MiracleLinux 3 : httpd-2.2.3-76.0.1.AXS3 (AXSA:2013-45:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2013-45:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289813);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id("CVE-2008-0455", "CVE-2008-0456", "CVE-2012-2687");

  script_name(english:"MiracleLinux 3 : httpd-2.2.3-76.0.1.AXS3 (AXSA:2013-45:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2013-45:01 advisory.

    The Apache HTTP Server is a powerful, efficient, and extensible web server.
    Security issues fixed with this release:
     CVE-2008-0455
    Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and
    earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x
    series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a
    name containing XSS sequences and a file extension, which leads to injection within a (1) 406 Not
    Acceptable or (2) 300 Multiple Choices HTTP response when the extension is omitted in a request for the
    file.
     CVE-2008-0456
    CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in
    the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series
    allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting
    attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension,
    which leads to injection within a (1) 406 Not Acceptable or (2) 300 Multiple Choices HTTP response
    when the extension is omitted in a request for the file.
     CVE-2012-2687
    Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c
    in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is
    enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not
    properly handled during construction of a variant list.
    Fixed bugs:
     Previously, the validity of /etc/pki/tls/private/localhost.key was not checked before running the %post
    script for the mod_ssl package: If /etc/pki/tls/certs/localhost.crt did not exist and localhost.key
    was present but invalid and upgrading httpd with mod_ssl failed. This has been fixed.
     Added a patch to disable non-FIPS functionality in the mod_ssl module when running in FIPS mode so that
    httpd starts as expected under FIPS mode.
     Previously, the httpd exit codes were not LSB compliant. This has been fixed and httpd now returns 1 as
    an exist status code.
     Fixed the handling of long chunk-lines (32 bytes or more).
     Fixed header merging for 304 case.
     Fixed the response-line strings handling when run in a proxy set up so that response-lines without a
    description string are properly returned to the client.
     Previously, a bug in the mod_mem_cache module could result in a cached entity becoming corrupt when
    aborting an HTTP connection. This has been fixed.
    Enhancements:
     Added support for the LDAPReferrals configuration directive.
     The mod_proxy_ajp module now supports the ProxyErrorOverride directive
     Now, if the /etc/sysconfig/httpd-disable-posttrans file exists, the %posttrans scriptlet will not
    automatically restarts the httpd service after a package upgrade.
     The output of httpd -S now includes configured alias names for each virtual host.
     mod_ssl using the _DN_userID (like SSL_CLIENT_S_DN_userID) now expose new certificate variable
    names.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/3666");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-0455");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:httpd-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'httpd-2.2.3-76.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'httpd-devel-2.2.3-76.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'httpd-manual-2.2.3-76.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'mod_ssl-2.2.3-76.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / mod_ssl');
}