NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)

2019-08-12T00:00:00

Description

The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. (CVE-2005-1268) - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088) - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700) - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728) - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352) - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. (CVE-2005-3357) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638) - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

{"id": "NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities:\n\n - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.\n (CVE-2005-1268)\n\n - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding:\n chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088)\n\n - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700)\n\n - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728)\n\n - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352)\n\n - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.\n (CVE-2005-3357)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452)\n\n - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638)\n\n - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2019-08-12T00:00:00", "modified": "2022-05-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/127360", "reporter": "This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2728", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1268", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2700", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3638", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798", "http://security.gd-linux.com/notice/NS-SA-2019-0118", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"], "cvelist": ["CVE-2005-1268", "CVE-2005-2088", "CVE-2005-2700", "CVE-2005-2728", "CVE-2005-3352", "CVE-2005-3357", "CVE-2009-3555", "CVE-2010-1452", "CVE-2011-3638", "CVE-2016-8743", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "immutableFields": [], "lastseen": "2023-01-11T15:22:43", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2017-785", "ALAS-2017-851", "ALAS-2017-863", "ALAS-2017-892", "ALAS-2017-896"]}, {"type": "apple", "idList": ["APPLE:0627AF17A33B956DE48ACE757A30BFB9", "APPLE:B6838750CA6086B150DDD58EB8FAE22A", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:E8FF9F04ED54DD8E8D5B899FB4A8000E", "APPLE:HT207615", "APPLE:HT208144", "APPLE:HT208221", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201706-34", "ASA-201707-15", "ASA-201709-15"]}, {"type": "attackerkb", "idList": ["AKB:D0F5AA2A-4D99-41A6-9F83-6D0EA1AD01FC"]}, {"type": "avleonov", "idList": ["AVLEONOV:101A90D5F21CD7ACE01781C2913D1B6D"]}, {"type": "centos", "idList": ["CESA-2005:582", "CESA-2005:608", "CESA-2005:773-01", "CESA-2006:0158-01", "CESA-2006:0159", "CESA-2009:1579", "CESA-2009:1580", "CESA-2010:0162", "CESA-2010:0163", "CESA-2010:0164", "CESA-2010:0165", "CESA-2010:0166", "CESA-2010:0167", "CESA-2010:0339", "CESA-2010:0659", "CESA-2010:0768", "CESA-2012:0107", "CESA-2017:0906", "CESA-2017:1721", "CESA-2017:2478", "CESA-2017:2479", "CESA-2017:2882", "CESA-2017:2972"]}, {"type": "cert", "idList": ["VU:120541", "VU:395412", "VU:744929"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2005-283", "CPAI-2009-0308", "CPAI-2010-020", "CPAI-2017-0597", "CPAI-2017-0774", "CPAI-2017-0882", "CPAI-2017-0896", "CPAI-2018-0743", "SBP-2009-23"]}, {"type": "cisco", "idList": ["CISCO-SA-20091105-CVE-2009-3555", "CISCO-SA-20091109-TLS"]}, {"type": "cve", "idList": ["CVE-2005-1268", "CVE-2005-2088", "CVE-2005-2700", "CVE-2005-2728", "CVE-2005-3352", "CVE-2005-3357", "CVE-2009-3555", "CVE-2009-3936", "CVE-2010-1452", "CVE-2011-3638", "CVE-2016-8743", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"]}, {"type": "d0znpp", "idList": ["D0ZNPP:49DD0FEAD5D037024F28DFCCAA51B205"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1009-1:3325F", "DEBIAN:DLA-1028-1:56C6B", "DEBIAN:DLA-1102-1:511F7", "DEBIAN:DLA-1102-1:7F277", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-841-1:5E66E", "DEBIAN:DLA-841-2:98C98", "DEBIAN:DLA-862-1:B30ED", "DEBIAN:DLA-862-1:D0310", "DEBIAN:DSA-1167-1:158F8", "DEBIAN:DSA-1934-1:46132", "DEBIAN:DSA-1934-1:699DB", "DEBIAN:DSA-2141-1:1F9CB", "DEBIAN:DSA-2141-1:49345", "DEBIAN:DSA-2141-1:4DDA2", "DEBIAN:DSA-2141-1:7D2D7", "DEBIAN:DSA-2141-2:2C2CF", "DEBIAN:DSA-2141-2:D493B", "DEBIAN:DSA-2141-4:01EC7", "DEBIAN:DSA-2141-4:2215A", "DEBIAN:DSA-2161-2:41E9C", "DEBIAN:DSA-2298-1:A7091", "DEBIAN:DSA-2298-1:DA864", "DEBIAN:DSA-2298-2:841EC", "DEBIAN:DSA-2298-2:8F734", "DEBIAN:DSA-2626-1:B9AE9", "DEBIAN:DSA-3253-1:0C444", "DEBIAN:DSA-3796-1:1635B", "DEBIAN:DSA-3796-1:1E6E3", "DEBIAN:DSA-3796-2:C09F5", "DEBIAN:DSA-3796-2:E23FE", "DEBIAN:DSA-3896-1:6A084", "DEBIAN:DSA-3896-1:758A1", "DEBIAN:DSA-3913-1:A0B7B", "DEBIAN:DSA-3913-1:D4EF4", "DEBIAN:DSA-3980-1:6FBEB", "DEBIAN:DSA-3980-1:C7ED3", "DEBIAN:DSA-803-1:62871", "DEBIAN:DSA-803-1:8270E", "DEBIAN:DSA-805-1:3D823", "DEBIAN:DSA-805-1:936DE", "DEBIAN:DSA-807-1:30A2C", "DEBIAN:DSA-807-1:FAC7B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2005-1268", "DEBIANCVE:CVE-2005-2088", "DEBIANCVE:CVE-2005-2700", "DEBIANCVE:CVE-2005-2728", "DEBIANCVE:CVE-2005-3352", "DEBIANCVE:CVE-2005-3357", "DEBIANCVE:CVE-2009-3555", "DEBIANCVE:CVE-2010-1452", "DEBIANCVE:CVE-2016-8743", "DEBIANCVE:CVE-2017-3167", "DEBIANCVE:CVE-2017-3169", "DEBIANCVE:CVE-2017-7668", "DEBIANCVE:CVE-2017-7679", "DEBIANCVE:CVE-2017-9788", "DEBIANCVE:CVE-2017-9798"]}, {"type": "exploitdb", "idList": ["EDB-ID:10579", "EDB-ID:42745"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8B4E7E8DAE5A13C8250C6C33307CD66C", "EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D"]}, {"type": "f5", "idList": ["F5:K00373024", "F5:K10737", "F5:K23565223", "F5:K34125394", "F5:K5278", "F5:K54624443", "F5:K5857", "F5:K70084351", "F5:K75429050", "F5:K83043359", "SOL10737", "SOL15899", "SOL5278", "SOL5857"]}, {"type": "fedora", "idList": ["FEDORA:051C71116F9", "FEDORA:071841106DB", "FEDORA:092E9605F081", "FEDORA:09491110673", "FEDORA:09EE06061CB6", "FEDORA:0C0C510F85F", "FEDORA:0FD0F10F8DA", "FEDORA:1B80628EDC8", "FEDORA:37CF11114DB", "FEDORA:37F8D10F892", "FEDORA:38DF511115F", "FEDORA:3BA3010F892", "FEDORA:4C4E710F878", "FEDORA:4C502110FE5", "FEDORA:5196D604624F", "FEDORA:5429A1108EB", "FEDORA:5502F10F89D", "FEDORA:58E1828ED7E", "FEDORA:59B0310F861", "FEDORA:611D110F917", "FEDORA:61A8C10FC13", "FEDORA:63AEC601CFBA", "FEDORA:6A214110D58", "FEDORA:6DE61110C21", "FEDORA:776A61D72B0", "FEDORA:8385C29043", "FEDORA:8858F604C5E6", "FEDORA:8A43D110815", "FEDORA:8D2D811080B", "FEDORA:8F24F60427F3", "FEDORA:A9847604E850", "FEDORA:A9BA0608752F", "FEDORA:BA663110F8E", "FEDORA:BA97628855", "FEDORA:BBBCA110998", "FEDORA:BCC0720E13", "FEDORA:D3A711119A1", "FEDORA:DB226111816", "FEDORA:E042E10F89C", "FEDORA:E36CC10FA25", "FEDORA:E3F6C10FD89", "FEDORA:E880C1107B8", "FEDORA:F1AD728EDBF"]}, {"type": "fortinet", "idList": ["FG-IR-17-137"]}, {"type": "freebsd", "idList": ["0C2DB2AA-5584-11E7-9A7D-B499BAEBFEAF", "28A7310F-9855-11DF-8D36-001AA0166822", "457CE015-67FA-11E7-867F-B499BAEBFEAF", "651996E0-FE07-11D9-8329-000E0C2E438A", "76B085E2-9D33-11E7-9260-000C292EE6B8", "862D6AB3-C75E-11E6-9F98-20CF30E32F6D", "9CCFEE39-3C3B-11DF-9EDC-000F20797EDE", "9FFF8DC8-7AA7-11DA-BF72-00123F589060", "E936D612-253F-11DA-BC01-000E0C2E438A"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-09:15.SSL"]}, {"type": "gentoo", "idList": ["GLSA-200508-15", "GLSA-200509-12", "GLSA-200602-03", "GLSA-200912-01", "GLSA-201006-18", "GLSA-201110-05", "GLSA-201203-22", "GLSA-201206-18", "GLSA-201206-25", "GLSA-201301-01", "GLSA-201309-15", "GLSA-201311-13", "GLSA-201406-32", "GLSA-201701-36", "GLSA-201710-32"]}, {"type": "githubexploit", "idList": ["ECC3E825-EE29-59D3-BE28-1B30DB15940E"]}, {"type": "hackerone", "idList": ["H1:184877", "H1:241610", "H1:244459", "H1:269568", "H1:5617", "H1:648434"]}, {"type": "httpd", "idList": ["HTTPD:156974A46CA46AF26CC4140D00F7EB10", "HTTPD:1F84410918227CC81FA7C000C4F999A3", "HTTPD:2E324CC4C6C61757E316E26EF4DCB945", "HTTPD:348811594B4FDD8579A34C563A16F7F6", "HTTPD:3AC0C9DD33BF3754BEF3C59A5FE84DAA", "HTTPD:44908D5C4721DCB28E9FB7C9E680D98A", "HTTPD:459EB8D98503A2460C9445C5B224979E", "HTTPD:52DFDCA40D443C450BD14148214C5F66", "HTTPD:5AE0DECCB3632DACD24792909DC01D94", "HTTPD:6236A32987BAE49DFBF020477B1278DD", "HTTPD:650C6B8A1FEAD1FBD1AF9746142659F9", "HTTPD:7DDAAFDB1FD8B2E7FD36ADABA5DB6DAA", "HTTPD:9F5406E0F4A0B007A0A4C9C92EF9813B", "HTTPD:AB90760E737095314FB86C7C19A8195D", "HTTPD:AFF602C69F045FC92143D4F71BF18542", "HTTPD:B241DEC1CD6E05EEED904660E3485691", "HTTPD:B3CAE477FC642243481884B0FBDED79C", "HTTPD:BEF84406F2FB3CB90F1C555BEFF774E2", "HTTPD:C7877AFCB6DEB5CFB770011B4B04435D", "HTTPD:D868A1E68FB46E2CF5486281DCDB59CF", "HTTPD:D985DCA778366629778457ABDE4349C7", "HTTPD:E162D3AE025639FEE2A89D5AF40ABF2F", "HTTPD:E5BCF7FEE4CAFF4CFFF0CE85C63F8ACE", "HTTPD:E69E9574251973D5AF93FA9D04997FC1", "HTTPD:F42C3F30D72C7F0EAB800B29D17B0701"]}, {"type": "ibm", "idList": ["0EB149242AF86C92359FD2819FE5CA2FA94AAA9A6E3A7381956968DD540CEF70", "107B95B25E485FADB7A0D2D8EA42DD1EFEA8A9B34B6E89CCC69ECED6C1425697", "12C657CCB040A2D71F5E7B37692A10A6A4BAA07FBFEAADA8E6F9A5BCFCFD9FAB", "1D18DE555FB91F29F8BBC3532E15A21A7A5DE61EF8C2DB29C73E6BDCF4F0E604", "21781046737819F9BECB0172803EAC75FA331A489C94879B0B9D69C572F33FCF", "298D694E8B6EFBF03FA97A7FCDBF327EA4FEEDD97CA520790177E2DF3923F9E1", "2A154FA8D34017E50CF35433C3DE4641EF2E92450EBD25CEF33FAD6C26916BCE", "2F7ADE520928E45BDECE0F1C3D8E8E07F934DF3F69918FC4829075AF2364237F", "310958DD2F3D06D59563227432B7213CDDE28119F92BE0B7917A8425B04EC260", "381B76F53A26572A7C476380F44421473D669346B3F00F995B318188F2D2B793", "42B553A5257DBCE0553E09359217D9B58850595C4F83DD12BEB3762A7D09FF2D", "47644FAFD6F6ABB09C9F2440BAAC192C1002C567818AF5F51FCF8952AB3DBEBE", "484FD1B1E7A6A3A484DE4BDC1FDF09501DFB31C1980219247DBA8B5CDE895A4B", "50AE63BFCF8B58A7B7F3089D5424BDD34DB78E4FF4858500CCF43E9AD8B9DAA8", "56CB07622B14188160E5D327E52989DB0D410C39FB585AAE9CBEB2CB7510B3B7", "59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1", "5EC1889E18DCCDE147630DF4EF9903CBA5E4BE319955A423F365744C95CF8DA2", "6D1EA12A252C82A036251C841912B8D2E2DA26FBB120365C7BD4352D8CE2A4AC", "75AE9D4CB9FE02C082FC4424DBD420EA2EAC4CD4BCE0C4E376DC8DEE1119F8D3", "78D40A21742356B91AB09A7C2E0571D44F72206C6C473316F0A204A6612E7ECE", "7CF53FE09C7D25161BFAD59060E2F4269BC90C0B892337805721A0FE0A9BDA22", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "825B52995DBE90672BBA09CCFBDD51925814B984495E8E740D466D1C921FE61C", "86D355F68F85D65B3FD45457F96CAF7864164018AA27439D7F53F3145DFF6AB4", "8E456E2BF8E88834C4ACBF32EE7BA5AC206E0D77D5D8C37A3008D171D2685920", "8E707C6723A8AE84E257A785A1F0A0704AEA1218866DF3AD3C1C94882C5D965F", "91C10A77460E47F53661352C6380E6E959F0A94B552C3AE3314BBEC480C0AD09", "94533C1AEDE627C97E171FC1339661B263CF1EA6678274080F922CA0E372274C", "961E95FA88FD7A8C30DFE02BACBFE022B20A70E973DBD5962B95C70771F0CF07", "99C4FE5226D6D4C3DFB065D997F2D2D168A50F2B090813B4AFFCC6BF971F9576", "AFC7F6891989929988472E4484D8B25AC7FBCCA340DD73184F71D987BA13551A", "B37FB96EE4FA4B06328DA641D49120233F6F6FC031E87E5A21A71F34BB882B42", "B6D95F0701F49D56D5D5A8A74DDA2BF012DB31C636A1656CE925657C52B37FF4", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "BEDA222672F8B70F8CB7E234C9042DBA2863DC45389561D6A8B80E1A2BCDD840", "C52E4F43633A26DE3EC912F6665C082BAA08696723A69DA841FA0065F135AD79", "CF5AE1AC4D7F12352FB77F91CC5048FC41163311A15377504B06C6A053ADC4D7", "D3B546D5B3DF786BE31EF2744C27731D88DFE1E74550AA48FCE6B95A75448C23", "E321CD2FAD2352A58756D698FB9F6AEEA2D5866CC41E10025794D036A188BF76", "E515D9AE5ED3FEB7BDBAF35D90286D2E963A5E50F83A19555DC0BA545BE5A8E7", "EBE616DA40BA67D9642C6C6899E1FE0135C104ABDE475227E71EBEB089471CFC"]}, {"type": "ics", "idList": ["ICSA-22-160-01"]}, {"type": "jvn", "idList": ["JVN:06045169"]}, {"type": "kaspersky", "idList": ["KLA10066"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837"]}, {"type": "mageia", "idList": ["MGASA-2017-0298", "MGASA-2018-0007", "MGASA-2018-0009"]}, {"type": "mozilla", "idList": ["MFSA2010-22"]}, {"type": "mskb", "idList": ["KB980436"]}, {"type": "nessus", "idList": ["3042.PRM", "3112.PRM", "3308.PRM", "4523.PRM", "5349.PRM", "5356.PRM", "5358.PRM", "5494.PRM", "5495.PRM", "5496.PRM", "5556.PRM", "5564.PRM", "5615.PRM", "5667.PRM", "5826.PRM", "700511.PRM", "700513.PRM", "800554.PRM", "800573.PRM", "800796.PRM", "800857.PRM", "801276.PRM", "801278.PRM", "9486.PRM", "9908.PRM", "AIX_SSL_ADVISORY.NASL", "ALA_ALAS-2017-785.NASL", "ALA_ALAS-2017-851.NASL", "ALA_ALAS-2017-863.NASL", "ALA_ALAS-2017-892.NASL", "ALA_ALAS-2017-896.NASL", "APACHE_2_0_55.NASL", "APACHE_2_0_64.NASL", "APACHE_2_2_15.NASL", "APACHE_2_2_16.NASL", "APACHE_2_2_32.NASL", "APACHE_2_2_34.NASL", "APACHE_2_4_25.NASL", "APACHE_2_4_26.NASL", "APACHE_2_4_27.NASL", "APACHE_2_4_28.NASL", "APACHE_MOD_SSL_ERROR_DOCUMENT_DOS.NASL", "CENTOS_RHSA-2005-582.NASL", "CENTOS_RHSA-2005-608.NASL", "CENTOS_RHSA-2006-0159.NASL", "CENTOS_RHSA-2009-1579.NASL", "CENTOS_RHSA-2009-1580.NASL", "CENTOS_RHSA-2010-0162.NASL", "CENTOS_RHSA-2010-0163.NASL", "CENTOS_RHSA-2010-0164.NASL", "CENTOS_RHSA-2010-0165.NASL", "CENTOS_RHSA-2010-0166.NASL", "CENTOS_RHSA-2010-0167.NASL", "CENTOS_RHSA-2010-0333.NASL", "CENTOS_RHSA-2010-0339.NASL", "CENTOS_RHSA-2010-0659.NASL", "CENTOS_RHSA-2010-0768.NASL", "CENTOS_RHSA-2012-0107.NASL", "CENTOS_RHSA-2017-0906.NASL", "CENTOS_RHSA-2017-1721.NASL", "CENTOS_RHSA-2017-2478.NASL", "CENTOS_RHSA-2017-2479.NASL", "CENTOS_RHSA-2017-2882.NASL", "CENTOS_RHSA-2017-2972.NASL", "DB2_95FP6.NASL", "DB2_97FP2.NASL", "DB2_9FP9.NASL", "DEBIAN_DLA-1009.NASL", "DEBIAN_DLA-1028.NASL", "DEBIAN_DLA-1102.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DLA-841.NASL", "DEBIAN_DSA-1167.NASL", "DEBIAN_DSA-1934.NASL", "DEBIAN_DSA-2141.NASL", "DEBIAN_DSA-2298.NASL", "DEBIAN_DSA-2626.NASL", "DEBIAN_DSA-3253.NASL", "DEBIAN_DSA-3796.NASL", "DEBIAN_DSA-3896.NASL", "DEBIAN_DSA-3913.NASL", "DEBIAN_DSA-3980.NASL", "DEBIAN_DSA-803.NASL", "DEBIAN_DSA-805.NASL", "DEBIAN_DSA-807.NASL", "EULEROS_SA-2017-1085.NASL", "EULEROS_SA-2017-1086.NASL", "EULEROS_SA-2017-1177.NASL", "EULEROS_SA-2017-1178.NASL", "EULEROS_SA-2017-1252.NASL", "EULEROS_SA-2017-1253.NASL", "EULEROS_SA-2019-1389.NASL", "EULEROS_SA-2019-1419.NASL", "EULEROS_SA-2019-1547.NASL", "F5_BIGIP_SOL00373024.NASL", "F5_BIGIP_SOL10737.NASL", "F5_BIGIP_SOL34125394.NASL", "F5_BIGIP_SOL75429050.NASL", "F5_BIGIP_SOL83043359.NASL", "FEDORA_2005-638.NASL", "FEDORA_2005-639.NASL", "FEDORA_2005-848.NASL", "FEDORA_2005-849.NASL", "FEDORA_2006-052.NASL", "FEDORA_2009-12229.NASL", "FEDORA_2009-12305.NASL", "FEDORA_2009-12604.NASL", "FEDORA_2009-12606.NASL", "FEDORA_2009-12747.NASL", "FEDORA_2009-12750.NASL", "FEDORA_2009-12775.NASL", "FEDORA_2009-12782.NASL", "FEDORA_2009-12968.NASL", "FEDORA_2009-13236.NASL", "FEDORA_2009-13250.NASL", "FEDORA_2010-1127.NASL", "FEDORA_2010-12478.NASL", "FEDORA_2010-16240.NASL", "FEDORA_2010-16294.NASL", "FEDORA_2010-16312.NASL", "FEDORA_2010-3905.NASL", "FEDORA_2010-3929.NASL", "FEDORA_2010-3956.NASL", "FEDORA_2010-5357.NASL", "FEDORA_2010-5942.NASL", "FEDORA_2010-6025.NASL", "FEDORA_2010-6039.NASL", "FEDORA_2010-6131.NASL", "FEDORA_2010-6279.NASL", "FEDORA_2010-8742.NASL", "FEDORA_2010-9487.NASL", "FEDORA_2010-9518.NASL", "FEDORA_2011-14747.NASL", "FEDORA_2016-8D9B62C784.NASL", "FEDORA_2016-D22F50D985.NASL", "FEDORA_2017-81976B6A91.NASL", "FEDORA_2017-9DED7C5670.NASL", "FEDORA_2017-A52F252521.NASL", "FEDORA_2017-CF9599A306.NASL", "FEDORA_2017-FDD3A98E8F.NASL", "FIREEYE_OS_EX_801.NASL", "FORTIOS_FG-IR-17-137.NASL", "FREEBSD_PKG_0C2DB2AA558411E79A7DB499BAEBFEAF.NASL", "FREEBSD_PKG_28A7310F985511DF8D36001AA0166822.NASL", "FREEBSD_PKG_457CE01567FA11E7867FB499BAEBFEAF.NASL", "FREEBSD_PKG_651996E0FE0711D98329000E0C2E438A.NASL", "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "FREEBSD_PKG_862D6AB3C75E11E69F9820CF30E32F6D.NASL", "FREEBSD_PKG_9CCFEE393C3B11DF9EDC000F20797EDE.NASL", "FREEBSD_PKG_9FFF8DC87AA711DABF7200123F589060.NASL", "FREEBSD_PKG_E936D612253F11DABC01000E0C2E438A.NASL", "GENTOO_GLSA-200508-15.NASL", "GENTOO_GLSA-200509-12.NASL", "GENTOO_GLSA-200602-03.NASL", "GENTOO_GLSA-200912-01.NASL", "GENTOO_GLSA-201006-18.NASL", "GENTOO_GLSA-201110-05.NASL", "GENTOO_GLSA-201203-22.NASL", "GENTOO_GLSA-201206-18.NASL", "GENTOO_GLSA-201206-25.NASL", "GENTOO_GLSA-201301-01.NASL", "GENTOO_GLSA-201309-15.NASL", "GENTOO_GLSA-201311-13.NASL", "GENTOO_GLSA-201406-32.NASL", "GENTOO_GLSA-201701-36.NASL", "GENTOO_GLSA-201710-32.NASL", "HPSMH_6_1_0_102.NASL", "HPSMH_6_2_0_12.NASL", "HPSMH_7_0_0_24.NASL", "HPSMH_7_6_1.NASL", "HPUX_PHSS_34119.NASL", "HPUX_PHSS_34120.NASL", "HPUX_PHSS_34121.NASL", "HPUX_PHSS_34123.NASL", "HPUX_PHSS_34163.NASL", "HPUX_PHSS_34169.NASL", "HPUX_PHSS_34170.NASL", "HPUX_PHSS_34171.NASL", "HPUX_PHSS_34203.NASL", "HPUX_PHSS_34204.NASL", "HPUX_PHSS_35110.NASL", "HPUX_PHSS_35111.NASL", "HPUX_PHSS_35436.NASL", "HPUX_PHSS_35437.NASL", "HPUX_PHSS_35458.NASL", "HPUX_PHSS_35459.NASL", "HPUX_PHSS_35460.NASL", "HPUX_PHSS_35461.NASL", "HPUX_PHSS_35462.NASL", "HPUX_PHSS_35463.NASL", "HPUX_PHSS_36385.NASL", "HPUX_PHSS_36386.NASL", "HPUX_PHSS_36773.NASL", "HPUX_PHSS_37141.NASL", "HP_SYSTEMS_INSIGHT_MANAGER_700_MULTIPLE_VULNS.NASL", "IBM_HTTP_SERVER_289001.NASL", "IBM_HTTP_SERVER_298437.NASL", "IBM_HTTP_SERVER_563615.NASL", "IIS_7_PCI.NASL", "JUNIPER_SPACE_JSA_10838.NASL", "MACOSX_10_5_3.NASL", "MACOSX_10_6_7.NASL", "MACOSX_JAVA_10_5_UPDATE7.NASL", "MACOSX_JAVA_10_5_UPDATE8.NASL", "MACOSX_JAVA_10_6_UPDATE2.NASL", "MACOSX_JAVA_10_6_UPDATE3.NASL", "MACOSX_SECUPD2005-009.NASL", "MACOSX_SECUPD2008-002.NASL", "MACOSX_SECUPD2008-003.NASL", "MACOSX_SECUPD2010-001.NASL", "MACOSX_SECUPD2011-001.NASL", "MACOSX_SECUPD2017-004.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_12_4.NASL", "MACOS_10_13.NASL", "MACOS_10_13_2.NASL", "MANDRAKE_MDKSA-2005-129.NASL", "MANDRAKE_MDKSA-2005-130.NASL", "MANDRAKE_MDKSA-2005-161.NASL", "MANDRAKE_MDKSA-2006-007.NASL", "MANDRIVA_MDVSA-2009-295.NASL", "MANDRIVA_MDVSA-2009-323.NASL", "MANDRIVA_MDVSA-2009-337.NASL", "MANDRIVA_MDVSA-2010-069.NASL", "MANDRIVA_MDVSA-2010-070.NASL", "MANDRIVA_MDVSA-2010-076.NASL", "MANDRIVA_MDVSA-2010-084.NASL", "MANDRIVA_MDVSA-2010-152.NASL", "MANDRIVA_MDVSA-2010-153.NASL", "MOD_IMAP_XSS.NASL", "MOZILLA_FIREFOX_359.NASL", "MOZILLA_FIREFOX_362.NASL", "MOZILLA_THUNDERBIRD_304.NASL", "NEWSTART_CGSL_NS-SA-2019-0020_OPENSSL098E.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "NGINX_0_7_64.NASL", "OPENOFFICE_321.NASL", "OPENSSL_0_9_8M.NASL", "OPENSUSE-2012-342.NASL", "OPENSUSE-2012-756.NASL", "OPENSUSE-2017-1083.NASL", "OPENSUSE-2017-416.NASL", "OPENSUSE-2017-417.NASL", "OPENSUSE-2017-786.NASL", "OPENSUSE-2017-865.NASL", "OPENSUSE-2018-1046.NASL", "OPENSUSE-2018-389.NASL", "OPERA_1050.NASL", "ORACLELINUX_ELSA-2009-1579.NASL", "ORACLELINUX_ELSA-2009-1580.NASL", "ORACLELINUX_ELSA-2010-0162.NASL", "ORACLELINUX_ELSA-2010-0163.NASL", "ORACLELINUX_ELSA-2010-0164.NASL", "ORACLELINUX_ELSA-2010-0165.NASL", "ORACLELINUX_ELSA-2010-0166.NASL", "ORACLELINUX_ELSA-2010-0167.NASL", "ORACLELINUX_ELSA-2010-0333.NASL", "ORACLELINUX_ELSA-2010-0339.NASL", "ORACLELINUX_ELSA-2010-0659.NASL", "ORACLELINUX_ELSA-2010-0768.NASL", "ORACLELINUX_ELSA-2011-2037.NASL", "ORACLELINUX_ELSA-2012-0107.NASL", "ORACLELINUX_ELSA-2017-0906.NASL", "ORACLELINUX_ELSA-2017-1721.NASL", "ORACLELINUX_ELSA-2017-2478.NASL", "ORACLELINUX_ELSA-2017-2479.NASL", "ORACLELINUX_ELSA-2017-2882.NASL", "ORACLELINUX_ELSA-2017-2972.NASL", "ORACLEVM_OVMSA-2013-0039.NASL", "ORACLEVM_OVMSA-2014-0007.NASL", "ORACLEVM_OVMSA-2014-0008.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_HTTP_SERVER_CPU_JUL_2013.NASL", "ORACLE_JAVA_CPU_MAR_2010.NASL", "ORACLE_JAVA_CPU_MAR_2010_UNIX.NASL", "ORACLE_JAVA_CPU_OCT_2010.NASL", "ORACLE_JAVA_CPU_OCT_2010_UNIX.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL", "ORACLE_RDBMS_CPU_APR_2011.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_OCT_2017_CPU.NASL", "PHOTONOS_PHSA-2017-0027.NASL", "PHOTONOS_PHSA-2017-0027_HTTPD.NASL", "REDHAT-RHSA-2005-582.NASL", "REDHAT-RHSA-2005-608.NASL", "REDHAT-RHSA-2005-773.NASL", "REDHAT-RHSA-2006-0158.NASL", "REDHAT-RHSA-2006-0159.NASL", "REDHAT-RHSA-2008-0523.NASL", "REDHAT-RHSA-2009-1579.NASL", "REDHAT-RHSA-2009-1580.NASL", "REDHAT-RHSA-2009-1694.NASL", "REDHAT-RHSA-2010-0130.NASL", "REDHAT-RHSA-2010-0155.NASL", "REDHAT-RHSA-2010-0162.NASL", "REDHAT-RHSA-2010-0163.NASL", "REDHAT-RHSA-2010-0164.NASL", "REDHAT-RHSA-2010-0165.NASL", "REDHAT-RHSA-2010-0166.NASL", "REDHAT-RHSA-2010-0167.NASL", "REDHAT-RHSA-2010-0333.NASL", "REDHAT-RHSA-2010-0337.NASL", "REDHAT-RHSA-2010-0338.NASL", "REDHAT-RHSA-2010-0339.NASL", "REDHAT-RHSA-2010-0659.NASL", "REDHAT-RHSA-2010-0768.NASL", "REDHAT-RHSA-2010-0770.NASL", "REDHAT-RHSA-2010-0786.NASL", "REDHAT-RHSA-2010-0807.NASL", "REDHAT-RHSA-2010-0865.NASL", "REDHAT-RHSA-2010-0987.NASL", "REDHAT-RHSA-2011-0880.NASL", "REDHAT-RHSA-2011-1530.NASL", "REDHAT-RHSA-2012-0107.NASL", "REDHAT-RHSA-2012-0116.NASL", "REDHAT-RHSA-2012-0168.NASL", "REDHAT-RHSA-2012-0517.NASL", "REDHAT-RHSA-2017-0906.NASL", "REDHAT-RHSA-2017-1413.NASL", "REDHAT-RHSA-2017-1414.NASL", "REDHAT-RHSA-2017-1721.NASL", "REDHAT-RHSA-2017-2478.NASL", "REDHAT-RHSA-2017-2479.NASL", "REDHAT-RHSA-2017-2709.NASL", "REDHAT-RHSA-2017-2710.NASL", "REDHAT-RHSA-2017-2882.NASL", "REDHAT-RHSA-2017-2972.NASL", "REDHAT-RHSA-2017-3113.NASL", "REDHAT-RHSA-2017-3193.NASL", "REDHAT-RHSA-2017-3194.NASL", "REDHAT-RHSA-2017-3195.NASL", "REDHAT-RHSA-2017-3240.NASL", "REDHAT-RHSA-2017-3476.NASL", "REDHAT-RHSA-2017-3477.NASL", "SEAMONKEY_204.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "SECURITYCENTER_APACHE_2_4_25.NASL", "SLACKWARE_SSA_2005-251-02.NASL", "SLACKWARE_SSA_2005-310-04.NASL", "SLACKWARE_SSA_2006-129-01.NASL", "SLACKWARE_SSA_2006-130-01.NASL", "SLACKWARE_SSA_2009-320-01.NASL", "SLACKWARE_SSA_2010-067-01.NASL", "SLACKWARE_SSA_2010-240-02.NASL", "SLACKWARE_SSA_2016-358-01.NASL", "SLACKWARE_SSA_2017-180-03.NASL", "SLACKWARE_SSA_2017-194-01.NASL", "SLACKWARE_SSA_2017-261-01.NASL", "SL_20091111_HTTPD_ON_SL3_X.NASL", "SL_20100325_GNUTLS_ON_SL4_X.NASL", "SL_20100325_NSS_ON_SL4_X.NASL", "SL_20100325_OPENSSL097A_ON_SL5_X.NASL", "SL_20100325_OPENSSL_ON_SL3_X.NASL", "SL_20100325_OPENSSL_ON_SL5_X.NASL", "SL_20100331_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20100331_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "SL_20100830_HTTPD_ON_SL5_X.NASL", "SL_20101013_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20101014_JAVA__JDK_1_6_0__ON_SL4_X.NASL", "SL_20101110_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "SL_20111206_SCIENTIFIC_LINUX_6_KERNEL_ON_SL6_X.NASL", "SL_20120209_KERNEL_ON_SL5_X.NASL", "SL_20170412_HTTPD_ON_SL7_X.NASL", "SL_20170711_HTTPD_ON_SL6_X.NASL", "SL_20170815_HTTPD_ON_SL6_X.NASL", "SL_20170815_HTTPD_ON_SL7_X.NASL", "SL_20171011_HTTPD_ON_SL7_X.NASL", "SL_20171019_HTTPD_ON_SL6_X.NASL", "SMB_NT_MS10-049.NASL", "SOLARIS10_125437-22.NASL", "SOLARIS10_125437.NASL", "SOLARIS10_128640-30.NASL", "SOLARIS10_128640.NASL", "SOLARIS10_143140-04.NASL", "SOLARIS10_145102-01.NASL", "SOLARIS10_X86_125438-22.NASL", "SOLARIS10_X86_125438.NASL", "SOLARIS10_X86_128641-30.NASL", "SOLARIS10_X86_128641.NASL", "SOLARIS10_X86_141525-10.NASL", "SOLARIS8_125437.NASL", "SOLARIS9_125437.NASL", "SOLARIS9_128640.NASL", "SOLARIS9_X86_125438.NASL", "SOLARIS9_X86_128641.NASL", "SSL_RENEGOTIATION.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE9_11489.NASL", "SUSE9_12550.NASL", "SUSE9_12606.NASL", "SUSE9_12621.NASL", "SUSE9_12623.NASL", "SUSE9_12658.NASL", "SUSE9_12659.NASL", "SUSE9_12705.NASL", "SUSE_11_0_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_0_FIREFOX35UPGRADE-100407.NASL", "SUSE_11_0_JAVA-1_6_0-OPENJDK-100428.NASL", "SUSE_11_0_JAVA-1_6_0-SUN-100331.NASL", "SUSE_11_0_LIBFREEBL3-100407.NASL", "SUSE_11_0_LIBOPENSSL-DEVEL-091112.NASL", "SUSE_11_0_MOZILLA-XULRUNNER190-100407.NASL", "SUSE_11_1_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_1_FIREFOX35UPGRADE-100407.NASL", "SUSE_11_1_GNUTLS-101025.NASL", "SUSE_11_1_GNUTLS-101206.NASL", "SUSE_11_1_JAVA-1_6_0-OPENJDK-100428.NASL", "SUSE_11_1_JAVA-1_6_0-OPENJDK-101103.NASL", "SUSE_11_1_JAVA-1_6_0-SUN-100331.NASL", "SUSE_11_1_JAVA-1_6_0-SUN-101019.NASL", "SUSE_11_1_LIBFREEBL3-100407.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-091112.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-100331.NASL", "SUSE_11_1_MOZILLA-XULRUNNER190-100407.NASL", "SUSE_11_1_MOZILLAFIREFOX-BRANDING-OPENSUSE-100413.NASL", "SUSE_11_2_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_2_GNUTLS-101025.NASL", "SUSE_11_2_GNUTLS-101206.NASL", "SUSE_11_2_JAVA-1_6_0-OPENJDK-100412.NASL", "SUSE_11_2_JAVA-1_6_0-OPENJDK-101103.NASL", "SUSE_11_2_JAVA-1_6_0-SUN-100331.NASL", "SUSE_11_2_JAVA-1_6_0-SUN-101019.NASL", "SUSE_11_2_LIBFREEBL3-100406.NASL", "SUSE_11_2_LIBOPENSSL-DEVEL-091113.NASL", "SUSE_11_2_LIBOPENSSL-DEVEL-100401.NASL", "SUSE_11_2_MOZILLAFIREFOX-100412.NASL", "SUSE_11_2_MOZILLATHUNDERBIRD-100406.NASL", "SUSE_11_2_SEAMONKEY-100406.NASL", "SUSE_11_3_COMPAT-OPENSSL097G-110721.NASL", "SUSE_11_3_GNUTLS-101025.NASL", "SUSE_11_3_GNUTLS-101206.NASL", "SUSE_11_3_JAVA-1_6_0-OPENJDK-101103.NASL", "SUSE_11_3_JAVA-1_6_0-SUN-101019.NASL", "SUSE_11_4_COMPAT-OPENSSL097G-110721.NASL", "SUSE_11_APACHE2-110831.NASL", "SUSE_11_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_COMPAT-OPENSSL097G-110721.NASL", "SUSE_11_GNUTLS-101206.NASL", "SUSE_11_JAVA-1_4_2-IBM-100510.NASL", "SUSE_11_JAVA-1_4_2-IBM-101112.NASL", "SUSE_11_JAVA-1_6_0-IBM-101220.NASL", "SUSE_11_JAVA-1_6_0-SUN-100331.NASL", "SUSE_11_JAVA-1_6_0-SUN-101019.NASL", "SUSE_11_LIBFREEBL3-100406.NASL", "SUSE_11_LIBOPENSSL-DEVEL-091112.NASL", "SUSE_11_LIBOPENSSL-DEVEL-100331.NASL", "SUSE_11_MOZILLA-XULRUNNER190-100406.NASL", "SUSE_11_MOZILLA-XULRUNNER190-100407.NASL", "SUSE_11_MOZILLAFIREFOX-100406.NASL", "SUSE_11_MOZILLAFIREFOX-100407.NASL", "SUSE_APACHE2-1906.NASL", "SUSE_COMPAT-OPENSSL097G-6656.NASL", "SUSE_COMPAT-OPENSSL097G-6657.NASL", "SUSE_COMPAT-OPENSSL097G-7644.NASL", "SUSE_COMPAT-OPENSSL097G-7645.NASL", "SUSE_GNUTLS-7299.NASL", "SUSE_JAVA-1_4_2-IBM-7036.NASL", "SUSE_JAVA-1_4_2-IBM-7231.NASL", "SUSE_JAVA-1_5_0-IBM-7077.NASL", "SUSE_JAVA-1_5_0-IBM-7205.NASL", "SUSE_JAVA-1_6_0-IBM-7312.NASL", "SUSE_JAVA-1_6_0-SUN-7204.NASL", "SUSE_MOZILLA-NSPR-6977.NASL", "SUSE_MOZILLA-NSS-6978.NASL", "SUSE_MOZILLA-XULRUNNER190-6971.NASL", "SUSE_MOZILLA-XULRUNNER190-6976.NASL", "SUSE_MOZILLAFIREFOX-6970.NASL", "SUSE_MOZILLAFIREFOX-6979.NASL", "SUSE_OPENSSL-6654.NASL", "SUSE_OPENSSL-6655.NASL", "SUSE_OPENSSL-6943.NASL", "SUSE_OPENSSL-6944.NASL", "SUSE_SA_2005_046.NASL", "SUSE_SA_2006_043.NASL", "SUSE_SA_2006_051.NASL", "SUSE_SU-2017-0729-1.NASL", "SUSE_SU-2017-0797-1.NASL", "SUSE_SU-2017-0801-1.NASL", "SUSE_SU-2017-1714-1.NASL", "SUSE_SU-2017-1961-1.NASL", "SUSE_SU-2017-1997-1.NASL", "SUSE_SU-2017-2449-1.NASL", "SUSE_SU-2017-2542-1.NASL", "SUSE_SU-2017-2718-1.NASL", "SUSE_SU-2017-2756-1.NASL", "SUSE_SU-2017-2907-1.NASL", "SUSE_SU-2018-2554-1.NASL", "SUSE_SU-2018-2815-1.NASL", "SUSE_SU-2018-2815-2.NASL", "SYMANTEC_CONTENT_ANALYSIS_SYMSA1410.NASL", "UBUNTU_USN-1010-1.NASL", "UBUNTU_USN-1021-1.NASL", "UBUNTU_USN-1294-1.NASL", "UBUNTU_USN-160-1.NASL", "UBUNTU_USN-160-2.NASL", "UBUNTU_USN-177-1.NASL", "UBUNTU_USN-241-1.NASL", "UBUNTU_USN-3279-1.NASL", "UBUNTU_USN-3340-1.NASL", "UBUNTU_USN-3370-1.NASL", "UBUNTU_USN-3425-1.NASL", "UBUNTU_USN-860-1.NASL", "UBUNTU_USN-923-1.NASL", "UBUNTU_USN-927-1.NASL", "UBUNTU_USN-927-4.NASL", "UBUNTU_USN-927-6.NASL", "UBUNTU_USN-990-1.NASL", "UBUNTU_USN-990-2.NASL", "VIRTUALBOX_5_1_30.NASL", "VIRTUOZZO_VZLSA-2017-0906.NASL", "VIRTUOZZO_VZLSA-2017-1721.NASL", "VIRTUOZZO_VZLSA-2017-2478.NASL", "VIRTUOZZO_VZLSA-2017-2972.NASL", "VMWARE_VMSA-2010-0015.NASL", "VMWARE_VMSA-2010-0015_REMOTE.NASL", "VMWARE_VMSA-2010-0019.NASL", "VMWARE_VMSA-2010-0019_REMOTE.NASL", "VMWARE_VMSA-2011-0003.NASL", "VMWARE_VMSA-2011-0003_REMOTE.NASL", "WEB_APPLICATION_SCANNING_98910", "WEB_APPLICATION_SCANNING_98911", "WEB_APPLICATION_SCANNING_98912", "WEB_APPLICATION_SCANNING_98913"]}, {"type": "nginx", "idList": ["NGINX:CVE-2009-3555"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2009-3555"]}, {"type": "openvas", "idList": ["OPENVAS:100725", "OPENVAS:102020", "OPENVAS:102031", "OPENVAS:102045", "OPENVAS:102047", "OPENVAS:103454", "OPENVAS:1361412562310100725", "OPENVAS:1361412562310102020", "OPENVAS:1361412562310102031", "OPENVAS:1361412562310102045", "OPENVAS:1361412562310102047", "OPENVAS:1361412562310103454", "OPENVAS:1361412562310108252", "OPENVAS:1361412562310112048", "OPENVAS:1361412562310112085", "OPENVAS:1361412562310121000", "OPENVAS:1361412562310121029", "OPENVAS:1361412562310121072", "OPENVAS:1361412562310121235", "OPENVAS:1361412562310122029", "OPENVAS:1361412562310122034", "OPENVAS:1361412562310122310", "OPENVAS:1361412562310122325", "OPENVAS:1361412562310122367", "OPENVAS:1361412562310122380", "OPENVAS:1361412562310122381", "OPENVAS:1361412562310122382", "OPENVAS:1361412562310122383", "OPENVAS:1361412562310122420", "OPENVAS:1361412562310123993", "OPENVAS:136141256231055258", "OPENVAS:136141256231056731", "OPENVAS:136141256231065017", "OPENVAS:136141256231065072", "OPENVAS:136141