Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2012-012.NASL
HistoryFeb 03, 2012 - 12:00 a.m.

Mandriva Linux Security Advisory : apache (MDVSA-2012:012)

2012-02-0300:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
JSON

Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD) :

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value (CVE-2012-0021).

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function (CVE-2012-0031).

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script (CVE-2012-0053).

The updated packages have been upgraded to the latest 2.2.22 version which is not vulnerable to this issue.

Additionally APR and APR-UTIL has been upgraded to the latest versions 1.4.5 and 1.4.1 respectively which holds many improvments over the previous versions.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2012:012. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(57819);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053");
  script_bugtraq_id(51407, 51705, 51706);
  script_xref(name:"MDVSA", value:"2012:012");

  script_name(english:"Mandriva Linux Security Advisory : apache (MDVSA-2012:012)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been found and corrected in apache (ASF
HTTPD) :

The log_cookie function in mod_log_config.c in the mod_log_config
module in the Apache HTTP Server 2.2.17 through 2.2.21, when a
threaded MPM is used, does not properly handle a \%{}C format string,
which allows remote attackers to cause a denial of service (daemon
crash) via a cookie that lacks both a name and a value
(CVE-2012-0021).

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow
local users to cause a denial of service (daemon crash during
shutdown) or possibly have unspecified other impact by modifying a
certain type field within a scoreboard shared memory segment, leading
to an invalid call to the free function (CVE-2012-0031).

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not
properly restrict header information during construction of Bad
Request (aka 400) error documents, which allows remote attackers to
obtain the values of HTTPOnly cookies via vectors involving a (1) long
or (2) malformed header in conjunction with crafted web script
(CVE-2012-0053).

The updated packages have been upgraded to the latest 2.2.22 version
which is not vulnerable to this issue.

Additionally APR and APR-UTIL has been upgraded to the latest versions
1.4.5 and 1.4.1 respectively which holds many improvments over the
previous versions."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://httpd.apache.org/security/vulnerabilities_22.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.apache.org/dist/apr/CHANGES-APR-1.4"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.4"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.apache.org/dist/httpd/CHANGES_2.2.22"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-conf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-htcacheclean");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_dbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_deflate");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_disk_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_file_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_mem_cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_reqtimeout");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_suexec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_userdir");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-event");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-itk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-peruser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apr-util-dbd-freetds");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apr-util-dbd-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apr-util-dbd-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apr-util-dbd-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apr-util-dbd-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apr-util-dbd-sqlite3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apr-util-dbm-db");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apr-util-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apr-util-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64apr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64apr-util-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64apr-util1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64apr1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr-util-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr-util1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2010.1", reference:"apache-base-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-conf-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-devel-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-doc-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-htcacheclean-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_authn_dbd-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_cache-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_dav-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_dbd-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_deflate-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_disk_cache-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_file_cache-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_ldap-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_mem_cache-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_proxy-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_proxy_ajp-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_proxy_scgi-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_reqtimeout-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_ssl-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_suexec-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mod_userdir-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-modules-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mpm-event-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mpm-itk-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mpm-peruser-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mpm-prefork-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-mpm-worker-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apache-source-2.2.22-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apr-util-dbd-freetds-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apr-util-dbd-ldap-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apr-util-dbd-mysql-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apr-util-dbd-odbc-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apr-util-dbd-pgsql-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apr-util-dbd-sqlite3-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apr-util-dbm-db-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apr-util-nss-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"apr-util-openssl-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64apr-devel-1.4.5-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64apr-util-devel-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64apr-util1-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64apr1-1.4.5-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libapr-devel-1.4.5-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libapr-util-devel-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libapr-util1-1.4.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libapr1-1.4.5-0.1mdv2010.2", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2011", reference:"apache-base-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-conf-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-devel-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-doc-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-htcacheclean-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_authn_dbd-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_cache-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_dav-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_dbd-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_deflate-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_disk_cache-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_file_cache-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_ldap-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_mem_cache-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_proxy-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_proxy_ajp-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_proxy_scgi-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_reqtimeout-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_ssl-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_suexec-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mod_userdir-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-modules-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mpm-event-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mpm-itk-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mpm-peruser-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mpm-prefork-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-mpm-worker-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apache-source-2.2.22-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apr-util-dbd-freetds-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apr-util-dbd-ldap-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apr-util-dbd-mysql-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apr-util-dbd-odbc-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apr-util-dbd-pgsql-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apr-util-dbd-sqlite3-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apr-util-dbm-db-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apr-util-nss-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"apr-util-openssl-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64apr-util-devel-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64apr-util1-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libapr-util-devel-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libapr-util1-1.4.1-0.1-mdv2011.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxapache-mod_mem_cachep-cpe:/a:mandriva:linux:apache-mod_mem_cache
mandrivalinuxapache-mod_proxyp-cpe:/a:mandriva:linux:apache-mod_proxy
mandrivalinuxapache-mod_proxy_ajpp-cpe:/a:mandriva:linux:apache-mod_proxy_ajp
mandrivalinuxapache-mod_proxy_scgip-cpe:/a:mandriva:linux:apache-mod_proxy_scgi
mandrivalinuxapache-mod_reqtimeoutp-cpe:/a:mandriva:linux:apache-mod_reqtimeout
mandrivalinuxapache-mod_sslp-cpe:/a:mandriva:linux:apache-mod_ssl
mandrivalinuxapache-mod_suexecp-cpe:/a:mandriva:linux:apache-mod_suexec
mandrivalinuxapache-mod_userdirp-cpe:/a:mandriva:linux:apache-mod_userdir
mandrivalinuxapache-modulesp-cpe:/a:mandriva:linux:apache-modules
mandrivalinuxapache-mpm-eventp-cpe:/a:mandriva:linux:apache-mpm-event
Rows per page:
1-10 of 471

