MiracleLinux 4 : httpd-2.2.15-45.0.1.AXS4 (AXSA:2015-347:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2015-347:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(288961);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id("CVE-2013-5704");

  script_name(english:"MiracleLinux 4 : httpd-2.2.15-45.0.1.AXS4 (AXSA:2015-347:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the
AXSA:2015-347:01 advisory.

    The Apache HTTP Server is a powerful, efficient, and extensible
    web server.
    Security issues fixed with this release:
    CVE-2013-5704
    The mod_headers module in the Apache HTTP Server 2.2.22 allows remote
    attackers to bypass RequestHeader unset directives by placing a
    header in the trailer portion of data sent with chunked transfer
    coding.  NOTE: the vendor states this is not a security issue in httpd
    as such.
    Fixed bugs:
    * The order of mod_proxy workers was not checked when httpd configuration was
    reloaded. When mod_proxy workers were removed, added, or their order was
    changed, their parameters and scores could become mixed. With this update,
    the order of mod_proxy workers has been made internally consistent during
    configuration reload.
    * The local host certificate created during firstboot contained CA extensions,
    which caused the httpd service to return warning messages. With this update,
    the bug hes been fixed.
    * The default mod_ssl configuration no longer enables support for SSL cipher
    suites using the single DES, IDEA, or SEED encryption algorithms.
    * The apachectl script did not take into account the HTTPD_LANG variable set in
    the /etc/sysconfig/httpd file during graceful restarts. Consequently, httpd did
    not use a changed value of HTTPD_LANG when the daemon was restarted gracefully.
    To fix this bug, the script has been fixed to handle the HTTPD_LANG variable correctly.
    * The mod_deflate module failed to check the original file size while extracting
    files larger than 4 GB, making it impossible to extract large files. With this update,
    the problem has been fixed.
    * The httpd service did not check configuration before restart. When a
    configuration contained an error, an attempt to restart httpd gracefully failed.
    With this update, the problem has been fixed.
    * The SSL_CLIENT_VERIFY environment variable was incorrectly handled when the
    SSLVerifyClient optional_no_ca and SSLSessionCache options were used. When
    an SSL session was resumed, the SSL_CLIENT_VERIFY value was set to SUCCESS
    instead of the previously set GENEROUS. SSL_CLIENT_VERIFY is now correctly set
    to GENEROUS in this scenario.
    * The ab utility did not correctly handle situations when an SSL connection was
    closed after some data had already been read. As a consequence, ab did not work
    correctly with SSL servers and printed SSL read failed error messages. With
    this update, the described bug has been fixed.
    * When a client presented a revoked certificate, log entries were created only
    at the debug level. The log level of messages regarding a revoked certificate
    has been increased to INFO, and administrators are now properly informed of this
    situation.
    Enhancements:
    * A mod_proxy worker can now be set into drain mode (N) using the
    balancer-manager web interface or using the httpd configuration file. A worker
    in drain mode accepts only existing sticky sessions destined for itself and
    ignores all other requests. The worker waits until all clients currently
    connected to this worker complete their work before the worker is stopped. As a
    result, drain mode enables to perform maintenance on a worker without affecting
    clients.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/5693");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5704");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"Low");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:httpd-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:httpd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'httpd-2.2.15-45.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'httpd-2.2.15-45.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'httpd-devel-2.2.15-45.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'httpd-devel-2.2.15-45.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'httpd-manual-2.2.15-45.0.1.AXS4', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'httpd-tools-2.2.15-45.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'httpd-tools-2.2.15-45.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'mod_ssl-2.2.15-45.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'mod_ssl-2.2.15-45.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl');
}