256231065131", "OPENVAS:136141256231065142", "OPENVAS:136141256231065363", "OPENVAS:136141256231065472", "OPENVAS:136141256231065575", "OPENVAS:136141256231066240", "OPENVAS:136141256231066241", "OPENVAS:136141256231066270", "OPENVAS:136141256231066274", "OPENVAS:136141256231066275", "OPENVAS:136141256231066278", "OPENVAS:136141256231066279", "OPENVAS:136141256231066285", "OPENVAS:136141256231066302", "OPENVAS:136141256231066310", "OPENVAS:136141256231066353", "OPENVAS:136141256231066414", "OPENVAS:136141256231066449", "OPENVAS:136141256231066450", "OPENVAS:136141256231066451", "OPENVAS:136141256231066497", "OPENVAS:136141256231066498", "OPENVAS:136141256231066517", "OPENVAS:136141256231066557", "OPENVAS:136141256231066562", "OPENVAS:136141256231066563", "OPENVAS:136141256231066583", "OPENVAS:136141256231066585", "OPENVAS:136141256231067045", "OPENVAS:136141256231067218", "OPENVAS:136141256231067868", "OPENVAS:136141256231068175", "OPENVAS:136141256231068998", "OPENVAS:136141256231069021", "OPENVAS:136141256231070233", "OPENVAS:136141256231070235", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703796", "OPENVAS:1361412562310703896", "OPENVAS:1361412562310703913", "OPENVAS:1361412562310703980", "OPENVAS:136141256231070768", "OPENVAS:136141256231071308", "OPENVAS:136141256231071551", "OPENVAS:136141256231071585", "OPENVAS:1361412562310800466", "OPENVAS:1361412562310800499", "OPENVAS:1361412562310800500", "OPENVAS:1361412562310810728", "OPENVAS:1361412562310811213", "OPENVAS:1361412562310811214", "OPENVAS:1361412562310811215", "OPENVAS:1361412562310811216", "OPENVAS:1361412562310811236", "OPENVAS:1361412562310811237", "OPENVAS:1361412562310811960", "OPENVAS:1361412562310812033", "OPENVAS:1361412562310812035", "OPENVAS:1361412562310812045", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310830893", "OPENVAS:1361412562310830906", "OPENVAS:1361412562310830920", "OPENVAS:1361412562310830934", "OPENVAS:1361412562310830970", "OPENVAS:1361412562310830981", "OPENVAS:1361412562310830984", "OPENVAS:1361412562310831003", "OPENVAS:1361412562310831006", "OPENVAS:1361412562310831014", "OPENVAS:1361412562310831131", "OPENVAS:1361412562310831132", "OPENVAS:1361412562310835101", "OPENVAS:1361412562310835229", "OPENVAS:1361412562310835234", "OPENVAS:1361412562310835246", "OPENVAS:1361412562310835247", "OPENVAS:1361412562310840411", "OPENVAS:1361412562310840416", "OPENVAS:1361412562310840453", "OPENVAS:1361412562310840455", "OPENVAS:1361412562310840468", "OPENVAS:1361412562310840504", "OPENVAS:1361412562310840505", "OPENVAS:1361412562310840527", "OPENVAS:1361412562310840542", "OPENVAS:1361412562310840834", "OPENVAS:1361412562310843156", "OPENVAS:1361412562310843226", "OPENVAS:1361412562310843260", "OPENVAS:1361412562310843313", "OPENVAS:1361412562310850131", "OPENVAS:1361412562310850607", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851910", "OPENVAS:1361412562310855077", "OPENVAS:1361412562310855179", "OPENVAS:1361412562310855472", "OPENVAS:1361412562310855478", "OPENVAS:1361412562310855494", "OPENVAS:1361412562310855524", "OPENVAS:1361412562310855531", "OPENVAS:1361412562310855566", "OPENVAS:1361412562310855645", "OPENVAS:1361412562310855695", "OPENVAS:1361412562310855731", "OPENVAS:1361412562310855737", "OPENVAS:1361412562310855812", "OPENVAS:1361412562310855821", "OPENVAS:1361412562310861695", "OPENVAS:1361412562310861746", "OPENVAS:1361412562310861798", "OPENVAS:1361412562310861861", "OPENVAS:1361412562310861862", "OPENVAS:1361412562310861878", "OPENVAS:1361412562310861929", "OPENVAS:1361412562310861956", "OPENVAS:1361412562310862126", "OPENVAS:1361412562310862152", "OPENVAS:1361412562310862163", "OPENVAS:1361412562310862184", "OPENVAS:1361412562310862207", "OPENVAS:1361412562310862314", "OPENVAS:1361412562310862464", "OPENVAS:1361412562310862470", "OPENVAS:1361412562310862519", "OPENVAS:1361412562310862546", "OPENVAS:1361412562310862568", "OPENVAS:1361412562310862628", "OPENVAS:1361412562310863604", "OPENVAS:1361412562310870235", "OPENVAS:1361412562310870236", "OPENVAS:1361412562310870237", "OPENVAS:1361412562310870238", "OPENVAS:1361412562310870240", "OPENVAS:1361412562310870243", "OPENVAS:1361412562310870250", "OPENVAS:1361412562310870314", "OPENVAS:1361412562310870340", "OPENVAS:1361412562310870544", "OPENVAS:1361412562310870695", "OPENVAS:1361412562310871799", "OPENVAS:1361412562310871843", "OPENVAS:1361412562310871882", "OPENVAS:1361412562310871885", "OPENVAS:1361412562310872183", "OPENVAS:1361412562310872185", "OPENVAS:1361412562310872870", "OPENVAS:1361412562310872883", "OPENVAS:1361412562310873446", "OPENVAS:1361412562310874436", "OPENVAS:1361412562310880380", "OPENVAS:1361412562310880382", "OPENVAS:1361412562310880385", "OPENVAS:1361412562310880386", "OPENVAS:1361412562310880601", "OPENVAS:1361412562310880611", "OPENVAS:1361412562310880612", "OPENVAS:1361412562310880630", "OPENVAS:1361412562310880641", "OPENVAS:1361412562310880658", "OPENVAS:1361412562310880691", "OPENVAS:1361412562310880706", "OPENVAS:1361412562310880739", "OPENVAS:1361412562310881207", "OPENVAS:1361412562310882692", "OPENVAS:1361412562310882751", "OPENVAS:1361412562310882759", "OPENVAS:1361412562310882784", "OPENVAS:1361412562310882791", "OPENVAS:1361412562310890000", "OPENVAS:1361412562310890841", "OPENVAS:1361412562310891009", "OPENVAS:1361412562310891028", "OPENVAS:1361412562310891102", "OPENVAS:1361412562310892626", "OPENVAS:1361412562310900247", "OPENVAS:1361412562310902470", "OPENVAS:1361412562311220171085", "OPENVAS:1361412562311220171086", "OPENVAS:1361412562311220171177", "OPENVAS:1361412562311220171178", "OPENVAS:1361412562311220171252", "OPENVAS:1361412562311220171253", "OPENVAS:1361412562311220191389", "OPENVAS:1361412562311220191419", "OPENVAS:1361412562311220191547", "OPENVAS:54439", "OPENVAS:55129", "OPENVAS:55258", "OPENVAS:55259", "OPENVAS:55261", "OPENVAS:55284", "OPENVAS:55355", "OPENVAS:55392", "OPENVAS:56067", "OPENVAS:56246", "OPENVAS:56731", "OPENVAS:57335", "OPENVAS:65017", "OPENVAS:65072", "OPENVAS:65131", "OPENVAS:65142", "OPENVAS:65363", "OPENVAS:65472", "OPENVAS:65575", "OPENVAS:66240", "OPENVAS:66241", "OPENVAS:66270", "OPENVAS:66274", "OPENVAS:66275", "OPENVAS:66278", "OPENVAS:66279", "OPENVAS:66285", "OPENVAS:66302", "OPENVAS:66310", "OPENVAS:66353", "OPENVAS:66414", "OPENVAS:66449", "OPENVAS:66450", "OPENVAS:66451", "OPENVAS:66497", "OPENVAS:66498", "OPENVAS:66517", "OPENVAS:66557", "OPENVAS:66562", "OPENVAS:66563", "OPENVAS:66583", "OPENVAS:66585", "OPENVAS:67045", "OPENVAS:67218", "OPENVAS:67868", "OPENVAS:68175", "OPENVAS:68998", "OPENVAS:69021", "OPENVAS:70233", "OPENVAS:70235", "OPENVAS:703253", "OPENVAS:703796", "OPENVAS:703896", "OPENVAS:703913", "OPENVAS:70768", "OPENVAS:71308", "OPENVAS:71551", "OPENVAS:71585", "OPENVAS:800466", "OPENVAS:800499", "OPENVAS:830893", "OPENVAS:830906", "OPENVAS:830920", "OPENVAS:830934", "OPENVAS:830970", "OPENVAS:830981", "OPENVAS:830984", "OPENVAS:831003", "OPENVAS:831006", "OPENVAS:831014", "OPENVAS:831131", "OPENVAS:831132", "OPENVAS:835101", "OPENVAS:835229", "OPENVAS:835234", "OPENVAS:835246", "OPENVAS:835247", "OPENVAS:840411", "OPENVAS:840416", "OPENVAS:840453", "OPENVAS:840455", "OPENVAS:840468", "OPENVAS:840504", "OPENVAS:840505", "OPENVAS:840527", "OPENVAS:840542", "OPENVAS:840834", "OPENVAS:850131", "OPENVAS:855077", "OPENVAS:855179", "OPENVAS:855472", "OPENVAS:855478", "OPENVAS:855494", "OPENVAS:855524", "OPENVAS:855531", "OPENVAS:855566", "OPENVAS:855645", "OPENVAS:855695", "OPENVAS:855731", "OPENVAS:855737", "OPENVAS:855812", "OPENVAS:855821", "OPENVAS:861695", "OPENVAS:861746", "OPENVAS:861798", "OPENVAS:861861", "OPENVAS:861862", "OPENVAS:861878", "OPENVAS:861929", "OPENVAS:861956", "OPENVAS:862126", "OPENVAS:862152", "OPENVAS:862163", "OPENVAS:862184", "OPENVAS:862207", "OPENVAS:862314", "OPENVAS:862464", "OPENVAS:862470", "OPENVAS:862519", "OPENVAS:862546", "OPENVAS:862568", "OPENVAS:862628", "OPENVAS:863604", "OPENVAS:870235", "OPENVAS:870236", "OPENVAS:870237", "OPENVAS:870238", "OPENVAS:870240", "OPENVAS:870243", "OPENVAS:870250", "OPENVAS:870314", "OPENVAS:870340", "OPENVAS:870544", "OPENVAS:870695", "OPENVAS:880380", "OPENVAS:880382", "OPENVAS:880385", "OPENVAS:880386", "OPENVAS:880601", "OPENVAS:880611", "OPENVAS:880612", "OPENVAS:880630", "OPENVAS:880641", "OPENVAS:880658", "OPENVAS:880691", "OPENVAS:880706", "OPENVAS:880739", "OPENVAS:881207", "OPENVAS:892626", "OPENVAS:900247", "OPENVAS:902470"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2011-301950", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUJAN2011-194091", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJUL2010-155308", "ORACLE:CPUJUL2018", "ORACLE:CPUJULY2013-1899826", "ORACLE:CPUOCT2010-175626", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1579", "ELSA-2009-1580", "ELSA-2010-0162", "ELSA-2010-0163", "ELSA-2010-0164", "ELSA-2010-0165", "ELSA-2010-0166", "ELSA-2010-0167", "ELSA-2010-0339", "ELSA-2010-0659", "ELSA-2010-0768", "ELSA-2011-1530", "ELSA-2011-2037", "ELSA-2012-0107", "ELSA-2012-0128", "ELSA-2012-0150", "ELSA-2012-0323", "ELSA-2013-0512", "ELSA-2015-3022", "ELSA-2017-0906", "ELSA-2017-1721", "ELSA-2017-2478", "ELSA-2017-2479", "ELSA-2017-2882", "ELSA-2017-2972", "ELSA-2019-4581", "ELSA-2019-4747"]}, {"type": "osv", "idList": ["OSV:DLA-1009-1", "OSV:DLA-1028-1", "OSV:DLA-1102-1", "OSV:DLA-400-1", "OSV:DLA-841-1", "OSV:DLA-841-2", "OSV:DLA-862-1", "OSV:DSA-1167-1", "OSV:DSA-1934-1", "OSV:DSA-2141-1", "OSV:DSA-2141-2", "OSV:DSA-2298-1", "OSV:DSA-2626-1", "OSV:DSA-3253-1", "OSV:DSA-3796-1", "OSV:DSA-3796-2", "OSV:DSA-3896-1", "OSV:DSA-3913-1", "OSV:DSA-3980-1", "OSV:DSA-803-1", "OSV:DSA-805-1", "OSV:DSA-807-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:84112"]}, {"type": "photon", "idList": ["PHSA-2017-0027", "PHSA-2017-0057", "PHSA-2017-0077"]}, {"type": "redhat", "idList": ["RHSA-2005:582", "RHSA-2005:608", "RHSA-2005:773", "RHSA-2006:0158", "RHSA-2006:0159", "RHSA-2009:1579", "RHSA-2009:1580", "RHSA-2009:1694", "RHSA-2010:0011", "RHSA-2010:0119", "RHSA-2010:0130", "RHSA-2010:0155", "RHSA-2010:0162", "RHSA-2010:0163", "RHSA-2010:0164", "RHSA-2010:0165", "RHSA-2010:0166", "RHSA-2010:0167", "RHSA-2010:0337", "RHSA-2010:0338", "RHSA-2010:0339", "RHSA-2010:0408", "RHSA-2010:0440", "RHSA-2010:0659", "RHSA-2010:0768", "RHSA-2010:0770", "RHSA-2010:0786", "RHSA-2010:0807", "RHSA-2010:0865", "RHSA-2010:0986", "RHSA-2010:0987", "RHSA-2011:0880", "RHSA-2011:0897", "RHSA-2011:1530", "RHSA-2012:0107", "RHSA-2012:0116", "RHSA-2012:0168", "RHSA-2012:0517", "RHSA-2015:1591", "RHSA-2017:0906", "RHSA-2017:1161", "RHSA-2017:1413", "RHSA-2017:1414", "RHSA-2017:1415", "RHSA-2017:1721", "RHSA-2017:2478", "RHSA-2017:2479", "RHSA-2017:2483", "RHSA-2017:2708", "RHSA-2017:2709", "RHSA-2017:2710", "RHSA-2017:2882", "RHSA-2017:2972", "RHSA-2017:3018", "RHSA-2017:3113", "RHSA-2017:3114", "RHSA-2017:3193", "RHSA-2017:3194", "RHSA-2017:3195", "RHSA-2017:3239", "RHSA-2017:3240", "RHSA-2017:3475", "RHSA-2017:3476", "RHSA-2017:3477"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-8743", "RH:CVE-2017-7668", "RH:CVE-2017-7679", "RH:CVE-2017-9788", "RH:CVE-2017-9798"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10660", "SECURITYVULNS:DOC:19937", "SECURITYVULNS:DOC:22763", "SECURITYVULNS:DOC:22777", "SECURITYVULNS:DOC:22982", "SECURITYVULNS:DOC:23220", "SECURITYVULNS:DOC:23561", "SECURITYVULNS:DOC:23588", "SECURITYVULNS:DOC:23678", "SECURITYVULNS:DOC:23750", "SECURITYVULNS:DOC:23890", "SECURITYVULNS:DOC:24227", "SECURITYVULNS:DOC:24282", "SECURITYVULNS:DOC:24448", "SECURITYVULNS:DOC:24548", "SECURITYVULNS:DOC:24771", "SECURITYVULNS:DOC:24895", "SECURITYVULNS:DOC:25963", "SECURITYVULNS:DOC:27881", "SECURITYVULNS:DOC:30023", "SECURITYVULNS:DOC:9652", "SECURITYVULNS:VULN:10388", "SECURITYVULNS:VULN:10745", "SECURITYVULNS:VULN:10790", "SECURITYVULNS:VULN:10999", "SECURITYVULNS:VULN:11198", "SECURITYVULNS:VULN:11380", "SECURITYVULNS:VULN:11518", "SECURITYVULNS:VULN:11620", "SECURITYVULNS:VULN:13214", "SECURITYVULNS:VULN:13422", "SECURITYVULNS:VULN:9726"]}, {"type": "seebug", "idList": ["SSV:12600", "SSV:12673", "SSV:15088", "SSV:18637", "SSV:23126", "SSV:4227", "SSV:67231", "SSV:96537"]}, {"type": "slackware", "idList": ["SSA-2005-251-02", "SSA-2005-251-03", "SSA-2006-129-01", "SSA-2009-320-01", "SSA-2010-067-01", "SSA-2010-240-02", "SSA-2016-358-01", "SSA-2017-180-03", "SSA-2017-194-01", "SSA-2017-261-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:0845-1", "OPENSUSE-SU-2014:1100-1", "OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:2856-1", "SUSE-SA:2005:046", "SUSE-SA:2005:051", "SUSE-SA:2005:052", "SUSE-SA:2006:043", "SUSE-SA:2006:051", "SUSE-SA:2009:057", "SUSE-SA:2010:020", "SUSE-SA:2010:021", "SUSE-SA:2010:028", "SUSE-SA:2010:061", "SUSE-SA:2011:006", "SUSE-SU-2011:0847-1", "SUSE-SU-2011:1000-1", "SUSE-SU-2011:1216-1"]}, {"type": "symantec", "idList": ["SMNTC-1410", "SMNTC-1457"]}, {"type": "threatpost", "idList": ["THREATPOST:D533EB88E7D7596BACF9A448FE23A374"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A5BD476BF79F7E3854840596F916518C"]}, {"type": "ubuntu", "idList": ["USN-1010-1", "USN-1021-1", "USN-1294-1", "USN-1299-1", "USN-1311-1", "USN-160-1", "USN-177-1", "USN-241-1", "USN-3279-1", "USN-3340-1", "USN-3370-1", "USN-3370-2", "USN-3373-1", "USN-3425-1", "USN-3425-2", "USN-860-1", "USN-923-1", "USN-927-1", "USN-927-4", "USN-927-6", "USN-990-1", "USN-990-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-1268", "UB:CVE-2005-2088", "UB:CVE-2005-2700", "UB:CVE-2005-2728", "UB:CVE-2005-3352", "UB:CVE-2005-3357", "UB:CVE-2009-3555", "UB:CVE-2010-1452", "UB:CVE-2011-3638", "UB:CVE-2016-4975", "UB:CVE-2016-8743", "UB:CVE-2017-3167", "UB:CVE-2017-3169", "UB:CVE-2017-7668", "UB:CVE-2017-7679", "UB:CVE-2017-9788", "UB:CVE-2017-9798"]}, {"type": "veracode", "idList": ["VERACODE:23818", "VERACODE:24140", "VERACODE:24817"]}, {"type": "vmware", "idList": ["VMSA-2010-0015", "VMSA-2010-0015.1", "VMSA-2010-0019", "VMSA-2010-0019.3"]}, {"type": "vulnerlab", "idList": ["VULNERABLE:967", "VULNERLAB:967"]}, {"type": "zdt", "idList": ["1337DAY-ID-28573"]}]}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-785", "ALAS-2017-851", "ALAS-2017-863", "ALAS-2017-892", "ALAS-2017-896"]}, {"type": "apple", "idList": ["APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201706-34", "ASA-201707-15", "ASA-201709-15"]}, {"type": "attackerkb", "idList": ["AKB:D0F5AA2A-4D99-41A6-9F83-6D0EA1AD01FC"]}, {"type": "avleonov", "idList": ["AVLEONOV:101A90D5F21CD7ACE01781C2913D1B6D"]}, {"type": "canvas", "idList": ["NSS"]}, {"type": "centos", "idList": ["CESA-2017:0906", "CESA-2017:1721", "CESA-2017:2478", "CESA-2017:2479", "CESA-2017:2882", "CESA-2017:2972"]}, {"type": "cert", "idList": ["VU:395412"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2009-0308", "CPAI-2018-0743"]}, {"type": "cisco", "idList": ["CISCO-SA-20091105-CVE-2009-3555"]}, {"type": "cve", "idList": ["CVE-2005-1268", "CVE-2005-2088", "CVE-2005-2700", "CVE-2005-2728", "CVE-2005-3352", "CVE-2005-3357", "CVE-2017-9788", "CVE-2017-9798"]}, {"type": "d0znpp", "idList": ["D0ZNPP:49DD0FEAD5D037024F28DFCCAA51B205"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1009-1:3325F", "DEBIAN:DLA-1028-1:56C6B", "DEBIAN:DLA-1102-1:7F277", "DEBIAN:DLA-841-1:5E66E", "DEBIAN:DLA-862-1:D0310", "DEBIAN:DSA-1934-1:699DB", "DEBIAN:DSA-2141-4:01EC7", "DEBIAN:DSA-3796-1:1E6E3", "DEBIAN:DSA-3796-2:C09F5", "DEBIAN:DSA-3896-1:758A1", "DEBIAN:DSA-3913-1:A0B7B", "DEBIAN:DSA-3980-1:C7ED3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-1452", "DEBIANCVE:CVE-2016-8743", "DEBIANCVE:CVE-2017-3167", "DEBIANCVE:CVE-2017-3169", "DEBIANCVE:CVE-2017-7668", "DEBIANCVE:CVE-2017-7679", "DEBIANCVE:CVE-2017-9788", "DEBIANCVE:CVE-2017-9798"]}, {"type": "exploitdb", "idList": ["EDB-ID:42745"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D"]}, {"type": "f5", "idList": ["F5:K23565223", "F5:K34125394", "F5:K54624443", "F5:K70084351", "F5:K75429050", "F5:K83043359", "SOL10737", "SOL15899", "SOL5278", "SOL5857"]}, {"type": "fedora", "idList": ["FEDORA:092E9605F081", "FEDORA:09EE06061CB6", "FEDORA:37F8D10F892", "FEDORA:5196D604624F", "FEDORA:63AEC601CFBA", "FEDORA:8858F604C5E6", "FEDORA:8F24F60427F3", "FEDORA:A9847604E850", "FEDORA:A9BA0608752F", "FEDORA:F1AD728EDBF"]}, {"type": "freebsd", "idList": ["28A7310F-9855-11DF-8D36-001AA0166822", "457CE015-67FA-11E7-867F-B499BAEBFEAF", "651996E0-FE07-11D9-8329-000E0C2E438A", "76B085E2-9D33-11E7-9260-000C292EE6B8", "9CCFEE39-3C3B-11DF-9EDC-000F20797EDE", "9FFF8DC8-7AA7-11DA-BF72-00123F589060", "E936D612-253F-11DA-BC01-000E0C2E438A"]}, {"type": "gentoo", "idList": ["GLSA-201710-32"]}, {"type": "githubexploit", "idList": ["ECC3E825-EE29-59D3-BE28-1B30DB15940E"]}, {"type": "hackerone", "idList": ["H1:244459", "H1:269568"]}, {"type": "httpd", "idList": ["HTTPD:650C6B8A1FEAD1FBD1AF9746142659F9"]}, {"type": "ibm", "idList": ["59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1", "78D40A21742356B91AB09A7C2E0571D44F72206C6C473316F0A204A6612E7ECE", "8E707C6723A8AE84E257A785A1F0A0704AEA1218866DF3AD3C1C94882C5D965F", "D3B546D5B3DF786BE31EF2744C27731D88DFE1E74550AA48FCE6B95A75448C23"]}, {"type": "kaspersky", "idList": ["KLA10066"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/APACHE_OPTIONSBLEED"]}, {"type": "mozilla", "idList": ["MFSA2010-22"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-892.NASL", "ALA_ALAS-2017-896.NASL", "APACHE_MOD_SSL_ERROR_DOCUMENT_DOS.NASL", "CENTOS_RHSA-2010-0164.NASL", "CENTOS_RHSA-2010-0659.NASL", "CENTOS_RHSA-2017-1721.NASL", "CENTOS_RHSA-2017-2882.NASL", "CENTOS_RHSA-2017-2972.NASL", "DEBIAN_DLA-1009.NASL", "DEBIAN_DLA-1102.NASL", "DEBIAN_DSA-3980.NASL", "DEBIAN_DSA-805.NASL", "EULEROS_SA-2017-1177.NASL", "EULEROS_SA-2017-1178.NASL", "F5_BIGIP_SOL00373024.NASL", "F5_BIGIP_SOL75429050.NASL", "FEDORA_2009-12229.NASL", "FEDORA_2010-5357.NASL", "FEDORA_2010-6039.NASL", "FEDORA_2017-81976B6A91.NASL", "FEDORA_2017-A52F252521.NASL", "FEDORA_2017-CF9599A306.NASL", "FIREEYE_OS_EX_801.NASL", "FREEBSD_PKG_457CE01567FA11E7867FB499BAEBFEAF.NASL", "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "GENTOO_GLSA-200508-15.NASL", "GENTOO_GLSA-201311-13.NASL", "GENTOO_GLSA-201710-32.NASL", "HPUX_PHSS_35111.NASL", "HPUX_PHSS_35436.NASL", "MANDRIVA_MDVSA-2009-323.NASL", "MANDRIVA_MDVSA-2010-076.NASL", "MOZILLA_THUNDERBIRD_304.NASL", "OPENSUSE-2012-756.NASL", "OPENSUSE-2017-1083.NASL", "OPENSUSE-2017-786.NASL", "OPENSUSE-2018-1046.NASL", "OPENSUSE-2018-389.NASL", "ORACLELINUX_ELSA-2017-1721.NASL", "ORACLELINUX_ELSA-2017-2882.NASL", "ORACLELINUX_ELSA-2017-2972.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_OCT_2017_CPU.NASL", "REDHAT-RHSA-2009-1580.NASL", "REDHAT-RHSA-2010-0338.NASL", "REDHAT-RHSA-2017-1721.NASL", "REDHAT-RHSA-2017-2882.NASL", "REDHAT-RHSA-2017-2972.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "SLACKWARE_SSA_2017-194-01.NASL", "SLACKWARE_SSA_2017-261-01.NASL", "SL_20101013_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20170711_HTTPD_ON_SL6_X.NASL", "SL_20171011_HTTPD_ON_SL7_X.NASL", "SL_20171019_HTTPD_ON_SL6_X.NASL", "SUSE_11_0_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_1_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_2_SEAMONKEY-100406.NASL", "SUSE_COMPAT-OPENSSL097G-7645.NASL", "SUSE_MOZILLA-NSS-6978.NASL", "SUSE_SU-2017-2449-1.NASL", "SUSE_SU-2017-2542-1.NASL", "SUSE_SU-2017-2718-1.NASL", "SUSE_SU-2017-2756-1.NASL", "SUSE_SU-2018-2815-1.NASL", "UBUNTU_USN-3425-1.NASL", "UBUNTU_USN-927-4.NASL", "UBUNTU_USN-990-1.NASL", "VIRTUALBOX_5_1_30.NASL", "VIRTUOZZO_VZLSA-2017-0906.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2009-3555"]}, {"type": "openvas", "idList": ["OPENVAS:102047", "OPENVAS:1361412562310108252", "OPENVAS:1361412562310122382", "OPENVAS:136141256231066414", "OPENVAS:136141256231066451", "OPENVAS:1361412562310703980", "OPENVAS:1361412562310800499", "OPENVAS:1361412562310811213", "OPENVAS:1361412562310811214", "OPENVAS:1361412562310811215", "OPENVAS:1361412562310811216", "OPENVAS:1361412562310812033", "OPENVAS:1361412562310812045", "OPENVAS:1361412562310830934", "OPENVAS:1361412562310830981", "OPENVAS:1361412562310835247", "OPENVAS:1361412562310840416", "OPENVAS:1361412562310840542", "OPENVAS:1361412562310843156", "OPENVAS:1361412562310843226", "OPENVAS:1361412562310843313", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851910", "OPENVAS:1361412562310855566", "OPENVAS:1361412562310855695", "OPENVAS:1361412562310870237", "OPENVAS:1361412562310871799", "OPENVAS:1361412562310871882", "OPENVAS:1361412562310871885", "OPENVAS:1361412562310872183", "OPENVAS:1361412562310872185", "OPENVAS:1361412562310873446", "OPENVAS:1361412562310874436", "OPENVAS:1361412562310882692", "OPENVAS:1361412562310882759", "OPENVAS:1361412562310882791", "OPENVAS:1361412562310891009", "OPENVAS:65131", "OPENVAS:66270", "OPENVAS:67218", "OPENVAS:703796", "OPENVAS:703896", "OPENVAS:830970", "OPENVAS:831003", "OPENVAS:840527", "OPENVAS:855812", "OPENVAS:861695", "OPENVAS:870243", "OPENVAS:870695", "OPENVAS:880612"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2011-194091", "ORACLE:CPUJAN2019-5072801", "ORACLE:CPUJULY2013-1899826"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0166", "ELSA-2010-0339", "ELSA-2011-2037", "ELSA-2012-0107", "ELSA-2012-0150", "ELSA-2017-1721", "ELSA-2017-2882", "ELSA-2017-2972"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:84112"]}, {"type": "photon", "idList": ["PHSA-2017-0027"]}, {"type": "redhat", "idList": ["RHSA-2010:0986", "RHSA-2011:1530", "RHSA-2012:0107", "RHSA-2012:0116", "RHSA-2012:0517", "RHSA-2017:1413", "RHSA-2017:2882", "RHSA-2017:3475"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-8743", "RH:CVE-2017-7668", "RH:CVE-2017-7679", "RH:CVE-2017-9788"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:10660"]}, {"type": "seebug", "idList": ["SSV:96537"]}, {"type": "slackware", "idList": ["SSA-2017-180-03", "SSA-2017-194-01", "SSA-2017-261-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1057-1", "SUSE-SA:2010:061", "SUSE-SU-2011:1000-1"]}, {"type": "symantec", "idList": ["SMNTC-1410", "SMNTC-1457"]}, {"type": "threatpost", "idList": ["THREATPOST:D533EB88E7D7596BACF9A448FE23A374"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A5BD476BF79F7E3854840596F916518C"]}, {"type": "ubuntu", "idList": ["USN-3279-1", "USN-3340-1", "USN-3370-1", "USN-3370-2", "USN-3373-1", "USN-3425-1", "USN-3425-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-8743", "UB:CVE-2017-3167", "UB:CVE-2017-3169", "UB:CVE-2017-7668", "UB:CVE-2017-7679", "UB:CVE-2017-9788", "UB:CVE-2017-9798"]}, {"type": "vmware", "idList": ["VMSA-2010-0019.3"]}, {"type": "vulnerlab", "idList": ["VULNERLAB:967"]}, {"type": "zdt", "idList": ["1337DAY-ID-28573"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2005-1268", "epss": "0.008860000", "percentile": "0.800970000", "modified": "2023-03-14"}, {"cve": "CVE-2005-2088", "epss": "0.975040000", "percentile": "0.999570000", "modified": "2023-03-14"}, {"cve": "CVE-2005-2700", "epss": "0.002140000", "percentile": "0.576240000", "modified": "2023-03-14"}, {"cve": "CVE-2005-2728", "epss": "0.970270000", "percentile": "0.995480000", "modified": "2023-03-14"}, {"cve": "CVE-2005-3352", "epss": "0.001740000", "percentile": "0.528170000", "modified": "2023-03-14"}, {"cve": "CVE-2005-3357", "epss": "0.974200000", "percentile": "0.998590000", "modified": "2023-03-14"}, {"cve": "CVE-2009-3555", "epss": "0.001750000", "percentile": "0.529230000", "modified": "2023-03-14"}, {"cve": "CVE-2010-1452", "epss": "0.056210000", "percentile": "0.920690000", "modified": "2023-03-14"}, {"cve": "CVE-2011-3638", "epss": "0.000420000", "percentile": "0.056350000", "modified": "2023-03-14"}, {"cve": "CVE-2016-8743", "epss": "0.004080000", "percentile": "0.697780000", "modified": "2023-03-14"}, {"cve": "CVE-2017-3167", "epss": "0.008970000", "percentile": "0.802290000", "modified": "2023-03-14"}, {"cve": "CVE-2017-3169", "epss": "0.014260000", "percentile": "0.845000000", "modified": "2023-03-14"}, {"cve": "CVE-2017-7668", "epss": "0.973170000", "percentile": "0.997490000", "modified": "2023-03-14"}, {"cve": "CVE-2017-7679", "epss": "0.004710000", "percentile": "0.718080000", "modified": "2023-03-14"}, {"cve": "CVE-2017-9788", "epss": "0.899220000", "percentile": "0.981630000", "modified": "2023-03-14"}, {"cve": "CVE-2017-9798", "epss": "0.974640000", "percentile": "0.999170000", "modified": "2023-03-14"}], "vulnersScore": 0.5}, "_state": {"dependencies": 1673453919, "score": 1673455684, "epss": 1678882283}, "_internal": {"score_hash": "ca3bdbf7975e94cdcf620ecdb7c110b5"}, "pluginID": "127360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0118. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127360);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2005-1268\",\n \"CVE-2005-2088\",\n \"CVE-2005-2700\",\n \"CVE-2005-2728\",\n \"CVE-2005-3352\",\n \"CVE-2005-3357\",\n \"CVE-2009-3555\",\n \"CVE-2010-1452\",\n \"CVE-2011-3638\",\n \"CVE-2016-8743\",\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\",\n \"CVE-2017-9798\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple\nvulnerabilities:\n\n - Off-by-one error in the mod_ssl Certificate Revocation\n List (CRL) verification callback in Apache, when\n configured to use a CRL, allows remote attackers to\n cause a denial of service (child process crash) via a\n CRL that causes a buffer overflow of one null byte.\n (CVE-2005-1268)\n\n - The Apache HTTP server before 1.3.34, and 2.0.x before\n 2.0.55, when acting as an HTTP proxy, allows remote\n attackers to poison the web cache, bypass web\n application firewall protection, and conduct XSS attacks\n via an HTTP request with both a Transfer-Encoding:\n chunked header and a Content-Length header, which\n causes Apache to incorrectly handle and forward the body\n of the request in a way that causes the receiving server\n to process it as a separate HTTP request, aka HTTP\n Request Smuggling. (CVE-2005-2088)\n\n - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using\n SSLVerifyClient optional in the global virtual host\n configuration, does not properly enforce\n SSLVerifyClient require in a per-location context,\n which allows remote attackers to bypass intended access\n restrictions. (CVE-2005-2700)\n\n - The byte-range filter in Apache 2.0 before 2.0.54 allows\n remote attackers to cause a denial of service (memory\n consumption) via an HTTP header with a large Range\n field. (CVE-2005-2728)\n\n - Cross-site scripting (XSS) vulnerability in the mod_imap\n module of Apache httpd before 1.3.35-dev and Apache\n httpd 2.0.x before 2.0.56-dev allows remote attackers to\n inject arbitrary web script or HTML via the Referer when\n using image maps. (CVE-2005-3352)\n\n - mod_ssl in Apache 2.0 up to 2.0.55, when configured with\n an SSL vhost with access control and a custom error 400\n error page, allows remote attackers to cause a denial of\n service (application crash) via a non-SSL request to an\n SSL port, which triggers a NULL pointer dereference.\n (CVE-2005-3357)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a post-\n renegotiation context, related to a plaintext\n injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - The (1) mod_cache and (2) mod_dav modules in the Apache\n HTTP Server 2.2.x before 2.2.16 allow remote attackers\n to cause a denial of service (process crash) via a\n request that lacks a path. (CVE-2010-1452)\n\n - fs/ext4/extents.c in the Linux kernel before 3.0 does\n not mark a modified extent as dirty in certain cases of\n extent splitting, which allows local users to cause a\n denial of service (system crash) via vectors involving\n ext4 umount and mount operations. (CVE-2011-3638)\n\n - It was discovered that the HTTP parser in httpd\n incorrectly allowed certain characters not permitted by\n the HTTP protocol specification to appear unencoded in\n HTTP request headers. If httpd was used in conjunction\n with a proxy or backend server that interpreted those\n characters differently, a remote attacker could possibly\n use this flaw to inject data into HTTP responses,\n resulting in proxy cache poisoning. (CVE-2016-8743)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's\n mod_ssl module. A remote attacker could use this flaw to\n cause an httpd child process to crash if another module\n used by httpd called a certain API function during the\n processing of an HTTPS request. (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's\n ap_find_token() function. A remote attacker could use\n this flaw to cause httpd child process to crash via a\n specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's MIME\n configuration could use this flaw to cause httpd child\n process to crash. (CVE-2017-7679)\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server. (CVE-2017-9788)\n\n - A use-after-free flaw was found in the way httpd handled\n invalid and previously unregistered HTTP methods\n specified in the Limit directive used in an .htaccess\n file. A remote attacker could possibly use this flaw to\n disclose portions of the server memory, or cause httpd\n child process to crash. (CVE-2017-9798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0118\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-2700\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-7679\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"httpd-2.2.15-60.el6.centos.6\",\n \"httpd-devel-2.2.15-60.el6.centos.6\",\n \"httpd-manual-2.2.15-60.el6.centos.6\",\n \"httpd-tools-2.2.15-60.el6.centos.6\",\n \"mod_ssl-2.2.15-60.el6.centos.6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "naslFamily": "NewStart CGSL Local Security Checks", "cpe": [], "solution": "Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for more information.