Related

openvas 31
ubuntu 1
nessus 37
f5 6
fedora 2
securityvulns 7
altlinux 3
freebsd 1
slackware 1
suse 3
redhat 4
prion 3
httpd 5
debiancve 3
ubuntucve 3
cve 3
zdt 1
seebug 2
checkpoint_advisories 4
veracode 2
oraclelinux 3
packetstorm 1
osv 1
amazon 1
centos 1
debian 2
kaspersky 1
gentoo 1
ibm 2
hackerone 1
oracle 2
openvas
openvas
Mandriva Update for apache MDVSA-2012:012 (apache)
2012-02-03 00:00:00
Mandriva Update for apache MDVSA-2012:012 (apache)
2012-02-03 00:00:00
Ubuntu Update for apache2 USN-1368-1
2012-02-21 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2012-02-16 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2 vulnerabilities (USN-1368-1)
2012-02-17 00:00:00
F5 Networks BIG-IP : Apache HTTP server vulnerabilities (SOL15889)
2014-12-05 00:00:00
FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)
2012-02-02 00:00:00
f5
f5
K15889 : Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053
2015-08-03 00:00:00
SOL15889 - Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053
2014-12-03 00:00:00
SOL15273 - Apache vulnerability CVE-2012-0053
2014-05-19 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: httpd-2.2.22-1.fc15
2012-03-06 19:30:50
[SECURITY] Fedora 16 Update: httpd-2.2.22-1.fc16
2012-02-21 01:28:42
securityvulns
securityvulns
[Announce] Apache HTTP Server 2.2.22 Released
2012-02-03 00:00:00
Apache multiple security vulnerabilities
2012-02-03 00:00:00
[security bulletin] HPSBST02848 SSRT101112 rev.1 - HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information
2013-04-01 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
freebsd
freebsd
apache -- multiple vulnerabilities
2011-10-05 00:00:00
slackware
slackware
[slackware-security] httpd
2012-02-10 17:43:57
suse
suse
Security update for Apache2 (important)
2012-02-18 13:08:15
Security update for Apache2 (important)
2012-03-06 21:08:42
apache2: fixed various security bugs (important)
2012-02-28 18:08:26
redhat
redhat
(RHSA-2012:0542) Moderate: httpd security and bug fix update
2012-05-07 00:00:00
(RHSA-2012:0543) Moderate: httpd security and bug fix update
2012-05-07 18:13:40
(RHSA-2012:0323) Moderate: httpd security update
2012-02-21 00:00:00
prion
prion
Format string
2012-01-28 04:05:00
Design/Logic Flaw
2012-01-18 20:55:00
Design/Logic Flaw
2012-01-28 04:05:00
httpd
httpd
Apache Httpd < 2.2.22 : mod_log_config crash
2011-12-30 00:00:00
Apache Httpd < 2.2.22 : scoreboard parent DoS
2011-12-30 00:00:00
Apache Httpd < 2.0.65 : scoreboard parent DoS
2011-12-30 00:00:00
debiancve
debiancve
CVE-2012-0021
2012-01-28 04:05:00
CVE-2012-0031
2012-01-18 20:55:00
CVE-2012-0053
2012-01-28 04:05:00
ubuntucve
ubuntucve
CVE-2012-0021
2012-01-27 00:00:00
CVE-2012-0031
2012-01-18 00:00:00
CVE-2012-0053
2012-01-27 00:00:00
cve
cve
CVE-2012-0031
2012-01-18 20:55:00
CVE-2012-0021
2012-01-28 04:05:00
CVE-2012-0053
2012-01-28 04:05:00
zdt
zdt
Apache 2.2 - Scoreboard Invalid Free On Shutdown Vulnerability
2017-03-29 00:00:00
seebug
seebug
Apache 2.2.x Scoreboard本地安全限制绕过漏洞
2012-01-17 00:00:00
Apache httpOnly Cookie Disclosure(CVE-2012-0053)
2012-02-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTPD mod_log_config Cookie Handling Denial of Service - High Confidence (CVE-2012-0021)
2013-04-23 00:00:00
Apache HTTPD mod_log_config Cookie Handling Denial of Service (CVE-2012-0021)
2012-05-14 00:00:00
Apache HTTPD Error Code 400 httpOnly Cookie Handling Information Disclosure (CVE-2012-0053)
2012-05-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:10:16
Information Disclosure
2020-04-10 01:10:17
oraclelinux
oraclelinux
httpd security update
2012-02-28 00:00:00
httpd security update
2012-02-13 00:00:00
httpd security, bug fix, and enhancement update
2013-02-22 00:00:00
packetstorm
packetstorm
Apache protocol.c Cookie Disclosure
2012-01-31 00:00:00
osv
osv
apache2 - multiple issues
2012-02-06 00:00:00
amazon
amazon
Medium: httpd
2012-02-16 10:48:00
centos
centos
httpd, mod_ssl security update
2012-02-14 11:13:29
debian
debian
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
kaspersky
kaspersky
KLA10065 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
ibm
ibm
Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
hackerone
hackerone
U.S. Dept Of Defense: Out-of-date Version (Apache)
2016-11-24 15:09:27
oracle
oracle
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
JSON
Related for MANDRIVA_MDVSA-2012-012.NASL
openvas31ubuntu1nessus37f56fedora2securityvulns7altlinux3freebsd1slackware1suse3redhat4prion3httpd5debiancve3ubuntucve3cve3zdt1seebug2checkpoint_advisories4veracode2oraclelinux3packetstorm1osv1amazon1centos1debian2kaspersky1gentoo1ibm2hackerone1oracle2