access controls and a custom 400 error document. This could allow
a remote attacker to send a carefully crafted request to trigger the
issue and cause a crash, but only with the non-default worker MPM
(CVE-2005-3357).

The provided packages have been patched to prevent these problems."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_deflate");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_disk_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_file_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_mem_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_userdir");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-peruser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_dav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_deflate");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_file_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-peruser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-worker");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/01/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", reference:"apache2-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-common-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-devel-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-manual-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-mod_cache-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-mod_dav-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-mod_deflate-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-mod_disk_cache-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-mod_file_cache-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-mod_ldap-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-mod_mem_cache-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-mod_proxy-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-mod_ssl-2.0.50-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-modules-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-source-2.0.50-7.6.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"apache2-worker-2.0.50-7.6.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"apache2-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-common-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-devel-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-manual-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-mod_cache-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-mod_dav-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-mod_deflate-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-mod_disk_cache-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-mod_file_cache-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-mod_ldap-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-mod_mem_cache-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-mod_proxy-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-mod_ssl-2.0.53-8.3.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-modules-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-peruser-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-source-2.0.53-9.4.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"apache2-worker-2.0.53-9.4.102mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2006.0", reference:"apache-base-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-devel-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_cache-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_dav-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_deflate-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_disk_cache-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_file_cache-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_ldap-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_mem_cache-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_proxy-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_ssl-2.0.54-6.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mod_userdir-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-modules-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mpm-peruser-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mpm-prefork-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-mpm-worker-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"apache-source-2.0.54-13.2.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxapache-basep-cpe:/a:mandriva:linux:apache-base
mandrivalinuxapache-develp-cpe:/a:mandriva:linux:apache-devel
mandrivalinuxapache-mod_cachep-cpe:/a:mandriva:linux:apache-mod_cache
mandrivalinuxapache-mod_davp-cpe:/a:mandriva:linux:apache-mod_dav
mandrivalinuxapache-mod_deflatep-cpe:/a:mandriva:linux:apache-mod_deflate
mandrivalinuxapache-mod_disk_cachep-cpe:/a:mandriva:linux:apache-mod_disk_cache
mandrivalinuxapache-mod_file_cachep-cpe:/a:mandriva:linux:apache-mod_file_cache
mandrivalinuxapache-mod_ldapp-cpe:/a:mandriva:linux:apache-mod_ldap
mandrivalinuxapache-mod_mem_cachep-cpe:/a:mandriva:linux:apache-mod_mem_cache
mandrivalinuxapache-mod_proxyp-cpe:/a:mandriva:linux:apache-mod_proxy
Rows per page:
1-10 of 371

Related

openvas 46
nessus 36
gentoo 1
ubuntu 1
centos 2
redhat 2
cert 1
cve 2
seebug 1
debiancve 2
ubuntucve 2
httpd 5
securityvulns 3
freebsd 1
slackware 1
jvn 1
osv 1
debian 1
suse 2
oracle 1
openvas
openvas
Gentoo Security Advisory GLSA 200602-03 (Apache)
2008-09-24 00:00:00
SLES9: Security update for Apache 2
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200602-03 (Apache)
2008-09-24 00:00:00
nessus
nessus
Ubuntu 4.10 / 5.04 / 5.10 : apache2, apache vulnerabilities (USN-241-1)
2006-01-21 00:00:00
GLSA-200602-03 : Apache: Multiple vulnerabilities
2006-02-10 00:00:00
HP-UX PHSS_36385 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)
2007-09-25 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2006-02-06 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2006-01-13 00:00:00
centos
centos
httpd, mod_ssl security update
2006-01-05 21:38:50
apache security update
2006-01-30 00:50:54
redhat
redhat
(RHSA-2006:0159) httpd security update
2006-01-05 00:00:00
(RHSA-2006:0158) apache security update
2006-01-17 00:00:00
cert
cert
Apache mod_rewrite contains off-by-one error in ldap scheme handling
2006-07-28 00:00:00
cve
cve
CVE-2005-3352
2005-12-13 20:03:00
CVE-2005-3357
2005-12-31 05:00:00
seebug
seebug
Apache Mod_SSL可定制错误文档拒绝服务漏洞
2006-08-17 00:00:00
debiancve
debiancve
CVE-2005-3357
2005-12-31 05:00:00
CVE-2005-3352
2005-12-13 20:03:00
ubuntucve
ubuntucve
CVE-2005-3357
2005-12-31 00:00:00
CVE-2005-3352
2005-12-13 00:00:00
httpd
httpd
Apache Httpd < 2.2.2 : mod_ssl access control DoS
2005-12-05 00:00:00
Apache Httpd < 2.2.2 : mod_imap Referer Cross-Site Scripting
2005-11-01 00:00:00
Apache Httpd < 2.0.58 : mod_imap Referer Cross-Site Scripting
2005-11-01 00:00:00
securityvulns
securityvulns
[OpenPKG-SA-2005.029] OpenPKG Security Advisory &#40;apache&#41;
2005-12-16 00:00:00
About the security content of Security Update 2008-003 / Mac OS X 10.5.3
2008-05-30 00:00:00
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-08-12 00:00:00
freebsd
freebsd
apache -- mod_imap cross-site scripting flaw
2005-11-01 00:00:00
slackware
slackware
[slackware-security] Apache httpd
2006-05-09 22:19:21
jvn
jvn
JVN#06045169 mod_imap cross-site scripting vulnerability
2005-12-15 00:00:00
osv
osv
apache - missing input sanitising
2006-09-04 00:00:00
debian
debian
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities
2006-09-04 15:08:06
suse
suse
remote denial of service in apache,apache2
2006-07-28 14:21:14
cryptographic problems in apache2
2006-09-08 14:34:17
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00
JSON
Related for MANDRAKE_MDKSA-2006-007.NASL
openvas46nessus36gentoo1ubuntu1centos2redhat2cert1cve2seebug1debiancve2ubuntucve2httpd5securityvulns3freebsd1slackware1jvn1osv1debian1suse2oracle1