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2005-2700", "vendor_cvss2": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2019-07-17T00:00:00", "vulnerabilityPublicationDate": "2005-07-05T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-01-11T14:40:16", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.3 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2017:3194) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7.3"], "id": "REDHAT-RHSA-2017-3194.NASL", "href": "https://www.tenable.com/plugins/nessus/104540", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3194. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104540);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3194\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2017:3194) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.3\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token()\nfunction. A remote attacker could use this flaw to cause httpd child\nprocess to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3194\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"httpd-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"httpd-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"httpd-manual-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"mod_session-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-45.el7_3.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:37", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7.2"], "id": "REDHAT-RHSA-2017-3193.NASL", "href": "https://www.tenable.com/plugins/nessus/104539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3193. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104539);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3193\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.2\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token()\nfunction. A remote attacker could use this flaw to cause httpd child\nprocess to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3193\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"httpd-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"httpd-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"httpd-manual-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"mod_session-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-40.el7_2.6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:13", "description": "Several problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CAN-2005-1268 Marc Stern discovered an off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback.\n When Apache is configured to use a CRL this can be used to cause a denial of service.\n\n - CAN-2005-2088\n\n A vulnerability has been discovered in the Apache web server. When it is acting as an HTTP proxy, it allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks, which causes Apache to incorrectly handle and forward the body of the request.\n\n - CAN-2005-2700\n\n A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions.\n\n - CAN-2005-2728\n\n The byte-range filter in Apache 2.0 allows remote attackers to cause a denial of service via an HTTP header with a large Range field.", "cvss3": {}, "published": "2005-09-12T00:00:00", "type": "nessus", "title": "Debian DSA-805-1 : apache2 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088", "CVE-2005-2700", "CVE-2005-2728"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-805.NASL", "href": "https://www.tenable.com/plugins/nessus/19612", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-805. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19612);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1268\", \"CVE-2005-2088\", \"CVE-2005-2700\", \"CVE-2005-2728\");\n script_bugtraq_id(14660);\n script_xref(name:\"CERT\", value:\"744929\");\n script_xref(name:\"DSA\", value:\"805\");\n\n script_name(english:\"Debian DSA-805-1 : apache2 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several problems have been discovered in Apache2, the next generation,\nscalable, extendable web server. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CAN-2005-1268\n Marc Stern discovered an off-by-one error in the mod_ssl\n Certificate Revocation List (CRL) verification callback.\n When Apache is configured to use a CRL this can be used\n to cause a denial of service.\n\n - CAN-2005-2088\n\n A vulnerability has been discovered in the Apache web\n server. When it is acting as an HTTP proxy, it allows\n remote attackers to poison the web cache, bypass web\n application firewall protection, and conduct cross-site\n scripting attacks, which causes Apache to incorrectly\n handle and forward the body of the request.\n\n - CAN-2005-2700\n\n A problem has been discovered in mod_ssl, which provides\n strong cryptography (HTTPS support) for Apache that\n allows remote attackers to bypass access restrictions.\n\n - CAN-2005-2728\n\n The byte-range filter in Apache 2.0 allows remote\n attackers to cause a denial of service via an HTTP\n header with a large Range field.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-805\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the apache2 packages.\n\nThe old stable distribution (woody) does not contain Apache2 packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.0.54-5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"apache2\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache2-common\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache2-doc\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache2-mpm-perchild\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache2-mpm-prefork\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache2-mpm-threadpool\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache2-mpm-worker\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache2-prefork-dev\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache2-threaded-dev\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache2-utils\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libapr0\", reference:\"2.0.54-5\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libapr0-dev\", reference:\"2.0.54-5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:32:33", "description": "Security Fix(es) :\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL7.x x86_64 (20170815)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ldap", "p-cpe:/a:fermilab:scientific_linux:mod_proxy_html", "p-cpe:/a:fermilab:scientific_linux:mod_session", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170815_HTTPD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/102668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102668);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL7.x x86_64 (20170815)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server. (CVE-2017-9788)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's\n mod_ssl module. A remote attacker could use this flaw to\n cause an httpd child process to crash if another module\n used by httpd called a certain API function during the\n processing of an HTTPS request. (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's\n ap_find_token() function. A remote attacker could use\n this flaw to cause httpd child process to crash via a\n specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's MIME\n configuration could use this flaw to cause httpd child\n process to crash. (CVE-2017-7679)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=5015\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b532292f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-67.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"httpd-manual-2.4.6-67.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7_4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:33:47", "description": "From Red Hat Security Advisory 2017:2479 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : httpd (ELSA-2017-2479)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2479.NASL", "href": "https://www.tenable.com/plugins/nessus/102515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2479 and \n# Oracle Linux Security Advisory ELSA-2017-2479 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102515);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n script_xref(name:\"RHSA\", value:\"2017:2479\");\n\n script_name(english:\"Oracle Linux 7 : httpd (ELSA-2017-2479)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2479 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token()\nfunction. A remote attacker could use this flaw to cause httpd child\nprocess to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007126.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.0.1.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.0.1.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-67.0.1.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.0.1.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.0.1.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.0.1.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.0.1.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.0.1.el7_4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:13", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-16T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2017:2479)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2479.NASL", "href": "https://www.tenable.com/plugins/nessus/102519", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2479. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102519);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n script_xref(name:\"RHSA\", value:\"2017:2479\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2017:2479)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token()\nfunction. A remote attacker could use this flaw to cause httpd child\nprocess to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9788\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2479\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"httpd-manual-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_session-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-67.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7_4.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:16", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.\n (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1177)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1177.NASL", "href": "https://www.tenable.com/plugins/nessus/103015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103015);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1177)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server. (CVE-2017-9788)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the\n httpd's mod_ssl module. A remote attacker could use\n this flaw to cause an httpd child process to crash if\n another module used by httpd called a certain API\n function during the processing of an HTTPS request.\n (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's\n ap_find_token() function. A remote attacker could use\n this flaw to cause httpd child process to crash via a\n specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's\n MIME configuration could use this flaw to cause httpd\n child process to crash. (CVE-2017-7679)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1177\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5944392d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-45.0.1.4.h7\",\n \"httpd-devel-2.4.6-45.0.1.4.h7\",\n \"httpd-manual-2.4.6-45.0.1.4.h7\",\n \"httpd-tools-2.4.6-45.0.1.4.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:17", "description": "According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.\n (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1178)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1178.NASL", "href": "https://www.tenable.com/plugins/nessus/103016", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103016);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1178)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server. (CVE-2017-9788)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the\n httpd's mod_ssl module. A remote attacker could use\n this flaw to cause an httpd child process to crash if\n another module used by httpd called a certain API\n function during the processing of an HTTPS request.\n (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's\n ap_find_token() function. A remote attacker could use\n this flaw to cause httpd child process to crash via a\n specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's\n MIME configuration could use this flaw to cause httpd\n child process to crash. (CVE-2017-7679)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1178\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?36c8a96a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-45.0.1.4.h4\",\n \"httpd-devel-2.4.6-45.0.1.4.h4\",\n \"httpd-manual-2.4.6-45.0.1.4.h4\",\n \"httpd-tools-2.4.6-45.0.1.4.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:29:45", "description": "According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.34. It is, therefore, affected by the following vulnerabilities :\n\n - An authentication bypass vulnerability exists in httpd due to third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase. An unauthenticated, remote attacker can exploit this to bypass authentication requirements. (CVE-2017-3167)\n\n - A denial of service vulnerability exists in httpd due to a NULL pointer dereference flaw that is triggered when a third-party module calls the mod_ssl ap_hook_process_connection() function during an HTTP request to an HTTPS port. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-3169)\n\n - A denial of service vulnerability exists in httpd due to an out-of-bounds read error in the ap_find_token() function that is triggered when handling a specially crafted request header sequence. An unauthenticated, remote attacker can exploit this to crash the service or force ap_find_token() to return an incorrect value. (CVE-2017-7668)\n\n - A denial of service vulnerability exists in httpd due to an out-of-bounds read error in the mod_mime that is triggered when handling a specially crafted Content-Type response header. An unauthenticated, remote attacker can exploit this to disclose sensitive information or cause a denial of service condition. (CVE-2017-7679)\n\n - A denial of service vulnerability exists in httpd due to a failure to initialize or reset the value placeholder in [Proxy-]Authorization headers of type 'Digest' before or between successive key=value assignments by mod_auth_digest. An unauthenticated, remote attacker can exploit this, by providing an initial key with no '=' assignment, to disclose sensitive information or cause a denial of service condition. (CVE-2017-9788)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-18T00:00:00", "type": "nessus", "title": "Apache 2.2.x < 2.2.34 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2018-09-17T00:00:00", "cpe": ["cpe:/a:apache:http_server", "cpe:/a:apache:httpd"], "id": "APACHE_2_2_34.NASL", "href": "https://www.tenable.com/plugins/nessus/101787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101787);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_cve_id(\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\"\n );\n script_bugtraq_id(\n 99134,\n 99135,\n 99137,\n 99170,\n 99569\n );\n\n script_name(english:\"Apache 2.2.x < 2.2.34 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache running on the remote\nhost is 2.2.x prior to 2.2.34. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An authentication bypass vulnerability exists in httpd\n due to third-party modules using the\n ap_get_basic_auth_pw() function outside of the\n authentication phase. An unauthenticated, remote\n attacker can exploit this to bypass authentication\n requirements. (CVE-2017-3167)\n\n - A denial of service vulnerability exists in httpd due to\n a NULL pointer dereference flaw that is triggered when a\n third-party module calls the mod_ssl\n ap_hook_process_connection() function during an HTTP\n request to an HTTPS port. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2017-3169)\n\n - A denial of service vulnerability exists in httpd due to\n an out-of-bounds read error in the ap_find_token()\n function that is triggered when handling a specially\n crafted request header sequence. An unauthenticated,\n remote attacker can exploit this to crash the\n service or force ap_find_token() to return an incorrect\n value. (CVE-2017-7668)\n\n - A denial of service vulnerability exists in httpd due to\n an out-of-bounds read error in the mod_mime that is\n triggered when handling a specially crafted Content-Type\n response header. An unauthenticated, remote attacker can\n exploit this to disclose sensitive information or cause\n a denial of service condition. (CVE-2017-7679)\n\n - A denial of service vulnerability exists in httpd due to\n a failure to initialize or reset the value placeholder\n in [Proxy-]Authorization headers of type 'Digest' before\n or between successive key=value assignments by\n mod_auth_digest. An unauthenticated, remote attacker can\n exploit this, by providing an initial key with no '='\n assignment, to disclose sensitive information or cause a\n denial of service condition. (CVE-2017-9788)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.2.34\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_22.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.2.34 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3167\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\nkb_base = \"www/apache/\"+port+\"/\";\nkb_ver = NULL;\nkb_backport = NULL;\nkb_source = NULL;\n\nif (get_kb_item(kb_base+\"version\")) kb_ver = kb_base+\"version\";\nif (get_kb_item(kb_base+\"backported\")) kb_backport = kb_base+\"backported\";\nif (get_kb_item(kb_base+\"source\")) kb_source = kb_base+\"source\";\n\napp_info = vcf::get_app_info(\n app:\"Apache\",\n port:port,\n kb_ver:kb_ver,\n kb_backport:kb_backport,\n kb_source:kb_source,\n service:TRUE\n);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\n# 2.2.34\nconstraints = [\n { \"min_version\" : \"2.2\", \"fixed_version\" : \"2.2.34\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:44", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-25T00:00:00", "type": "nessus", "title": "CentOS 7 : httpd (CESA-2017:2479)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2479.NASL", "href": "https://www.tenable.com/plugins/nessus/102767", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2479 and \n# CentOS Errata and Security Advisory 2017:2479 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102767);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n script_xref(name:\"RHSA\", value:\"2017:2479\");\n\n script_name(english:\"CentOS 7 : httpd (CESA-2017:2479)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token()\nfunction. A remote attacker could use this flaw to cause httpd child\nprocess to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004661.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63480b7b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3167\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-67.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7.centos.2\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:36:44", "description": "This update for apache2 fixes several issues. These security issues were fixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058)\n\n - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest could have lead to leakage of potentially confidential information, and a segfault in other cases resulting in DoS (bsc#1048576).\n\n - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header (bsc#1045060).\n\n - CVE-2017-3169: mod_ssl may dereferenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS (bsc#1045062).\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed (bsc#1045065).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-19T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2756-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2756-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103961);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes several issues. These security issues\nwere fixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058)\n\n - CVE-2017-9788: Uninitialized memory reflection in\n mod_auth_digest could have lead to leakage of\n potentially confidential information, and a segfault in\n other cases resulting in DoS (bsc#1048576).\n\n - CVE-2017-7679: mod_mime could have read one byte past\n the end of a buffer when sending a malicious\n Content-Type response header (bsc#1045060).\n\n - CVE-2017-3169: mod_ssl may dereferenced a NULL pointer\n when third-party modules call\n ap_hook_process_connection() during an HTTP request to\n an HTTPS port allowing for DoS (bsc#1045062).\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by\n third-party modules outside of the authentication phase\n may have lead to authentication requirements being\n bypassed (bsc#1045065).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7679/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9788/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172756-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4b7d18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1709=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-debuginfo-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-debugsource-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-example-pages-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-prefork-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-prefork-debuginfo-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-utils-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-utils-debuginfo-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-worker-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-worker-debuginfo-2.4.10-14.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:16", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "nessus", "title": "RHEL 6 : httpd (RHSA-2017:3195) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2017-3195.NASL", "href": "https://www.tenable.com/plugins/nessus/104541", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3195. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104541);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3195\");\n\n script_name(english:\"RHEL 6 : httpd (RHSA-2017:3195) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.7\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.7\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3195\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"httpd-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"httpd-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"httpd-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"httpd-debuginfo-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"httpd-devel-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"httpd-manual-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"httpd-tools-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"httpd-tools-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"mod_ssl-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"mod_ssl-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.15-47.el6_7.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:31:36", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.(CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.(CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.(CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash.(CVE-2017-7679)\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.(CVE-2017-9788)\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.(CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : httpd (EulerOS-SA-2019-1389)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798", "CVE-2018-17199"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1389.NASL", "href": "https://www.tenable.com/plugins/nessus/124892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124892);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\",\n \"CVE-2017-9798\",\n \"CVE-2018-17199\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : httpd (EulerOS-SA-2019-1389)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior,\n mod_session checks the session expiry time before\n decoding the session. This causes session expiry time\n to be ignored for mod_session_cookie sessions since the\n expiry time is loaded when the session is\n decoded.(CVE-2018-17199)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by\n httpd.(CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the\n httpd's mod_ssl module. A remote attacker could use\n this flaw to cause an httpd child process to crash if\n another module used by httpd called a certain API\n function during the processing of an HTTPS\n request.(CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's\n ap_find_token() function. A remote attacker could use\n this flaw to cause httpd child process to crash via a\n specially crafted HTTP request.(CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's\n MIME configuration could use this flaw to cause httpd\n child process to crash.(CVE-2017-7679)\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server.(CVE-2017-9788)\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash.(CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1389\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5abd589d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-80.1.h4\",\n \"httpd-tools-2.4.6-80.1.h4\",\n \"mod_ssl-2.4.6-80.1.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:30:46", "description": "Several vulnerabilities have been found in the Apache HTTPD server.\n\nCVE-2017-3167\n\nEmmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.\n\nCVE-2017-3169\n\nVasileios Panopoulos of AdNovum Informatik AG discovered that mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port leading to a denial of service.\n\nCVE-2017-7668\n\nJavier Jimenez reported that the HTTP strict parsing contains a flaw leading to a buffer overread in ap_find_token(). A remote attacker can take advantage of this flaw by carefully crafting a sequence of request headers to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.\n\nCVE-2017-7679\n\nChenQin and Hanno Boeck reported that mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.2.22-13+deb7u9.\n\nWe recommend that you upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-03T00:00:00", "type": "nessus", "title": "Debian DLA-1009-1 : apache2 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-dbg", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-mpm-event", "p-cpe:/a:debian:debian_linux:apache2-mpm-itk", "p-cpe:/a:debian:debian_linux:apache2-mpm-prefork", "p-cpe:/a:debian:debian_linux:apache2-mpm-worker", "p-cpe:/a:debian:debian_linux:apache2-prefork-dev", "p-cpe:/a:debian:debian_linux:apache2-suexec", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-threaded-dev", "p-cpe:/a:debian:debian_linux:apache2-utils", "p-cpe:/a:debian:debian_linux:apache2.2-bin", "p-cpe:/a:debian:debian_linux:apache2.2-common", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1009.NASL", "href": "https://www.tenable.com/plugins/nessus/101175", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1009-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101175);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n\n script_name(english:\"Debian DLA-1009-1 : apache2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in the Apache HTTPD server.\n\nCVE-2017-3167\n\nEmmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by\nthird-party modules outside of the authentication phase may lead to\nauthentication requirements being bypassed.\n\nCVE-2017-3169\n\nVasileios Panopoulos of AdNovum Informatik AG discovered that mod_ssl\nmay dereference a NULL pointer when third-party modules call\nap_hook_process_connection() during an HTTP request to an HTTPS port\nleading to a denial of service.\n\nCVE-2017-7668\n\nJavier Jimenez reported that the HTTP strict parsing contains a flaw\nleading to a buffer overread in ap_find_token(). A remote attacker can\ntake advantage of this flaw by carefully crafting a sequence of\nrequest headers to cause a segmentation fault, or to force\nap_find_token() to return an incorrect value.\n\nCVE-2017-7679\n\nChenQin and Hanno Boeck reported that mod_mime can read one byte past\nthe end of a buffer when sending a malicious Content-Type response\nheader.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.2.22-13+deb7u9.\n\nWe recommend that you upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/07/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/apache2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"apache2\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-dbg\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-doc\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-utils\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-bin\", reference:\"2.2.22-13+deb7u9\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-common\", reference:\"2.2.22-13+deb7u9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-13T14:41:22", "description": "Emmanuel Dreyfus discovered that third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new ap_get_basic_auth_components() function for use by third-party modules. (CVE-2017-3167)\n\nVasileios Panopoulos discovered that the Apache mod_ssl module may crash when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. (CVE-2017-3169)\n\nJavier Jimenez discovered that the Apache HTTP Server incorrectly handled parsing certain requests. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7668)\n\nChenQin and Hanno Bock discovered that the Apache mod_mime module incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to cause the Apache HTTP Server to crash, resulting in a denial of service. (CVE-2017-7679).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-27T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : apache2 vulnerabilities (USN-3340-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:16.10", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3340-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101062", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3340-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101062);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n script_xref(name:\"USN\", value:\"3340-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : apache2 vulnerabilities (USN-3340-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Emmanuel Dreyfus discovered that third-party modules using the\nap_get_basic_auth_pw() function outside of the authentication phase\nmay lead to authentication requirements being bypassed. This update\nadds a new ap_get_basic_auth_components() function for use by\nthird-party modules. (CVE-2017-3167)\n\nVasileios Panopoulos discovered that the Apache mod_ssl module may\ncrash when third-party modules call ap_hook_process_connection()\nduring an HTTP request to an HTTPS port. (CVE-2017-3169)\n\nJavier Jimenez discovered that the Apache HTTP Server incorrectly\nhandled parsing certain requests. A remote attacker could possibly use\nthis issue to cause the Apache HTTP Server to crash, resulting in a\ndenial of service. (CVE-2017-7668)\n\nChenQin and Hanno Bock discovered that the Apache mod_mime module\nincorrectly handled certain Content-Type response headers. A remote\nattacker could possibly use this issue to cause the Apache HTTP Server\nto crash, resulting in a denial of service. (CVE-2017-7679).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3340-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected apache2-bin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|16\\.10|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 16.10 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.7-1ubuntu4.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.18-2ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"apache2-bin\", pkgver:\"2.4.18-2ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.25-3ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-bin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:46", "description": "ap_find_token() buffer overread :\n\nA buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668 )\n\nApache HTTP Request Parsing Whitespace Defects :\n\nIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\nap_get_basic_auth_pw() authentication bypass :\n\nIt was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\nmod_mime buffer overread :\n\nA buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\nmod_http2 NULL pointer dereference :\n\nA NULL pointer dereference flaw was found in the mod_http2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request.\n(CVE-2017-7659)\n\nmod_ssl NULL pointer dereference :\n\nA NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause a httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd24 (ALAS-2017-863)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8743", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd24", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:mod24_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-863.NASL", "href": "https://www.tenable.com/plugins/nessus/102178", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-863.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102178);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-8743\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n script_xref(name:\"ALAS\", value:\"2017-863\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 (ALAS-2017-863)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ap_find_token() buffer overread :\n\nA buffer over-read flaw was found in the httpd's ap_find_token()\nfunction. A remote attacker could use this flaw to cause httpd child\nprocess to crash via a specially crafted HTTP request. (CVE-2017-7668\n)\n\nApache HTTP Request Parsing Whitespace Defects :\n\nIt was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in\nconjunction with a proxy or backend server that interpreted those\ncharacters differently, a remote attacker could possibly use this flaw\nto inject data into HTTP responses, resulting in proxy cache\npoisoning. (CVE-2016-8743)\n\nap_get_basic_auth_pw() authentication bypass :\n\nIt was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\nmod_mime buffer overread :\n\nA buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\nmod_http2 NULL pointer dereference :\n\nA NULL pointer dereference flaw was found in the mod_http2 module of\nhttpd. A remote attacker could use this flaw to cause httpd child\nprocess to crash via a specially crafted HTTP/2 request.\n(CVE-2017-7659)\n\nmod_ssl NULL pointer dereference :\n\nA NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause a httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-863.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd24' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-2.4.27-3.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-debuginfo-2.4.27-3.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-devel-2.4.27-3.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-manual-2.4.27-3.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-tools-2.4.27-3.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ldap-2.4.27-3.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_proxy_html-2.4.27-3.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_session-2.4.27-3.71.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ssl-2.4.27-3.71.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:23", "description": "The remote host is affected by the vulnerability described in GLSA-201710-32 (Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details.\n Impact :\n\n The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets. Additionally attackers may cause a Denial of Service condition, bypass authentication, or cause information loss.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9789", "CVE-2017-9798"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201710-32.NASL", "href": "https://www.tenable.com/plugins/nessus/104233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201710-32.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104233);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9789\", \"CVE-2017-9798\");\n script_xref(name:\"GLSA\", value:\"201710-32\");\n\n script_name(english:\"GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201710-32\n(Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache. Please review\n the referenced CVE identifiers for details.\n \nImpact :\n\n The Optionsbleed vulnerability can leak arbitrary memory from the server\n process that may contain secrets. Additionally attackers may cause a\n Denial of Service condition, bypass authentication, or cause information\n loss.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201710-32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.4.27-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.4.27-r1\"), vulnerable:make_list(\"lt 2.4.27-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:35", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-17T00:00:00", "type": "nessus", "title": "RHEL 6 : httpd (RHSA-2017:2478)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-2478.NASL", "href": "https://www.tenable.com/plugins/nessus/102535", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2478. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102535);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n script_xref(name:\"RHSA\", value:\"2017:2478\");\n\n script_name(english:\"RHEL 6 : httpd (RHSA-2017:2478)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9788\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2478\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-debuginfo-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-devel-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-manual-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-tools-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-tools-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ssl-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_ssl-2.2.15-60.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.15-60.el6_9.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:35:36", "description": "This update for apache2 provides the following fixes: Security issues fixed :\n\n - CVE-2017-9788: The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. (bsc#1048576)\n\n - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header leading to information leak or crash. (bsc#1045060)\n\n - CVE-2017-3169: mod_ssl may have dereferenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port leading to crash. (bsc#1045062)\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065) Non-security issues fixed :\n\n - Re-order cipher suites to keep exclusion list at the end. (bsc#1043484, bsc#1043607)\n\n - Remove /usr/bin/http2 link only during apache2 package uninstall, not upgrade. (bsc#1041830)\n\n - In gensslcert, use hostname when fqdn is too long.\n (bsc#1035829)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : Recommended update for apache2 (SUSE-SU-2017:2449-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2449-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103215", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2449-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103215);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n\n script_name(english:\"SUSE SLES12 Security Update : Recommended update for apache2 (SUSE-SU-2017:2449-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 provides the following fixes: Security issues\nfixed :\n\n - CVE-2017-9788: The value placeholder in\n [Proxy-]Authorization headers of type 'Digest' was not\n initialized or reset before or between successive\n key=value assignments by mod_auth_digest. Providing an\n initial key with no '=' assignment could reflect the\n stale value of uninitialized pool memory used by the\n prior request, leading to leakage of potentially\n confidential information, and a segfault in other cases\n resulting in denial of service. (bsc#1048576)\n\n - CVE-2017-7679: mod_mime could have read one byte past\n the end of a buffer when sending a malicious\n Content-Type response header leading to information leak\n or crash. (bsc#1045060)\n\n - CVE-2017-3169: mod_ssl may have dereferenced a NULL\n pointer when third-party modules call\n ap_hook_process_connection() during an HTTP request to\n an HTTPS port leading to crash. (bsc#1045062)\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by\n third-party modules outside of the authentication phase\n may have lead to authentication requirements being\n bypassed. (bsc#1045065) Non-security issues fixed :\n\n - Re-order cipher suites to keep exclusion list at the\n end. (bsc#1043484, bsc#1043607)\n\n - Remove /usr/bin/http2 link only during apache2 package\n uninstall, not upgrade. (bsc#1041830)\n\n - In gensslcert, use hostname when fqdn is too long.\n (bsc#1035829)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043607\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7679/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9788/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172449-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5257e3c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1510=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1510=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1510=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-2.4.16-20.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-debuginfo-2.4.16-20.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-debugsource-2.4.16-20.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-example-pages-2.4.16-20.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-prefork-2.4.16-20.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-prefork-debuginfo-2.4.16-20.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-utils-2.4.16-20.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-utils-debuginfo-2.4.16-20.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-worker-2.4.16-20.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-worker-debuginfo-2.4.16-20.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Recommended update for apache2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:24", "description": "A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\nIt was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\nA buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\nIt was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-15T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd (ALAS-2017-892)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-892.NASL", "href": "https://www.tenable.com/plugins/nessus/103226", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-892.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103226);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n script_xref(name:\"ALAS\", value:\"2017-892\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2017-892)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\nIt was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\nA buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\nIt was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-892.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.34-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.34-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.34-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.34-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.34-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.34-1.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:33", "description": "From Red Hat Security Advisory 2017:2478 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-16T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : httpd (ELSA-2017-2478)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-2478.NASL", "href": "https://www.tenable.com/plugins/nessus/102514", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2478 and \n# Oracle Linux Security Advisory ELSA-2017-2478 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102514);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n script_xref(name:\"RHSA\", value:\"2017:2478\");\n\n script_name(english:\"Oracle Linux 6 : httpd (ELSA-2017-2478)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2478 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-August/007128.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"httpd-2.2.15-60.0.1.el6_9.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-devel-2.2.15-60.0.1.el6_9.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-manual-2.2.15-60.0.1.el6_9.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-tools-2.2.15-60.0.1.el6_9.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mod_ssl-2.2.15-60.0.1.el6_9.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:38", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-16T00:00:00", "type": "nessus", "title": "CentOS 6 : httpd (CESA-2017:2478)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-2478.NASL", "href": "https://www.tenable.com/plugins/nessus/102505", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2478 and \n# CentOS Errata and Security Advisory 2017:2478 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102505);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n script_xref(name:\"RHSA\", value:\"2017:2478\");\n\n script_name(english:\"CentOS 6 : httpd (CESA-2017:2478)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-August/022518.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e43f09ca\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3167\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-2.2.15-60.el6.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-devel-2.2.15-60.el6.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-manual-2.2.15-60.el6.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-tools-2.2.15-60.el6.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"mod_ssl-2.2.15-60.el6.centos.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:10", "description": "Security Fix(es) :\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-16T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170815)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170815_HTTPD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/102521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102521);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20170815)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server. (CVE-2017-9788)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's\n mod_ssl module. A remote attacker could use this flaw to\n cause an httpd child process to crash if another module\n used by httpd called a certain API function during the\n processing of an HTTPS request. (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's MIME\n configuration could use this flaw to cause httpd child\n process to crash. (CVE-2017-7679)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1708&L=scientific-linux-errata&F=&S=&P=769\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?552d6534\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"httpd-2.2.15-60.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-debuginfo-2.2.15-60.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-devel-2.2.15-60.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-manual-2.2.15-60.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-tools-2.2.15-60.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mod_ssl-2.2.15-60.el6_9.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:52:47", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2478)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:httpd", "p-cpe:/a:virtuozzo:virtuozzo:httpd-devel", "p-cpe:/a:virtuozzo:virtuozzo:httpd-manual", "p-cpe:/a:virtuozzo:virtuozzo:httpd-tools", "p-cpe:/a:virtuozzo:virtuozzo:mod_ssl", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-2478.NASL", "href": "https://www.tenable.com/plugins/nessus/119222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119222);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\"\n );\n\n script_name(english:\"Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2478)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-2478.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6db6058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:2478\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd / httpd-devel / httpd-manual / httpd-tools / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.2.15-60.vl6.5\",\n \"httpd-devel-2.2.15-60.vl6.5\",\n \"httpd-manual-2.2.15-60.vl6.5\",\n \"httpd-tools-2.2.15-60.vl6.5\",\n \"mod_ssl-2.2.15-60.vl6.5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:32:20", "description": "The remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities :\n\n - A security issue exists where 'SSLVerifyClient' is not enforced in per-location context if 'SSLVerifyClient optional' is configured in the vhost configuration.\n (CVE-2005-2700)\n\n - A denial of service vulnerability exists when processing a large byte range request, as well as a flaw in the 'worker.c' module which could allow an attacker to force this service to consume excessive amounts of memory.\n (CVE-2005-2970)\n\n - When Apache is acting as a proxy, it is possible for a remote attacker to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks via an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header. (CVE-2005-2088)\n\n - Multiple integer overflows exists in PCRE in quantifier parsing which could be triggered by a local user through use of a specially crafted regex in an .htaccess file.\n (CVE-2005-2491)\n\n - An issue exists where the byte range filter buffers responses into memory. (CVE-2005-2728)\n\n - An off-by-one overflow exists in mod_ssl while printing CRL information at 'LogLevel debug' which could be triggered if configured to use a 'malicious CRL'.\n (CVE-2005-1268)", "cvss3": {}, "published": "2008-03-26T00:00:00", "type": "nessus", "title": "Apache < 2.0.55 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088", "CVE-2005-2491", "CVE-2005-2700", "CVE-2005-2728", "CVE-2005-2970"], "modified": "2018-06-29T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_0_55.NASL", "href": "https://www.tenable.com/plugins/nessus/31656", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(31656);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/06/29 12:01:03\");\n\n script_cve_id(\n \"CVE-2005-1268\",\n \"CVE-2005-2088\",\n \"CVE-2005-2491\",\n \"CVE-2005-2700\", \n \"CVE-2005-2728\", \n \"CVE-2005-2970\"\n );\n script_bugtraq_id(\n 14106, \n 14366, \n 14620, \n 14660, \n 14721, \n 15762\n );\n \n script_name(english:\"Apache < 2.0.55 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote version of Apache is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running a version of Apache that is\nprior to 2.0.55. It is, therefore affected by multiple\nvulnerabilities :\n\n - A security issue exists where 'SSLVerifyClient' is not\n enforced in per-location context if 'SSLVerifyClient\n optional' is configured in the vhost configuration.\n (CVE-2005-2700)\n\n - A denial of service vulnerability exists when processing\n a large byte range request, as well as a flaw in the \n 'worker.c' module which could allow an attacker to force\n this service to consume excessive amounts of memory.\n (CVE-2005-2970)\n\n - When Apache is acting as a proxy, it is possible for a\n remote attacker to poison the web cache, bypass web \n application firewall protection, and conduct cross-site\n scripting attacks via an HTTP request with both a \n 'Transfer-Encoding: chunked' header and a \n 'Content-Length' header. (CVE-2005-2088)\n\n - Multiple integer overflows exists in PCRE in quantifier\n parsing which could be triggered by a local user through\n use of a specially crafted regex in an .htaccess file.\n (CVE-2005-2491)\n\n - An issue exists where the byte range filter buffers\n responses into memory. (CVE-2005-2728)\n\n - An off-by-one overflow exists in mod_ssl while printing\n CRL information at 'LogLevel debug' which could be \n triggered if configured to use a 'malicious CRL'.\n (CVE-2005-1268)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e1cae996\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 2.0.55 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/03/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/07/07\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for version of Apache\";\n \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Web Servers\");\n script_dependencie(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor\n# was used\nif (version =~ '^2(\\\\.0)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^2\\\\.0' && ver_compare(ver:version, fix:'2.0.55') == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.55\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:37:26", "description": "The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache HTTP Server, as follows:\n\n - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. (CVE-2017-7679)\n\n - The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (CVE-2017-7668)\n\n - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. (CVE-2017-3167)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-06T00:00:00", "type": "nessus", "title": "IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.5 Multiple Vulnerabilities (563615)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:http_server"], "id": "IBM_HTTP_SERVER_563615.NASL", "href": "https://www.tenable.com/plugins/nessus/144778", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144778);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n script_bugtraq_id(99135, 99137, 99170);\n\n script_name(english:\"IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.5 Multiple Vulnerabilities (563615)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache\nHTTP Server, as follows:\n\n - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a\n buffer when sending a malicious Content-Type response header. (CVE-2017-7679)\n\n - The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list\n parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting\n a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force\n ap_find_token() to return an incorrect value. (CVE-2017-7668)\n\n - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by\n third-party modules outside of the authentication phase may lead to authentication requirements being\n bypassed. (CVE-2017-3167)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/563615\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM HTTP Server version 7.0.0.45, 8.0.0.14, 8.5.5.12, 9.0.0.5, or later. Alternatively, upgrade to the\nminimal fix pack levels required by the interim fix and then apply Interim Fix PI82481.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7679\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_http_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM HTTP Server (IHS)\");\n\n exit(0);\n}\n\n\ninclude('vcf.inc');\n\napp = 'IBM HTTP Server (IHS)';\nfix = 'Interim Fix PI82481';\n\napp_info = vcf::get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\nif ('PI82481' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '7.0.0.0', 'max_version' : '7.0.0.43', 'fixed_display' : '7.0.0.45 or ' + fix },\n { 'min_version' : '8.0.0.0', 'max_version' : '8.0.0.13', 'fixed_display' : '8.0.0.14 or ' + fix },\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.11', 'fixed_display' : '8.5.5.12 or ' + fix },\n { 'min_version' : '9.0.0.0', 'max_version' : '9.0.0.4', 'fixed_display' : '9.0.0.5 or ' + fix }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:29:11", "description": "Several vulnerabilities have been found in the Apache HTTPD server.\n\n - CVE-2017-3167 Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.\n\n - CVE-2017-3169 Vasileios Panopoulos of AdNovum Informatik AG discovered that mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port leading to a denial of service.\n\n - CVE-2017-7659 Robert Swiecki reported that a specially crafted HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.\n\n - CVE-2017-7668 Javier Jimenez reported that the HTTP strict parsing contains a flaw leading to a buffer overread in ap_find_token(). A remote attacker can take advantage of this flaw by carefully crafting a sequence of request headers to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.\n\n - CVE-2017-7679 ChenQin and Hanno Boeck reported that mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-23T00:00:00", "type": "nessus", "title": "Debian DSA-3896-1 : apache2 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3896.NASL", "href": "https://www.tenable.com/plugins/nessus/101013", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3896. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101013);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n script_xref(name:\"DSA\", value:\"3896\");\n\n script_name(english:\"Debian DSA-3896-1 : apache2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been found in the Apache HTTPD server.\n\n - CVE-2017-3167\n Emmanuel Dreyfus reported that the use of\n ap_get_basic_auth_pw() by third-party modules outside of\n the authentication phase may lead to authentication\n requirements being bypassed.\n\n - CVE-2017-3169\n Vasileios Panopoulos of AdNovum Informatik AG discovered\n that mod_ssl may dereference a NULL pointer when\n third-party modules call ap_hook_process_connection()\n during an HTTP request to an HTTPS port leading to a\n denial of service.\n\n - CVE-2017-7659\n Robert Swiecki reported that a specially crafted HTTP/2\n request could cause mod_http2 to dereference a NULL\n pointer and crash the server process.\n\n - CVE-2017-7668\n Javier Jimenez reported that the HTTP strict parsing\n contains a flaw leading to a buffer overread in\n ap_find_token(). A remote attacker can take advantage of\n this flaw by carefully crafting a sequence of request\n headers to cause a segmentation fault, or to force\n ap_find_token() to return an incorrect value.\n\n - CVE-2017-7679\n ChenQin and Hanno Boeck reported that mod_mime can read\n one byte past the end of a buffer when sending a\n malicious Content-Type response header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-7659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3896\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the apache2 packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 2.4.10-10+deb8u9. The oldstable distribution (jessie)\nis not affected by CVE-2017-7659.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"apache2\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-bin\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-data\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-dbg\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-dev\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-doc\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-event\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-itk\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-worker\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-utils\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2.2-bin\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2.2-common\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-macro\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-proxy-html\", reference:\"2.4.10-10+deb8u9\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2\", reference:\"2.4.25-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-bin\", reference:\"2.4.25-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-data\", reference:\"2.4.25-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dbg\", reference:\"2.4.25-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dev\", reference:\"2.4.25-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-doc\", reference:\"2.4.25-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-ssl-dev\", reference:\"2.4.25-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.25-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.25-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-utils\", reference:\"2.4.25-3+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:28:27", "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-180-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-180-03.NASL", "href": "https://www.tenable.com/plugins/nessus/101117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-180-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101117);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n script_xref(name:\"SSA\", value:\"2017-180-03\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-180-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.587461\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b83dd9b7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"httpd\", pkgver:\"2.2.32\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.32\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"httpd\", pkgver:\"2.2.32\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.32\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"httpd\", pkgver:\"2.2.32\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.32\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"httpd\", pkgver:\"2.4.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"httpd\", pkgver:\"2.4.26\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"httpd\", pkgver:\"2.4.26\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.26\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.4.26\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.26\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:30:54", "description": "Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : httpd (2017-81976b6a91)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-81976B6A91.NASL", "href": "https://www.tenable.com/plugins/nessus/101670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-81976b6a91.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101670);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n script_xref(name:\"FEDORA\", value:\"2017-81976b6a91\");\n\n script_name(english:\"Fedora 26 : httpd (2017-81976b6a91)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659\nCVE-2017-7668 CVE-2017-7679\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-81976b6a91\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"httpd-2.4.26-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:29:53", "description": "File /etc/sysconfig/httpd is ghosted now\n\n----\n\nVersion update\n\n----\n\nSecurity fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-18T00:00:00", "type": "nessus", "title": "Fedora 25 : httpd (2017-9ded7c5670)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-9DED7C5670.NASL", "href": "https://www.tenable.com/plugins/nessus/101778", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-9ded7c5670.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101778);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n script_xref(name:\"FEDORA\", value:\"2017-9ded7c5670\");\n\n script_name(english:\"Fedora 25 : httpd (2017-9ded7c5670)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"File /etc/sysconfig/httpd is ghosted now\n\n----\n\nVersion update\n\n----\n\nSecurity fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659\nCVE-2017-7668 CVE-2017-7679\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ded7c5670\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"httpd-2.4.27-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:31:46", "description": "Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Fedora 24 : httpd (2017-cf9599a306)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-CF9599A306.NASL", "href": "https://www.tenable.com/plugins/nessus/101511", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-cf9599a306.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101511);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n script_xref(name:\"FEDORA\", value:\"2017-cf9599a306\");\n\n script_name(english:\"Fedora 24 : httpd (2017-cf9599a306)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659\nCVE-2017-7668 CVE-2017-7679\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf9599a306\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"httpd-2.4.26-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:29:22", "description": "The Apache httpd project reports :\n\n- ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167) : Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.\n\n- mod_ssl NULL pointer Dereference (CVE-2017-3169):mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.\n\n- mod_http2 NULL pointer Dereference (CVE-2017-7659): A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.\n\n- ap_find_token() Buffer Overread (CVE-2017-7668):The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.\n\n- mod_mime Buffer Overread (CVE-2017-7679):mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-20T00:00:00", "type": "nessus", "title": "FreeBSD : Apache httpd -- several vulnerabilities (0c2db2aa-5584-11e7-9a7d-b499baebfeaf)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache22", "p-cpe:/a:freebsd:freebsd:apache24", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0C2DB2AA558411E79A7DB499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/100881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100881);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\", \"CVE-2017-7668\", \"CVE-2017-7679\");\n\n script_name(english:\"FreeBSD : Apache httpd -- several vulnerabilities (0c2db2aa-5584-11e7-9a7d-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache httpd project reports :\n\n- ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167) : Use\nof the ap_get_basic_auth_pw() by third-party modules outside of the\nauthentication phase may lead to authentication requirements being\nbypassed.\n\n- mod_ssl NULL pointer Dereference (CVE-2017-3169):mod_ssl may\ndereference a NULL pointer when third-party modules call\nap_hook_process_connection() during an HTTP request to an HTTPS port.\n\n- mod_http2 NULL pointer Dereference (CVE-2017-7659): A maliciously\nconstructed HTTP/2 request could cause mod_http2 to dereference a NULL\npointer and crash the server process.\n\n- ap_find_token() Buffer Overread (CVE-2017-7668):The HTTP strict\nparsing changes added in 2.2.32 and 2.4.24 introduced a bug in token\nlist parsing, which allows ap_find_token() to search past the end of\nits input string. By maliciously crafting a sequence of request\nheaders, an attacker may be able to cause a segmentation fault, or to\nforce ap_find_token() to return an incorrect value.\n\n- mod_mime Buffer Overread (CVE-2017-7679):mod_mime can read one byte\npast the end of a buffer when sending a malicious Content-Type\nresponse header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://httpd.apache.org/security/vulnerabilities_24.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://httpd.apache.org/security/vulnerabilities_22.html\"\n );\n # https://vuxml.freebsd.org/freebsd/0c2db2aa-5584-11e7-9a7d-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46a0c5a4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache22<2.2.33\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache24<2.4.26\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:28:54", "description": "According to its banner, the version of Apache running on the remote host is 2.2.x prior to 2.2.33-dev or 2.4.x prior to 2.4.26. It is, therefore, affected by the following vulnerabilities :\n\n - An authentication bypass vulnerability exists due to third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase. An unauthenticated, remote attacker can exploit this to bypass authentication requirements. (CVE-2017-3167)\n\n - A NULL pointer dereference flaw exists due to third-party module calls to the mod_ssl ap_hook_process_connection() function during an HTTP request to an HTTPS port. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-3169)\n\n - A NULL pointer dereference flaw exists in mod_http2 that is triggered when handling a specially crafted HTTP/2 request. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. Note that this vulnerability does not affect 2.2.x.\n (CVE-2017-7659)\n\n - An out-of-bounds read error exists in the ap_find_token() function due to improper handling of header sequences. An unauthenticated, remote attacker can exploit this, via a specially crafted header sequence, to cause a denial of service condition.\n (CVE-2017-7668)\n\n - An out-of-bounds read error exists in mod_mime due to improper handling of Content-Type response headers. An unauthenticated, remote attacker can exploit this, via a specially crafted Content-Type response header, to cause a denial of service condition or the disclosure of sensitive information. (CVE-2017-7679)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-22T00:00:00", "type": "nessus", "title": "Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_4_26.NASL", "href": "https://www.tenable.com/plugins/nessus/100995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100995);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7659\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\"\n );\n script_bugtraq_id(\n 99132,\n 99134,\n 99135,\n 99137,\n 99170\n );\n\n script_name(english:\"Apache 2.2.x < 2.2.33-dev / 2.4.x < 2.4.26 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache running on the remote\nhost is 2.2.x prior to 2.2.33-dev or 2.4.x prior to 2.4.26. It is,\ntherefore, affected by the following vulnerabilities :\n\n - An authentication bypass vulnerability exists due to\n third-party modules using the ap_get_basic_auth_pw()\n function outside of the authentication phase. An\n unauthenticated, remote attacker can exploit this to\n bypass authentication requirements. (CVE-2017-3167)\n\n - A NULL pointer dereference flaw exists due to\n third-party module calls to the mod_ssl\n ap_hook_process_connection() function during an HTTP\n request to an HTTPS port. An unauthenticated, remote\n attacker can exploit this to cause a denial of service\n condition. (CVE-2017-3169)\n\n - A NULL pointer dereference flaw exists in mod_http2 that\n is triggered when handling a specially crafted HTTP/2\n request. An unauthenticated, remote attacker can exploit\n this to cause a denial of service condition. Note that\n this vulnerability does not affect 2.2.x.\n (CVE-2017-7659)\n\n - An out-of-bounds read error exists in the\n ap_find_token() function due to improper handling of\n header sequences. An unauthenticated, remote attacker\n can exploit this, via a specially crafted header\n sequence, to cause a denial of service condition.\n (CVE-2017-7668)\n\n - An out-of-bounds read error exists in mod_mime due to\n improper handling of Content-Type response headers. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted Content-Type response header, to cause\n a denial of service condition or the disclosure of\n sensitive information. (CVE-2017-7679)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.2.32\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.4.26\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.2.33-dev / 2.4.26 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7679\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nconstraints = [\n { \"min_version\" : \"2.2\", \"fixed_version\" : \"2.2.33\" },\n { \"min_version\" : \"2.4\", \"fixed_version\" : \"2.4.26\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-23T14:56:16", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.26. It is, therefore, affected by the following vulnerabilities :\n\n - An authentication bypass vulnerability exists due to third-party modules using the ap_get_basic_auth_pw() function outside of the authentication phase. An unauthenticated, remote attacker can exploit this to bypass authentication requirements. (CVE-2017-3167)\n\n - A NULL pointer dereference flaw exists due to third-party module calls to the mod_ssl ap_hook_process_connection() function during an HTTP request to an HTTPS port. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-3169)\n\n - A NULL pointer dereference flaw exists in mod_http2 that is triggered when handling a specially crafted HTTP/2 request. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. Note that this vulnerability does not affect 2.2.x. (CVE-2017-7659)\n\n - An out-of-bounds read error exists in the ap_find_token() function due to improper handling of header sequences. An unauthenticated, remote attacker can exploit this, via a specially crafted header sequence, to cause a denial of service condition. (CVE-2017-7668)\n\n - An out-of-bounds read error exists in mod_mime due to improper handling of Content-Type response headers. An unauthenticated, remote attacker can exploit this, via a specially crafted Content-Type response header, to cause a denial of service condition or the disclosure of sensitive information. (CVE-2017-7679)\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.26 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98911", "href": "https://www.tenable.com/plugins/was/98911", "sourceData": "No source data", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:42:08", "description": "An update is now available for JBoss Core Services on RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* An out-of-bounds array dereference was found in apr_time_exp_get().\nAn attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-19T00:00:00", "type": "nessus", "title": "RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3477) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-3477.NASL", "href": "https://www.tenable.com/plugins/nessus/105369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3477. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105369);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-12613\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3477\");\n\n script_name(english:\"RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3477) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for JBoss Core Services on RHEL 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red\nHat JBoss middleware products. This software, such as Apache HTTP\nServer, is common to multiple JBoss middleware products, and is\npackaged under Red Hat JBoss Core Services to allow for faster\ndistribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 3 serves as an update to Red Hat JBoss Core Services\nApache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes,\nwhich are documented in the Release Notes document linked to in the\nReferences.\n\nSecurity Fix(es) :\n\n* An out-of-bounds array dereference was found in apr_time_exp_get().\nAn attacker could abuse an unvalidated usage of this function to cause\na denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n # https://access.redhat.com/documentation/en/red-hat-jboss-core-services/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75d9eb14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12613\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3477\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-devel-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-libs-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-libs-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-httpd-manual-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-selinux-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-tools-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_bmx-0.9.6-15.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-0.9.6-15.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-15.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-15.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ldap-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_session-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ssl-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.23-125.jbcs.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbcs-httpd24-httpd / jbcs-httpd24-httpd-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:42:01", "description": "An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* An out-of-bounds array dereference was found in apr_time_exp_get().\nAn attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-19T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3476) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-3476.NASL", "href": "https://www.tenable.com/plugins/nessus/105368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3476. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105368);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-12613\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3476\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3476) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red\nHat JBoss middleware products. This software, such as Apache HTTP\nServer, is common to multiple JBoss middleware products, and is\npackaged under Red Hat JBoss Core Services to allow for faster\ndistribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 3 serves as an update to Red Hat JBoss Core Services\nApache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes,\nwhich are documented in the Release Notes document linked to in the\nReferences.\n\nSecurity Fix(es) :\n\n* An out-of-bounds array dereference was found in apr_time_exp_get().\nAn attacker could abuse an unvalidated usage of this function to cause\na denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n # https://access.redhat.com/documentation/en/red-hat-jboss-core-services/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75d9eb14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12613\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3476\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-libs-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-httpd-manual-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-0.9.6-15.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-15.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.23-125.jbcs.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbcs-httpd24-httpd / jbcs-httpd24-httpd-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:29:03", "description": "This update for apache2 provides the following fixes: Security issues fixed :\n\n - CVE-2017-3167: In Apache use of httpd ap_get_basic_auth_pw() outside of the authentication phase could lead to authentication requirements bypass (bsc#1045065)\n\n - CVE-2017-3169: In mod_ssl may have a dereference NULL pointer issue which could lead to denial of service (bsc#1045062)\n\n - CVE-2017-7679: In mod_mime can buffer over-read by 1 byte, potentially leading to a crash or information disclosure (bsc#1045060) Non-Security issues fixed :\n\n - Remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade. (bsc#1041830)\n\n - In gensslcert, use hostname when fqdn is too long.\n (bsc#1035829)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-29T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:1714-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1714-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101109", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1714-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101109);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:1714-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 provides the following fixes: Security issues\nfixed :\n\n - CVE-2017-3167: In Apache use of httpd\n ap_get_basic_auth_pw() outside of the authentication\n phase could lead to authentication requirements bypass\n (bsc#1045065)\n\n - CVE-2017-3169: In mod_ssl may have a dereference NULL\n pointer issue which could lead to denial of service\n (bsc#1045062)\n\n - CVE-2017-7679: In mod_mime can buffer over-read by 1\n byte, potentially leading to a crash or information\n disclosure (bsc#1045060) Non-Security issues fixed :\n\n - Remove /usr/bin/http2 symlink only during apache2\n package uninstall, not upgrade. (bsc#1041830)\n\n - In gensslcert, use hostname when fqdn is too long.\n (bsc#1035829)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7679/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171714-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c976ba53\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1062=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1062=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1062=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-2.4.23-28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-debuginfo-2.4.23-28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-debugsource-2.4.23-28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-example-pages-2.4.23-28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-prefork-2.4.23-28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-prefork-debuginfo-2.4.23-28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-utils-2.4.23-28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-utils-debuginfo-2.4.23-28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-worker-2.4.23-28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"apache2-worker-debuginfo-2.4.23-28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:29:44", "description": "This update for apache2 provides the following fixes :\n\nSecurity issues fixed :\n\n - CVE-2017-3167: In Apache use of httpd ap_get_basic_auth_pw() outside of the authentication phase could lead to authentication requirements bypass (bsc#1045065)\n\n - CVE-2017-3169: In mod_ssl may have a dereference NULL pointer issue which could lead to denial of service (bsc#1045062)\n\n - CVE-2017-7679: In mod_mime can buffer over-read by 1 byte, potentially leading to a crash or information disclosure (bsc#1045060)\n\nNon-Security issues fixed :\n\n - Remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade. (bsc#1041830)\n\n - In gensslcert, use hostname when fqdn is too long.\n (bsc#1035829)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-2017-786)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-786.NASL", "href": "https://www.tenable.com/plugins/nessus/101283", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-786.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101283);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-2017-786)\");\n script_summary(english:\"Check for the openSUSE-2017-786 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 provides the following fixes :\n\nSecurity issues fixed :\n\n - CVE-2017-3167: In Apache use of httpd\n ap_get_basic_auth_pw() outside of the authentication\n phase could lead to authentication requirements bypass\n (bsc#1045065)\n\n - CVE-2017-3169: In mod_ssl may have a dereference NULL\n pointer issue which could lead to denial of service\n (bsc#1045062)\n\n - CVE-2017-7679: In mod_mime can buffer over-read by 1\n byte, potentially leading to a crash or information\n disclosure (bsc#1045060)\n\nNon-Security issues fixed :\n\n - Remove /usr/bin/http2 symlink only during apache2\n package uninstall, not upgrade. (bsc#1041830)\n\n - In gensslcert, use hostname when fqdn is too long.\n (bsc#1035829)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1041830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1045060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1045062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1045065\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-debuginfo-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-debugsource-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-devel-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-event-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-event-debuginfo-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-example-pages-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-prefork-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-prefork-debuginfo-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-utils-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-utils-debuginfo-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-worker-2.4.23-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-worker-debuginfo-2.4.23-8.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-02T14:56:19", "description": "s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : \n\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.", "cvss3": {}, "published": "2006-03-21T00:00:00", "type": "nessus", "title": "HP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088", "CVE-2005-2491", "CVE-2005-2728"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_34123.NASL", "href": "https://www.tenable.com/plugins/nessus/21107", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_34123. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21107);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-1268\", \"CVE-2005-2088\", \"CVE-2005-2491\", \"CVE-2005-2728\");\n script_bugtraq_id(14106, 14366, 14620);\n script_xref(name:\"HP\", value:\"emr_na-c00555254\");\n script_xref(name:\"HP\", value:\"HPSBUX02074\");\n script_xref(name:\"HP\", value:\"SSRT051251\");\n\n script_name(english:\"HP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : \n\nPotential security vulnerabilities have been identified with Apache\nrunning on HP-UX. These vulnerability could be exploited remotely to\nallow execution of arbitrary code, Denial of Service (DoS), or\nunauthorized access.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00555254\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c4fcb93\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_34123 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/03/21\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2006/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_34123 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_34123\", \"PHSS_34932\", \"PHSS_35436\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"VaultDOC.VV-HTML-MAN\", version:\"A.04.70\")) flag++;\nif (hpux_check_patch(app:\"VaultTS.VV-IWS-GUI\", version:\"A.04.70\")) flag++;\nif (hpux_check_patch(app:\"VaultWS.WS-CORE\", version:\"A.04.70\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-02T14:56:18", "description": "s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : \n\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.", "cvss3": {}, "published": "2006-03-21T00:00:00", "type": "nessus", "title": "HP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088", "CVE-2005-2491", "CVE-2005-2728"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_34163.NASL", "href": "https://www.tenable.com/plugins/nessus/21108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_34163. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21108);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-1268\", \"CVE-2005-2088\", \"CVE-2005-2491\", \"CVE-2005-2728\");\n script_bugtraq_id(14106, 14366, 14620);\n script_xref(name:\"HP\", value:\"emr_na-c00555254\");\n script_xref(name:\"HP\", value:\"HPSBUX02074\");\n script_xref(name:\"HP\", value:\"SSRT051251\");\n\n script_name(english:\"HP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : \n\nPotential security vulnerabilities have been identified with Apache\nrunning on HP-UX. These vulnerability could be exploited remotely to\nallow execution of arbitrary code, Denial of Service (DoS), or\nunauthorized access.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00555254\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c4fcb93\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_34163 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/03/21\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2006/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.04\"))\n{\n exit(0, \"The host is not affected since PHSS_34163 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHSS_34163\", \"PHSS_35437\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"HP_Webproxy.HPWEB-PX-CORE\", version:\"A.02.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:36:06", "description": "The remote host is running a version of FireEye Operating System (FEOS) that is affected by multiple vulnerabilities. See vendor release notes for details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-05T00:00:00", "type": "nessus", "title": "FireEye Operating System Multiple Vulnerabilities (AX < 7.7.7 / EX < 8.0.1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000364", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/o:fireeye:feos"], "id": "FIREEYE_OS_EX_801.NASL", "href": "https://www.tenable.com/plugins/nessus/103673", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103673);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7659\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-1000364\"\n );\n script_bugtraq_id(\n 99130,\n 99132,\n 99134,\n 99135,\n 99137,\n 99170\n );\n script_xref(name:\"IAVA\", value:\"2017-A-0288-S\");\n\n script_name(english:\"FireEye Operating System Multiple Vulnerabilities (AX < 7.7.7 / EX < 8.0.1)\");\n script_summary(english:\"Checks the version of FEOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of FireEye Operating System\n(FEOS) that is affected by multiple vulnerabilities. See vendor release notes for details.\");\n # https://insinuator.net/2017/09/fireeye-security-bug-connection-to-physical-host-and-adjacent-network-possible-during-analysis-in-live-mode/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dd3c01c0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.fireeye.com/docs/docs_en/AX/sw/7.7.7/RN/AX_RN_7.7.7_en.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.fireeye.com/docs/docs_en/EX/sw/8.0.1/RN/EX_RN_8.0.1_en.pdf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in the vendor release notes.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Solaris RSH Stack Clash Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fireeye:feos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"fireeye_os_version.nbin\");\n script_require_keys(\"Host/FireEye/series\", \"Host/FireEye/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"FireEye OS\";\nseries = get_kb_item_or_exit(\"Host/FireEye/series\");\nversion = get_kb_item_or_exit(\"Host/FireEye/version\");\n\nif (series == \"EX\") fix = \"8.0.1\";\nelse if (series == \"AX\") fix = \"7.7.7\";\nelse audit(AUDIT_DEVICE_NOT_VULN, \"FireEye \"+series);\n\nreport =\n '\\n Series : ' + series +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : report\n );\n exit(0);\n}\n\nelse audit(AUDIT_DEVICE_NOT_VULN, \"FireEye \"+series, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:22:56", "description": "The remote host is affected by the vulnerability described in GLSA-200602-03 (Apache: Multiple vulnerabilities)\n\n Apache's mod_imap fails to properly sanitize the 'Referer' directive of imagemaps in some cases, leaving the HTTP Referer header unescaped. A flaw in mod_ssl can lead to a NULL pointer dereference if the site uses a custom 'Error 400' document. These vulnerabilities were reported by Marc Cox and Hartmut Keil, respectively.\n Impact :\n\n A remote attacker could exploit mod_imap to inject arbitrary HTML or JavaScript into a user's browser to gather sensitive information.\n Attackers could also cause a Denial of Service on hosts using the SSL module (Apache 2.0.x only).\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2006-02-10T00:00:00", "type": "nessus", "title": "GLSA-200602-03 : Apache: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3352", "CVE-2005-3357"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200602-03.NASL", "href": "https://www.tenable.com/plugins/nessus/20874", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200602-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20874);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\");\n script_bugtraq_id(15834, 16152);\n script_xref(name:\"GLSA\", value:\"200602-03\");\n\n script_name(english:\"GLSA-200602-03 : Apache: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200602-03\n(Apache: Multiple vulnerabilities)\n\n Apache's mod_imap fails to properly sanitize the 'Referer' directive of\n imagemaps in some cases, leaving the HTTP Referer header unescaped. A\n flaw in mod_ssl can lead to a NULL pointer dereference if the site uses\n a custom 'Error 400' document. These vulnerabilities were reported by\n Marc Cox and Hartmut Keil, respectively.\n \nImpact :\n\n A remote attacker could exploit mod_imap to inject arbitrary HTML or\n JavaScript into a user's browser to gather sensitive information.\n Attackers could also cause a Denial of Service on hosts using the SSL\n module (Apache 2.0.x only).\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200602-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache users should upgrade to the latest version, depending on\n whether they still use the old configuration style\n (/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).\n 2.0.x users, new style config:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.0.55-r1'\n 2.0.x users, old style config:\n # emerge --sync\n # emerge --ask --oneshot --verbose '=www-servers/apache-2.0.54-r16'\n 1.x users, new style config:\n # emerge --sync\n # emerge --ask --oneshot --verbose '=www-servers/apache-1.3.34-r11'\n 1.x users, old style config:\n # emerge --sync\n # emerge --ask --oneshot --verbose '=www-servers/apache-1.3.34-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/02/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.0.55-r1\", \"rge 2.0.54-r16\", \"eq 1.3.34-r2\", \"rge 1.3.34-r11\", \"rge 1.3.37\"), vulnerable:make_list(\"lt 2.0.55-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:22:44", "description": "The 'mod_imap' module (which provides support for image maps) did not properly escape the 'referer' URL which rendered it vulnerable against a cross-site scripting attack. A malicious web page (or HTML email) could trick a user into visiting a site running the vulnerable mod_imap, and employ cross-site-scripting techniques to gather sensitive user information from that site. (CVE-2005-3352)\n\nHartmut Keil discovered a Denial of Service vulnerability in the SSL module ('mod_ssl') that affects SSL-enabled virtual hosts with a customized error page for error 400. By sending a specially crafted request to the server, a remote attacker could crash the server. This only affects Apache 2, and only if the 'worker' implementation (apache2-mpm-worker) is used. (CVE-2005-3357).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2006-01-21T00:00:00", "type": "nessus", "title": "Ubuntu 4.10 / 5.04 / 5.10 : apache2, apache vulnerabilities (USN-241-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3352", "CVE-2005-3357"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache", "p-cpe:/a:canonical:ubuntu_linux:apache-common", "p-cpe:/a:canonical:ubuntu_linux:apache-dbg", "p-cpe:/a:canonical:ubuntu_linux:apache-dev", "p-cpe:/a:canonical:ubuntu_linux:apache-doc", "p-cpe:/a:canonical:ubuntu_linux:apache-perl", "p-cpe:/a:canonical:ubuntu_linux:apache-ssl", "p-cpe:/a:canonical:ubuntu_linux:apache-utils", "p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-doc", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "p-cpe:/a:canonical:ubuntu_linux:libapache-mod-perl", "p-cpe:/a:canonical:ubuntu_linux:libapr0", "p-cpe:/a:canonical:ubuntu_linux:libapr0-dev", "cpe:/o:canonical:ubuntu_linux:4.10", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:5.10"], "id": "UBUNTU_USN-241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20788", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-241-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20788);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\");\n script_xref(name:\"USN\", value:\"241-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 / 5.10 : apache2, apache vulnerabilities (USN-241-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 'mod_imap' module (which provides support for image maps) did not\nproperly escape the 'referer' URL which rendered it vulnerable against\na cross-site scripting attack. A malicious web page (or HTML email)\ncould trick a user into visiting a site running the vulnerable\nmod_imap, and employ cross-site-scripting techniques to gather\nsensitive user information from that site. (CVE-2005-3352)\n\nHartmut Keil discovered a Denial of Service vulnerability in the SSL\nmodule ('mod_ssl') that affects SSL-enabled virtual hosts with a\ncustomized error page for error 400. By sending a specially crafted\nrequest to the server, a remote attacker could crash the server. This\nonly affects Apache 2, and only if the 'worker' implementation\n(apache2-mpm-worker) is used. (CVE-2005-3357).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-common\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-dbg\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-dev\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-doc\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-perl\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-ssl\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache-utils\", pkgver:\"1.3.31-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-common\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-doc\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-threadpool\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapache-mod-perl\", pkgver:\"1.29.0.2.0-6ubuntu0.9\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapr0\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapr0-dev\", pkgver:\"2.0.50-12ubuntu4.10\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-common\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-dbg\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-dev\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-doc\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-perl\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-ssl\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache-utils\", pkgver:\"1.3.33-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-common\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-doc\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-threadpool\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-utils\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapache-mod-perl\", pkgver:\"1.29.0.3-4ubuntu2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapr0\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapr0-dev\", pkgver:\"2.0.53-5ubuntu5.5\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-common\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-dbg\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-dev\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-doc\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-perl\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-ssl\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache-utils\", pkgver:\"1.3.33-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-common\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-doc\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-mpm-threadpool\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"apache2-utils\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapache-mod-perl\", pkgver:\"1.29.0.3-8ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapr0\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libapr0-dev\", pkgver:\"2.0.54-5ubuntu4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache / apache-common / apache-dbg / apache-dev / apache-doc / etc\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:22:01", "description": "A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352).\n\nAlso, a NULL pointer dereference flaw was found in mod_ssl that affects server configurations where an SSL virtual host was configured with access controls and a custom 400 error document. This could allow a remote attacker to send a carefully crafted request to trigger the issue and cause a crash, but only with the non-default worker MPM (CVE-2005-3357).\n\nThe provided packages have been patched to prevent these problems.", "cvss3": {}, "published": "2006-01-15T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : apache2 (MDKSA-2006:007)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3352", "CVE-2005-3357"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-base", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache-mod_cache", "p-cpe:/a:mandriva:linux:apache-mod_dav", "p-cpe:/a:mandriva:linux:apache-mod_deflate", "p-cpe:/a:mandriva:linux:apache-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache-mod_file_cache", "p-cpe:/a:mandriva:linux:apache-mod_ldap", "p-cpe:/a:mandriva:linux:apache-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache-mod_proxy", "p-cpe:/a:mandriva:linux:apache-mod_ssl", "p-cpe:/a:mandriva:linux:apache-mod_userdir", "p-cpe:/a:mandriva:linux:apache-modules", "p-cpe:/a:mandriva:linux:apache-mpm-peruser", "p-cpe:/a:mandriva:linux:apache-mpm-prefork", "p-cpe:/a:mandriva:linux:apache-mpm-worker", "p-cpe:/a:mandriva:linux:apache-source", "p-cpe:/a:mandriva:linux:apache2", "p-cpe:/a:mandriva:linux:apache2-common", "p-cpe:/a:mandriva:linux:apache2-devel", "p-cpe:/a:mandriva:linux:apache2-manual", "p-cpe:/a:mandriva:linux:apache2-mod_cache", "p-cpe:/a:mandriva:linux:apache2-mod_dav", "p-cpe:/a:mandriva:linux:apache2-mod_deflate", "p-cpe:/a:mandriva:linux:apache2-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache2-mod_file_cache", "p-cpe:/a:mandriva:linux:apache2-mod_ldap", "p-cpe:/a:mandriva:linux:apache2-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache2-mod_proxy", "p-cpe:/a:mandriva:linux:apache2-mod_ssl", "p-cpe:/a:mandriva:linux:apache2-modules", "p-cpe:/a:mandriva:linux:apache2-peruser", "p-cpe:/a:mandriva:linux:apache2-source", "p-cpe:/a:mandriva:linux:apache2-worker", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandriva:linux:2006", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2006-007.NASL", "href": "https://www.tenable.com/plugins/nessus/20473", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:007. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20473);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\");\n script_xref(name:\"MDKSA\", value:\"2006:007\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache2 (MDKSA-2006:007)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in mod_imap when using the Referer directive\nwith image maps that could be used by a remote attacker to perform a\ncross- site scripting attack, in certain site configurations, if a\nvictim could be forced to visit a malicious URL using certain web\nbrowsers (CVE-2005-3352).\n\nAlso, a NULL pointer dereference flaw was found in mod_ssl that\naffects server configurations where an SSL virtual host was configured\nwith access controls and a custom 400 error document. This could allow\na remote attacker to send a carefully crafted request to trigger the\nissue and cause a crash, but only with the non-default worker MPM\n(CVE-2005-3357).\n\nThe provided packages have been patched to prevent these problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-common-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-devel-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-manual-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_cache-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_dav-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_deflate-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_disk_cache-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_file_cache-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_ldap-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_mem_cache-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_proxy-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_ssl-2.0.50-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-modules-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-source-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-worker-2.0.50-7.6.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-common-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-devel-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-manual-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_cache-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_dav-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_deflate-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_disk_cache-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_file_cache-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_ldap-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_mem_cache-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_proxy-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_ssl-2.0.53-8.3.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-modules-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-peruser-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-source-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-worker-2.0.53-9.4.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-base-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-devel-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_cache-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_dav-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_deflate-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_disk_cache-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_file_cache-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_ldap-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_mem_cache-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_proxy-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_ssl-2.0.54-6.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mod_userdir-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-modules-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mpm-peruser-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mpm-prefork-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-mpm-worker-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"apache-source-2.0.54-13.2.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T14:36:15", "description": "This update includes two security fixes. An issue was discovered in mod_ssl where 'SSLVerifyClient require' would not be honoured in location context if the virtual host had 'SSLVerifyClient optional' configured (CVE-2005-2700). An issue was discovered in memory consumption of the byterange filter for dynamic resources such as PHP or CGI script (CVE-2005-2728).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-09-17T00:00:00", "type": "nessus", "title": "Fedora Core 3 : httpd-2.0.53-3.3 (2005-848)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2700", "CVE-2005-2728"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:httpd-suexec", "p-cpe:/a:fedoraproject:fedora:mod_ssl", "cpe:/o:fedoraproject:fedora_core:3"], "id": "FEDORA_2005-848.NASL", "href": "https://www.tenable.com/plugins/nessus/19727", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-848.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19727);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-848\");\n\n script_name(english:\"Fedora Core 3 : httpd-2.0.53-3.3 (2005-848)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes two security fixes. An issue was discovered in\nmod_ssl where 'SSLVerifyClient require' would not be honoured in\nlocation context if the virtual host had 'SSLVerifyClient optional'\nconfigured (CVE-2005-2700). An issue was discovered in memory\nconsumption of the byterange filter for dynamic resources such as PHP\nor CGI script (CVE-2005-2728).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-September/001343.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4989b5ff\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"httpd-2.0.53-3.3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-debuginfo-2.0.53-3.3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-devel-2.0.53-3.3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-manual-2.0.53-3.3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-suexec-2.0.53-3.3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"mod_ssl-2.0.53-3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-suexec / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:36:18", "description": "This update includes two security fixes. An issue was discovered in mod_ssl where 'SSLVerifyClient require' would not be honoured in location context if the virtual host had 'SSLVerifyClient optional' configured (CVE-2005-2700). An issue was discovered in memory consumption of the byterange filter for dynamic resources such as PHP or CGI script (CVE-2005-2728).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-09-17T00:00:00", "type": "nessus", "title": "Fedora Core 4 : httpd-2.0.54-10.2 (2005-849)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2700", "CVE-2005-2728"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:mod_ssl", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2005-849.NASL", "href": "https://www.tenable.com/plugins/nessus/19728", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-849.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19728);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-849\");\n\n script_name(english:\"Fedora Core 4 : httpd-2.0.54-10.2 (2005-849)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes two security fixes. An issue was discovered in\nmod_ssl where 'SSLVerifyClient require' would not be honoured in\nlocation context if the virtual host had 'SSLVerifyClient optional'\nconfigured (CVE-2005-2700). An issue was discovered in memory\nconsumption of the byterange filter for dynamic resources such as PHP\nor CGI script (CVE-2005-2728).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-September/001342.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5f70a26\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"httpd-2.0.54-10.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"httpd-debuginfo-2.0.54-10.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"httpd-devel-2.0.54-10.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"httpd-manual-2.0.54-10.2\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"mod_ssl-2.0.54-10.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-11T14:45:46", "description": "A flaw was discovered in mod_ssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. (CVE-2005-2700)\n\nA flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service. (CVE-2005-2728)\n\nThe updated packages have been patched to address these issues.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2700", "CVE-2005-2728"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache2", "p-cpe:/a:mandriva:linux:apache2-common", "p-cpe:/a:mandriva:linux:apache2-devel", "p-cpe:/a:mandriva:linux:apache2-manual", "p-cpe:/a:mandriva:linux:apache2-mod_cache", "p-cpe:/a:mandriva:linux:apache2-mod_dav", "p-cpe:/a:mandriva:linux:apache2-mod_deflate", "p-cpe:/a:mandriva:linux:apache2-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache2-mod_file_cache", "p-cpe:/a:mandriva:linux:apache2-mod_ldap", "p-cpe:/a:mandriva:linux:apache2-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache2-mod_proxy", "p-cpe:/a:mandriva:linux:apache2-mod_ssl", "p-cpe:/a:mandriva:linux:apache2-modules", "p-cpe:/a:mandriva:linux:apache2-peruser", "p-cpe:/a:mandriva:linux:apache2-source", "p-cpe:/a:mandriva:linux:apache2-worker", "p-cpe:/a:mandriva:linux:lib64apr0", "p-cpe:/a:mandriva:linux:libapr0", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2005-161.NASL", "href": "https://www.tenable.com/plugins/nessus/19916", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:161. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19916);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2700\", \"CVE-2005-2728\");\n script_xref(name:\"MDKSA\", value:\"2005:161\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in mod_ssl's handling of the 'SSLVerifyClient'\ndirective. This flaw occurs if a virtual host is configured using\n'SSLVerifyClient optional' and a directive 'SSLVerifyClient required'\nis set for a specific location. For servers configured in this\nfashion, an attacker may be able to access resources that should\notherwise be protected, by not supplying a client certificate when\nconnecting. (CVE-2005-2700)\n\nA flaw was discovered in Apache httpd where the byterange filter would\nbuffer certain responses into memory. If a server has a dynamic\nresource such as a CGI script or PHP script that generates a large\namount of data, an attacker could send carefully crafted requests in\norder to consume resources, potentially leading to a Denial of\nService. (CVE-2005-2728)\n\nThe updated packages have been patched to address these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64apr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-common-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-devel-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-manual-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_cache-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_dav-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_deflate-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_disk_cache-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_file_cache-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ldap-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_mem_cache-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_proxy-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ssl-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-modules-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-source-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64apr0-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libapr0-2.0.48-6.11.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-common-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-devel-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-manual-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_cache-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_dav-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_deflate-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_disk_cache-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_file_cache-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_ldap-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_mem_cache-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_proxy-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_ssl-2.0.50-4.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-modules-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-source-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-worker-2.0.50-7.4.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-common-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-devel-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-manual-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_cache-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_dav-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_deflate-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_disk_cache-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_file_cache-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_ldap-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_mem_cache-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_proxy-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_ssl-2.0.53-8.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-modules-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-peruser-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-source-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-worker-2.0.53-9.2.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:26:19", "description": "Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was discovered in mod_ssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2700 to this issue.\n\nA flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service. (CVE-2005-2728)\n\nUsers of Apache httpd should update to these errata packages that contain backported patches to correct these issues.", "cvss3": {}, "published": "2006-07-03T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : httpd (CESA-2005:608)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2700", "CVE-2005-2728"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-suexec", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-608.NASL", "href": "https://www.tenable.com/plugins/nessus/21845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:608 and \n# CentOS Errata and Security Advisory 2005:608 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21845);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2700\", \"CVE-2005-2728\");\n script_xref(name:\"RHSA\", value:\"2005:608\");\n\n script_name(english:\"CentOS 3 / 4 : httpd (CESA-2005:608)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that correct two security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was discovered in mod_ssl's handling of the 'SSLVerifyClient'\ndirective. This flaw occurs if a virtual host is configured using\n'SSLVerifyClient optional' and a directive 'SSLVerifyClient required'\nis set for a specific location. For servers configured in this\nfashion, an attacker may be able to access resources that should\notherwise be protected, by not supplying a client certificate when\nconnecting. The Common Vulnerabilities and Exposures project assigned\nthe name CVE-2005-2700 to this issue.\n\nA flaw was discovered in Apache httpd where the byterange filter would\nbuffer certain responses into memory. If a server has a dynamic\nresource such as a CGI script or PHP script that generates a large\namount of data, an attacker could send carefully crafted requests in\norder to consume resources, potentially leading to a Denial of\nService. (CVE-2005-2728)\n\nUsers of Apache httpd should update to these errata packages that\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012113.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8ace65b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012114.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48e31449\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?81f110a4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012118.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?affef2d3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012119.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f48d9a8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012121.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5db487cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"httpd-2.0.46-46.3.ent.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"httpd-devel-2.0.46-46.3.ent.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mod_ssl-2.0.46-46.3.ent.centos.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-2.0.52-12.2.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-devel-2.0.52-12.2.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-manual-2.0.52-12.2.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-suexec-2.0.52-12.2.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mod_ssl-2.0.52-12.2.ent.centos4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:44:51", "description": "Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was discovered in mod_ssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2700 to this issue.\n\nA flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service. (CVE-2005-2728)\n\nUsers of Apache httpd should update to these errata packages that contain backported patches to correct these issues.", "cvss3": {}, "published": "2005-09-12T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : httpd (RHSA-2005:608)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2700", "CVE-2005-2728"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-suexec", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-608.NASL", "href": "https://www.tenable.com/plugins/nessus/19673", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:608. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19673);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2700\", \"CVE-2005-2728\");\n script_xref(name:\"RHSA\", value:\"2005:608\");\n\n script_name(english:\"RHEL 3 / 4 : httpd (RHSA-2005:608)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that correct two security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was discovered in mod_ssl's handling of the 'SSLVerifyClient'\ndirective. This flaw occurs if a virtual host is configured using\n'SSLVerifyClient optional' and a directive 'SSLVerifyClient required'\nis set for a specific location. For servers configured in this\nfashion, an attacker may be able to access resources that should\notherwise be protected, by not supplying a client certificate when\nconnecting. The Common Vulnerabilities and Exposures project assigned\nthe name CVE-2005-2700 to this issue.\n\nA flaw was discovered in Apache httpd where the byterange filter would\nbuffer certain responses into memory. If a server has a dynamic\nresource such as a CGI script or PHP script that generates a large\namount of data, an attacker could send carefully crafted requests in\norder to consume resources, potentially leading to a Denial of\nService. (CVE-2005-2728)\n\nUsers of Apache httpd should update to these errata packages that\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:608\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:608\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-46.3.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-46.3.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-46.3.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-2.0.52-12.2.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-devel-2.0.52-12.2.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-manual-2.0.52-12.2.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-suexec-2.0.52-12.2.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_ssl-2.0.52-12.2.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:37:38", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:046 (apache,apache2).\n\n\nA security flaw was found in the Apache and Apache2 web servers which allows remote attacker to 'smuggle' requests past filters by providing handcrafted header entries.\n\nFixed Apache 2 server packages were released on July 26th, fixed Apache 1 server packages were released on August 15th.\n\nThis issue is tracked by the Mitre CVE ID CVE-2005-2088.\n\nThe Apache2 packages additionally fix a single byte overflow in the SSL CRL handling functionality, tracked by the Mitre CVE ID CVE-2005-1268.\n\nThe Apache1 packages additionally fix a harmless local buffer overflow in htpasswd.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "SUSE-SA:2005:046: apache,apache2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2005_046.NASL", "href": "https://www.tenable.com/plugins/nessus/19925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:046\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(19925);\n script_version(\"1.9\");\n \n name[\"english\"] = \"SUSE-SA:2005:046: apache,apache2\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2005:046 (apache,apache2).\n\n\nA security flaw was found in the Apache and Apache2 web servers which\nallows remote attacker to 'smuggle' requests past filters by providing\nhandcrafted header entries.\n\nFixed Apache 2 server packages were released on July 26th,\nfixed Apache 1 server packages were released on August 15th.\n\nThis issue is tracked by the Mitre CVE ID CVE-2005-2088.\n\nThe Apache2 packages additionally fix a single byte overflow in the SSL\nCRL handling functionality, tracked by the Mitre CVE ID CVE-2005-1268.\n\nThe Apache1 packages additionally fix a harmless local buffer overflow\nin htpasswd.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2005_46_apache.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/10/05\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the apache,apache2 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"apache2-2.0.48-152\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-devel-2.0.48-152\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-doc-2.0.48-152\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-example-pages-2.0.48-152\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-leader-2.0.48-152\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.48-152\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.48-152\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libapr0-2.0.48-152\", release:\"SUSE8.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache-1.3.28-79\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.48-152\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-devel-2.0.48-152\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-doc-2.0.48-152\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-example-pages-2.0.48-152\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-leader-2.0.48-152\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-metuxmpm-2.0.48-152\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.48-152\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.48-152\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libapr0-2.0.48-152\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"mod_ssl-2.8.15-79\", release:\"SUSE9.0\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.49-27.29\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-devel-2.0.49-27.29\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-doc-2.0.49-27.29\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-example-pages-2.0.49-27.29\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.49-27.29\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.49-27.29\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libapr0-2.0.49-27.29\", release:\"SUSE9.1\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.50-7.4\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.50-7.4\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.50-7.4\", release:\"SUSE9.2\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.53-9.2\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.53-9.2\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.53-9.2\", release:\"SUSE9.3\") )\n{\n security_hole(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:35:14", "description": "This update security fixes for CVE-2005-2088 and CVE-2005-1268, along with some minor bug fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-08-03T00:00:00", "type": "nessus", "title": "Fedora Core 4 : httpd-2.0.54-10.1 (2005-639)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:mod_ssl", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2005-639.NASL", "href": "https://www.tenable.com/plugins/nessus/19375", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-639.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19375);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-639\");\n\n script_name(english:\"Fedora Core 4 : httpd-2.0.54-10.1 (2005-639)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update security fixes for CVE-2005-2088 and CVE-2005-1268, along\nwith some minor bug fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-August/001188.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f518757b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"httpd-2.0.54-10.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"httpd-debuginfo-2.0.54-10.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"httpd-devel-2.0.54-10.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"httpd-manual-2.0.54-10.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"mod_ssl-2.0.54-10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-04T14:51:59", "description": "Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server.\n\nWatchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header.\nThis caused Apache to incorrectly handle and forward the body of the request in a way that the receiving server processes it as a separate HTTP request. This could allow the bypass of Web application firewall protection or lead to cross-site scripting (XSS) attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-2088 to this issue.\n\nMarc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list (CRL). The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1268 to this issue.\n\nUsers of Apache httpd should update to these errata packages that contain backported patches to correct these issues.", "cvss3": {}, "published": "2005-07-25T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : httpd (RHSA-2005:582)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-suexec", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-582.NASL", "href": "https://www.tenable.com/plugins/nessus/19296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:582. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19296);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1268\", \"CVE-2005-2088\");\n script_xref(name:\"RHSA\", value:\"2005:582\");\n\n script_name(english:\"RHEL 3 / 4 : httpd (RHSA-2005:582)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages to correct two security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nWatchfire reported a flaw that occured when using the Apache server as\nan HTTP proxy. A remote attacker could send an HTTP request with both\na 'Transfer-Encoding: chunked' header and a 'Content-Length' header.\nThis caused Apache to incorrectly handle and forward the body of the\nrequest in a way that the receiving server processes it as a separate\nHTTP request. This could allow the bypass of Web application firewall\nprotection or lead to cross-site scripting (XSS) attacks. The Common\nVulnerabilities and Exposures project (cve.mitre.org) assigned the\nname CVE-2005-2088 to this issue.\n\nMarc Stern reported an off-by-one overflow in the mod_ssl CRL\nverification callback. In order to exploit this issue the Apache\nserver would need to be configured to use a malicious certificate\nrevocation list (CRL). The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) assigned the name CVE-2005-1268 to this issue.\n\nUsers of Apache httpd should update to these errata packages that\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf\"\n );\n # http://issues.apache.org/bugzilla/show_bug.cgi?id=35081\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=35081\"\n );\n # http://issues.apache.org/bugzilla/show_bug.cgi?id=34588\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=34588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:582\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:582\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-46.2.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-46.2.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-46.2.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-2.0.52-12.1.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-devel-2.0.52-12.1.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-manual-2.0.52-12.1.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-suexec-2.0.52-12.1.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_ssl-2.0.52-12.1.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-04T14:53:13", "description": "Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list (CVE-2005-1268).\n\nWatchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CVE-2005-2088).\n\nThe updated packages have been patched to prevent these issues.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : apache2 (MDKSA-2005:129)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache2", "p-cpe:/a:mandriva:linux:apache2-common", "p-cpe:/a:mandriva:linux:apache2-devel", "p-cpe:/a:mandriva:linux:apache2-manual", "p-cpe:/a:mandriva:linux:apache2-mod_cache", "p-cpe:/a:mandriva:linux:apache2-mod_dav", "p-cpe:/a:mandriva:linux:apache2-mod_deflate", "p-cpe:/a:mandriva:linux:apache2-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache2-mod_file_cache", "p-cpe:/a:mandriva:linux:apache2-mod_ldap", "p-cpe:/a:mandriva:linux:apache2-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache2-mod_proxy", "p-cpe:/a:mandriva:linux:apache2-mod_ssl", "p-cpe:/a:mandriva:linux:apache2-modules", "p-cpe:/a:mandriva:linux:apache2-peruser", "p-cpe:/a:mandriva:linux:apache2-source", "p-cpe:/a:mandriva:linux:apache2-worker", "p-cpe:/a:mandriva:linux:lib64apr0", "p-cpe:/a:mandriva:linux:libapr0", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2005-129.NASL", "href": "https://www.tenable.com/plugins/nessus/19889", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:129. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19889);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1268\", \"CVE-2005-2088\");\n script_bugtraq_id(14106, 14366);\n script_xref(name:\"MDKSA\", value:\"2005:129\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache2 (MDKSA-2005:129)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marc Stern reported an off-by-one overflow in the mod_ssl CRL\nverification callback which can only be exploited if the Apache server\nis configured to use a malicious certificate revocation list\n(CVE-2005-1268).\n\nWatchfire reported a flaw that occured when using the Apache server as\na HTTP proxy. A remote attacker could send an HTTP request with both a\n'Transfer-Encoding: chunked' header and a 'Content-Length' header\nwhich would cause Apache to incorrectly handle and forward the body of\nthe request in a way that the receiving server processed it as a\nseparate HTTP request. This could be used to allow the bypass of web\napplication firewall protection or lead to cross-site scripting (XSS)\nattacks (CVE-2005-2088).\n\nThe updated packages have been patched to prevent these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64apr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-common-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-devel-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-manual-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_cache-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_dav-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_deflate-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_disk_cache-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_file_cache-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ldap-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_mem_cache-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_proxy-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ssl-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-modules-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-source-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64apr0-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libapr0-2.0.48-6.9.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-common-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-devel-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-manual-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_cache-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_dav-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_deflate-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_disk_cache-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_file_cache-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_ldap-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_mem_cache-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_proxy-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-mod_ssl-2.0.50-4.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-modules-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-source-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"apache2-worker-2.0.50-7.3.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-common-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-devel-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-manual-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_cache-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_dav-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_deflate-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_disk_cache-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_file_cache-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_ldap-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_mem_cache-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_proxy-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-mod_ssl-2.0.53-8.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-modules-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-peruser-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-source-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"apache2-worker-2.0.53-9.1.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T14:34:53", "description": "This update includes version 2.0.53 of the Apache HTTP server, and also adds security fixes for CVE-2005-2088 and CVE-2005-1268.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-08-03T00:00:00", "type": "nessus", "title": "Fedora Core 3 : httpd-2.0.53-3.2 (2005-638)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:httpd-suexec", "p-cpe:/a:fedoraproject:fedora:mod_ssl", "cpe:/o:fedoraproject:fedora_core:3"], "id": "FEDORA_2005-638.NASL", "href": "https://www.tenable.com/plugins/nessus/19374", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-638.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19374);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-638\");\n\n script_name(english:\"Fedora Core 3 : httpd-2.0.53-3.2 (2005-638)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes version 2.0.53 of the Apache HTTP server, and\nalso adds security fixes for CVE-2005-2088 and CVE-2005-1268.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-August/001190.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7587611d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"httpd-2.0.53-3.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-debuginfo-2.0.53-3.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-devel-2.0.53-3.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-manual-2.0.53-3.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"httpd-suexec-2.0.53-3.2\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"mod_ssl-2.0.53-3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-suexec / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-04T14:38:15", "description": "Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server.\n\nWatchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header.\nThis caused Apache to incorrectly handle and forward the body of the request in a way that the receiving server processes it as a separate HTTP request. This could allow the bypass of Web application firewall protection or lead to cross-site scripting (XSS) attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-2088 to this issue.\n\nMarc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list (CRL). The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-1268 to this issue.\n\nUsers of Apache httpd should update to these errata packages that contain backported patches to correct these issues.", "cvss3": {}, "published": "2006-07-03T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : httpd (CESA-2005:582)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-suexec", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-582.NASL", "href": "https://www.tenable.com/plugins/nessus/21843", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:582 and \n# CentOS Errata and Security Advisory 2005:582 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21843);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1268\", \"CVE-2005-2088\");\n script_xref(name:\"RHSA\", value:\"2005:582\");\n\n script_name(english:\"CentOS 3 / 4 : httpd (CESA-2005:582)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages to correct two security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nWatchfire reported a flaw that occured when using the Apache server as\nan HTTP proxy. A remote attacker could send an HTTP request with both\na 'Transfer-Encoding: chunked' header and a 'Content-Length' header.\nThis caused Apache to incorrectly handle and forward the body of the\nrequest in a way that the receiving server processes it as a separate\nHTTP request. This could allow the bypass of Web application firewall\nprotection or lead to cross-site scripting (XSS) attacks. The Common\nVulnerabilities and Exposures project (cve.mitre.org) assigned the\nname CVE-2005-2088 to this issue.\n\nMarc Stern reported an off-by-one overflow in the mod_ssl CRL\nverification callback. In order to exploit this issue the Apache\nserver would need to be configured to use a malicious certificate\nrevocation list (CRL). The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) assigned the name CVE-2005-1268 to this issue.\n\nUsers of Apache httpd should update to these errata packages that\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011977.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84db8a52\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011978.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57ceed3e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011979.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b97dec32\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011980.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6657152d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011989.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?07c88b49\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-July/011993.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4dc5ae6e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"httpd-2.0.46-46.2.ent.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"httpd-devel-2.0.46-46.2.ent.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mod_ssl-2.0.46-46.2.ent.centos.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-2.0.52-12.1.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-devel-2.0.52-12.1.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-manual-2.0.52-12.1.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-suexec-2.0.52-12.1.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mod_ssl-2.0.52-12.1.ent.centos4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-04T14:34:42", "description": "Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list (CRL) handler. If Apache is configured to use a malicious CRL, this could possibly lead to a server crash or arbitrary code execution with the privileges of the Apache web server.\n(CAN-2005-1268)\n\nWatchfire discovered that Apache insufficiently verified the 'Transfer-Encoding' and 'Content-Length' headers when acting as an HTTP proxy. By sending a specially crafted HTTP request, a remote attacker who is authorized to use the proxy could exploit this to bypass web application firewalls, poison the HTTP proxy cache, and conduct cross-site scripting attacks against other proxy users.\n(CAN-2005-2088).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2006-01-15T00:00:00", "type": "nessus", "title": "Ubuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-doc", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "p-cpe:/a:canonical:ubuntu_linux:libapr0", "p-cpe:/a:canonical:ubuntu_linux:libapr0-dev", "cpe:/o:canonical:ubuntu_linux:4.10", "cpe:/o:canonical:ubuntu_linux:5.04"], "id": "UBUNTU_USN-160-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20565", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-160-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20565);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-1268\", \"CVE-2005-2088\");\n script_bugtraq_id(14106, 14366);\n script_xref(name:\"USN\", value:\"160-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marc Stern discovered a buffer overflow in the SSL module's\ncertificate revocation list (CRL) handler. If Apache is configured to\nuse a malicious CRL, this could possibly lead to a server crash or\narbitrary code execution with the privileges of the Apache web server.\n(CAN-2005-1268)\n\nWatchfire discovered that Apache insufficiently verified the\n'Transfer-Encoding' and 'Content-Length' headers when acting as an\nHTTP proxy. By sending a specially crafted HTTP request, a remote\nattacker who is authorized to use the proxy could exploit this to\nbypass web application firewalls, poison the HTTP proxy cache, and\nconduct cross-site scripting attacks against other proxy users.\n(CAN-2005-2088).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-common\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-doc\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-threadpool\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapr0\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libapr0-dev\", pkgver:\"2.0.50-12ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-common\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-doc\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-threadpool\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"apache2-utils\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapr0\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libapr0-dev\", pkgver:\"2.0.53-5ubuntu5.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-common / apache2-doc / apache2-mpm-perchild / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:37:07", "description": "This update for apache2 fixes the following issues :\n\n - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files.\n (bsc#1052830)\n\n - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed :\n\n - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added :\n\n - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.\n (bsc#1045061)\n\n - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062)\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065)\n\n - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2699", "CVE-2010-0425", "CVE-2012-0021", "CVE-2014-0118", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2907-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104270", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2907-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104270);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-2699\", \"CVE-2010-0425\", \"CVE-2012-0021\", \"CVE-2014-0118\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9798\");\n script_bugtraq_id(36596, 38494, 51705, 68745);\n\n script_name(english:\"SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for apache2 fixes the following issues :\n\n - Allow disabling SNI on proxy connections using 'SetEnv\n proxy-disable-sni 1' in the configuration files.\n (bsc#1052830)\n\n - Allow ECDH again in mod_ssl, it had been incorrectly\n disabled with the 2.2.34 update. (bsc#1064561) Following\n security issue has been fixed :\n\n - CVE-2017-9798: A use-after-free in the OPTIONS command\n could be used by attackers to disclose memory of the\n apache server process, when htaccess uses incorrect\n Limit statement. (bsc#1058058) Additionally, references\n to the following security issues, fixed by the previous\n version-update of apache2 to Apache HTTPD 2.2.34 have\n been added :\n\n - CVE-2017-7668: The HTTP strict parsing introduced a bug\n in token list parsing, which allowed ap_find_token() to\n search past the end of its input string. By maliciously\n crafting a sequence of request headers, an attacker may\n have be able to cause a segmentation fault, or to force\n ap_find_token() to return an incorrect value.\n (bsc#1045061)\n\n - CVE-2017-3169: mod_ssl may have de-referenced a NULL\n pointer when third-party modules call\n ap_hook_process_connection() during an HTTP request to\n an HTTPS port allowing for DoS. (bsc#1045062)\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by\n third-party modules outside of the authentication phase\n may have lead to authentication requirements being\n bypassed. (bsc#1045065)\n\n - CVE-2017-7679: mod_mime could have read one byte past\n the end of a buffer when sending a malicious\n Content-Type response header. (bsc#1045060)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2009-2699/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2010-0425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-0021/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7668/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7679/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172907-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?084963fe\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Studio Onsite 1.3:zypper in -t patch slestso13-apache2-13331=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-apache2-13331=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-apache2-13331=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-apache2-13331=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-apache2-13331=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-apache2-13331=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-apache2-13331=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-doc-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-example-pages-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-prefork-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-utils-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-worker-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-devel-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-doc-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-example-pages-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-prefork-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-utils-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-worker-2.2.34-70.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-29T00:20:36", "description": "The version of Symantec Content Analysis running on the remote host is prior to version 2.3.1.1. It is, therefore, affected by multiple vulnerabilities:\n\n - A vulnerability in Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. (CVE-2017-7679)\n\n - A vulnerability in Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. (CVE-2017-3169)", "cvss3": {}, "published": "2019-05-31T00:00:00", "type": "nessus", "title": "Symantec Content Analysis < 2.3.1.1 affected by Multiple Vulnerabilities (SYMSA1410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3169", "CVE-2017-7679"], "modified": "2019-10-30T00:00:00", "cpe": ["x-cpe:/h:symantec:content_analysis", "x-cpe:/h:bluecoat:content_analysis"], "id": "SYMANTEC_CONTENT_ANALYSIS_SYMSA1410.NASL", "href": "https://www.tenable.com/plugins/nessus/125637", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{ \n script_id(125637);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/30 13:24:46\");\n\n script_cve_id(\"CVE-2017-3169\", \"CVE-2017-7679\");\n script_bugtraq_id(99170, 99134);\n\n script_name(english:\"Symantec Content Analysis < 2.3.1.1 affected by Multiple Vulnerabilities (SYMSA1410)\");\n script_summary(english:\"Checks the version of Symantec Content Analysis\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n \"The remote host is running a version of Symantec Content Analysis that is\n affected by Multiple Vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n \"The version of Symantec Content Analysis running on the\n remote host is prior to version 2.3.1.1. It is, therefore,\n affected by multiple vulnerabilities:\n\n - A vulnerability in Apache httpd 2.2.x before 2.2.33\n and 2.4.x before 2.4.26, mod_mime can read one byte\n past the end of a buffer when sending a malicious\n Content-Type response header. (CVE-2017-7679)\n\n - A vulnerability in Apache httpd 2.2.x before 2.2.33\n and 2.4.x before 2.4.26, mod_ssl may dereference a\n NULL pointer when third-party modules call\n ap_hook_process_connection() during an HTTP request\n to an HTTPS port. (CVE-2017-3169)\");\n # https://support.symantec.com/en_US/article.SYMSA1410.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?db8511d5\");\n script_set_attribute(attribute:\"solution\", value:\n \"Refer to vendor advisory (Symantec SYMSA1410) for suggested\n workaround, or upgrade to an unaffected version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7679\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/h:symantec:content_analysis\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/h:bluecoat:content_analysis\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"symantec_content_analysis_local_detect.nbin\");\n script_require_keys(\"installed_sw/Symantec Content Analysis\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('vcf.inc');\n\napp_name = 'Symantec Content Analysis';\n\napp_info = vcf::get_app_info(app:app_name, port:0);\n\nconstraints = [\n {'min_version': '2.2', 'max_version': '2.3', 'fixed_display': 'Refer to vendor advisory.' },\n {'min_version': '2.3', 'fixed_version' : '2.3.1.1'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:45", "description": "An update of [httpd] packages for PhotonOS has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Httpd PHSA-2017-0027 (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-9788"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:httpd", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0027.NASL", "href": "https://www.tenable.com/plugins/nessus/111876", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0027. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111876);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-9788\");\n\n script_name(english:\"Photon OS 1.0: Httpd PHSA-2017-0027 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [httpd] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-57\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2153af12\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3167\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"httpd-2.4.27-1.ph1\",\n \"httpd-debuginfo-2.4.27-1.ph1\",\n \"httpd-devel-2.4.27-1.ph1\",\n \"httpd-docs-2.4.27-1.ph1\",\n \"httpd-tools-2.4.27-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:48:22", "description": "An update of the httpd package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Httpd PHSA-2017-0027", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-9788"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:httpd", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0027_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/121721", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0027. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121721);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-9788\");\n\n script_name(english:\"Photon OS 1.0: Httpd PHSA-2017-0027\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the httpd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-57.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3167\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-2.4.27-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-2.4.27-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-debuginfo-2.4.27-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-debuginfo-2.4.27-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-devel-2.4.27-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-devel-2.4.27-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-docs-2.4.27-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-docs-2.4.27-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-tools-2.4.27-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"httpd-tools-2.4.27-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:17:58", "description": "The remote host is missing the patch for the advisory SUSE-SA:2006:051 (apache2).\n\n\nThe web server Apache2 has been updated to fix several security issues:\n\nThe security fix for CVE-2005-3357 (denial of service) broke the earlier security fix for SSL verification (CVE-2005-2700). This problem has been corrected.\n\nAdditionally a cross site scripting bug with the 'Expect' header error reporting was fixed (CVE-2006-3918). The Apache foundation does not consider this a security problem.", "cvss3": {}, "published": "2007-02-18T00:00:00", "type": "nessus", "title": "SUSE-SA:2006:051: apache2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-2700", "CVE-2005-3357", "CVE-2006-3918"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "SUSE_SA_2006_051.NASL", "href": "https://www.tenable.com/plugins/nessus/24429", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:051\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(24429);\n script_version(\"1.10\");\n \n name[\"english\"] = \"SUSE-SA:2006:051: apache2\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2006:051 (apache2).\n\n\nThe web server Apache2 has been updated to fix several security issues:\n\nThe security fix for CVE-2005-3357 (denial of service) broke the\nearlier security fix for SSL verification (CVE-2005-2700). This\nproblem has been corrected.\n\nAdditionally a cross site scripting bug with the 'Expect' header error\nreporting was fixed (CVE-2006-3918). The Apache foundation does not\nconsider this a security problem.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.novell.com/linux/security/advisories/2006_51_apache.html\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\" );\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/02/18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the apache2 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"apache2-2.0.54-10.8\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.54-10.8\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.54-10.8\", release:\"SUSE10.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.50-7.17\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.50-7.17\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.50-7.17\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.53-9.15\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.53-9.15\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.53-9.15\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-11T14:26:15", "description": "Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA memory leak in the worker MPM could allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2970 to this issue. This vulnerability only affects users who are using the non-default worker MPM.\n\nA flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. (CVE-2005-3352)\n\nA NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the non-default worker MPM. (CVE-2005-3357)\n\nUsers of httpd should update to these erratum packages which contain backported patches to correct these issues along with some additional bugs.", "cvss3": {}, "published": "2006-07-03T00:00:00", "type": "nessus", "title": "CentOS 3 / 4 : httpd (CESA-2006:0159)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2970", "CVE-2005-3352", "CVE-2005-3357"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-suexec", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:3", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2006-0159.NASL", "href": "https://www.tenable.com/plugins/nessus/21884", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0159 and \n# CentOS Errata and Security Advisory 2006:0159 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21884);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2970\", \"CVE-2005-3352\", \"CVE-2005-3357\");\n script_bugtraq_id(15834, 16152);\n script_xref(name:\"RHSA\", value:\"2006:0159\");\n\n script_name(english:\"CentOS 3 / 4 : httpd (CESA-2006:0159)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that correct three security issues are\nnow available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA memory leak in the worker MPM could allow remote attackers to cause\na denial of service (memory consumption) via aborted connections,\nwhich prevents the memory for the transaction pool from being reused\nfor other connections. The Common Vulnerabilities and Exposures\nproject assigned the name CVE-2005-2970 to this issue. This\nvulnerability only affects users who are using the non-default worker\nMPM.\n\nA flaw in mod_imap when using the Referer directive with image maps\nwas discovered. With certain site configurations, a remote attacker\ncould perform a cross-site scripting attack if a victim can be forced\nto visit a malicious URL using certain web browsers. (CVE-2005-3352)\n\nA NULL pointer dereference flaw in mod_ssl was discovered affecting\nserver configurations where an SSL virtual host is configured with\naccess control and a custom 400 error document. A remote attacker\ncould send a carefully crafted request to trigger this issue which\nwould lead to a crash. This crash would only be a denial of service if\nusing the non-default worker MPM. (CVE-2005-3357)\n\nUsers of httpd should update to these erratum packages which contain\nbackported patches to correct these issues along with some additional\nbugs.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-January/012537.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74987a03\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-January/012538.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45a2e4c6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-January/012540.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e02190f2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-January/012541.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be8581ff\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-January/012542.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b4830549\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-January/012543.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?559e6b8d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"httpd-2.0.46-56.ent.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"httpd-devel-2.0.46-56.ent.centos.1\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"mod_ssl-2.0.46-56.ent.centos.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-2.0.52-22.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-devel-2.0.52-22.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-manual-2.0.52-22.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"httpd-suexec-2.0.52-22.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"mod_ssl-2.0.52-22.ent.centos4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-22T14:13:30", "description": "s700_800 11.X PA-RISC OV NNM7.51 Intermediate Patch 16 : \n\nPotential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code.", "cvss3": {}, "published": "2007-09-25T00:00:00", "type": "nessus", "title": "HP-UX PHSS_36385 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3352", "CVE-2005-3357", "CVE-2006-3747"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_36385.NASL", "href": "https://www.tenable.com/plugins/nessus/26154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_36385. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26154);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\", \"CVE-2006-3747\");\n script_bugtraq_id(15834, 16152, 19204);\n script_xref(name:\"HP\", value:\"emr_na-c01428449\");\n script_xref(name:\"HP\", value:\"SSRT071293\");\n\n script_name(english:\"HP-UX PHSS_36385 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X PA-RISC OV NNM7.51 Intermediate Patch 16 : \n\nPotential vulnerabilities have been identified with HP OpenView\nNetwork Node Manager (OV NNM) running Apache. These vulnerabilities\ncould be exploited remotely resulting in cross site scripting (XSS),\nDenial of Service (DoS), or execution of arbitrary code.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69af359a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_36385 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Module mod_rewrite LDAP Protocol Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/18\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.00 11.11 11.23 11.31\", proc:\"parisc\"))\n{\n exit(0, \"The host is not affected since PHSS_36385 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_36385\", \"PHSS_36901\", \"PHSS_37273\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-DOC-REUS\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVSNMP-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVEVENTMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVSNMP-MIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVWIN-MAN\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-22T14:13:13", "description": "s700_800 11.X IA-64 OV NNM7.51 Intermediate Patch 16 : \n\nPotential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or execution of arbitrary code.", "cvss3": {}, "published": "2007-09-25T00:00:00", "type": "nessus", "title": "HP-UX PHSS_36386 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3352", "CVE-2005-3357", "CVE-2006-3747"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHSS_36386.NASL", "href": "https://www.tenable.com/plugins/nessus/26155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHSS_36386. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26155);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2005-3357\", \"CVE-2006-3747\");\n script_bugtraq_id(15834, 16152, 19204);\n script_xref(name:\"HP\", value:\"emr_na-c01428449\");\n script_xref(name:\"HP\", value:\"SSRT071293\");\n\n script_name(english:\"HP-UX PHSS_36386 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.X IA-64 OV NNM7.51 Intermediate Patch 16 : \n\nPotential vulnerabilities have been identified with HP OpenView\nNetwork Node Manager (OV NNM) running Apache. These vulnerabilities\ncould be exploited remotely resulting in cross site scripting (XSS),\nDenial of Service (DoS), or execution of arbitrary code.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?69af359a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHSS_36386 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Module mod_rewrite LDAP Protocol Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/07/18\");\n script_set_attribute(attribute:\"patch_modification_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/25\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.23 11.31\", proc:\"ia64\"))\n{\n exit(0, \"The host is not affected since PHSS_36386 applies to a different OS release / architecture.\");\n}\n\npatches = make_list(\"PHSS_36386\", \"PHSS_36902\", \"PHSS_37274\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-CORE\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PD\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMETCore.OVNNMET-PESA\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVMIB-CONTRIB\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNM-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVNNMGR-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVRPT-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-JPN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-KOR\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgr.OVWWW-SCH\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrMan.OVNNM-RUN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-DOC-REUS\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVNNMgrRtDOC.OVNNM-ENG-DOC\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVDB-RUN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVEVENT-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVMIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVSNMP-MIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWIN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-EVNT\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-FW\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatform.OVWWW-SRV\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVEVENTMIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVSNMP-MIN-MAN\", version:\"B.07.50.00\")) flag++;\nif (hpux_check_patch(app:\"OVPlatformMan.OVWIN-MAN\", version:\"B.07.50.00\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:21:21", "description": "This update includes fixes for three security issues in the Apache HTTP Server.\n\nA memory leak in the worker MPM could allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2970 to this issue. This vulnerability only affects users who are using the non-default worker MPM.\n\nA flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. (CVE-2005-3352)\n\nA NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the non-default worker MPM. (CVE-2005-3357)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2006-01-21T00:00:00", "type": "nessus", "title": "Fedora Core 4 : httpd-2.0.54-10.3 (2006-052)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2970", "CVE-2005-3352", "CVE-2005-3357"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:mod_ssl", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2006-052.NASL", "href": "https://www.tenable.com/plugins/nessus/20757", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2006-052.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20757);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2005-2970\", \"CVE-2005-3352\", \"CVE-2005-3357\");\n script_xref(name:\"FEDORA\", value:\"2006-052\");\n\n script_name(english:\"Fedora Core 4 : httpd-2.0.54-10.3 (2006-052)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes fixes for three security issues in the Apache\nHTTP Server.\n\nA memory leak in the worker MPM could allow remote attackers to cause\na denial of service (memory consumption) via aborted connections,\nwhich prevents the memory for the transaction pool from being reused\nfor other connections. The Common Vulnerabilities and Exposures\nproject assigned the name CVE-2005-2970 to this issue. This\nvulnerability only affects users who are using the non-default worker\nMPM.\n\nA flaw in mod_imap when using the Referer directive with image maps\nwas discovered. With certain site configurations, a remote attacker\ncould perform a cross-site scripting attack if a victim can be forced\nto visit a malicious URL using certain web browsers. (CVE-2005-3352)\n\nA NULL pointer dereference flaw in mod_ssl was discovered affecting\nserver configurations where an SSL virtual host is configured with\naccess control and a custom 400 error document. A remote attacker\ncould send a carefully crafted request to trigger this issue which\nwould lead to a crash. This crash would only be a denial of service if\nusing the non-default worker MPM. (CVE-2005-3357)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2006-January/001765.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68f387ab\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"httpd-2.0.54-10.3\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"httpd-debuginfo-2.0.54-10.3\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"httpd-devel-2.0.54-10.3\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"httpd-manual-2.0.54-10.3\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"mod_ssl-2.0.54-10.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 5.4, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:21:12", "description": "Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA memory leak in the worker MPM could allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2970 to this issue. This vulnerability only affects users who are using the non-default worker MPM.\n\nA flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. (CVE-2005-3352)\n\nA NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the non-default worker MPM. (CVE-2005-3357)\n\nUsers of httpd should update to these erratum packages which contain backported patches to correct these issues along with some additional bugs.", "cvss3": {}, "published": "2006-01-11T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 : httpd (RHSA-2006:0159)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2970", "CVE-2005-3352", "CVE-2005-3357"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-suexec", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2006-0159.NASL", "href": "https://www.tenable.com/plugins/nessus/20398", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0159. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20398);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2970\", \"CVE-2005-3352\", \"CVE-2005-3357\");\n script_bugtraq_id(15834, 16152);\n script_xref(name:\"RHSA\", value:\"2006:0159\");\n\n script_name(english:\"RHEL 3 / 4 : httpd (RHSA-2006:0159)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that correct three security issues are\nnow available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA memory leak in the worker MPM could allow remote attackers to cause\na denial of service (memory consumption) via aborted connections,\nwhich prevents the memory for the transaction pool from being reused\nfor other connections. The Common Vulnerabilities and Exposures\nproject assigned the name CVE-2005-2970 to this issue. This\nvulnerability only affects users who are using the non-default worker\nMPM.\n\nA flaw in mod_imap when using the Referer directive with image maps\nwas discovered. With certain site configurations, a remote attacker\ncould perform a cross-site scripting attack if a victim can be forced\nto visit a malicious URL using certain web browsers. (CVE-2005-3352)\n\nA NULL pointer dereference flaw in mod_ssl was discovered affecting\nserver configurations where an SSL virtual host is configured with\naccess control and a custom 400 error document. A remote attacker\ncould send a carefully crafted request to trigger this issue which\nwould lead to a crash. This crash would only be a denial of service if\nusing the non-default worker MPM. (CVE-2005-3357)\n\nUsers of httpd should update to these erratum packages which contain\nbackported patches to correct these issues along with some additional\nbugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-3357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0159\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\

NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)

Description

Related