| Reporter | Title | Published | Views | Family All 119 |
|---|---|---|---|---|
| Security Bulletin: Vulnerability CVE-2018-11763 in the IBM i HTTP Server affects IBM i. | 18 Dec 201914:26 | – | ibm | |
| Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat and Apache HTTP Server (CVE-2018-11763; CVE-2018-11784) | 15 Nov 201817:45 | – | ibm | |
| Amazon Linux 2 : mod_http2 (ALAS-2018-1104) | 9 Nov 201800:00 | – | nessus | |
| Amazon Linux 2 : httpd (ALAS-2019-1155) | 25 Jan 201900:00 | – | nessus | |
| Amazon Linux AMI : httpd24 (ALAS-2018-1104) | 17 Dec 201800:00 | – | nessus | |
| Apache 2.4.x < 2.4.35 DoS | 27 Sep 201800:00 | – | nessus | |
| EulerOS Virtualization for ARM 64 3.0.3.0 : httpd (EulerOS-SA-2019-2311) | 3 Dec 201900:00 | – | nessus | |
| Fedora 28 : mod_http2 (2018-6ffb18592f) | 3 Jan 201900:00 | – | nessus | |
| Fedora 29 : mod_http2 (2018-9cdbb641f9) | 3 Jan 201900:00 | – | nessus | |
| Fedora 27 : mod_http2 (2018-bb9d24c82d) | 22 Oct 201800:00 | – | nessus |
| Source | Link |
|---|---|
| bugzilla | www.bugzilla.opensuse.org/show_bug.cgi |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-1378.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(118875);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/03/24");
script_cve_id("CVE-2018-11763");
script_name(english:"openSUSE Security Update : apache2 (openSUSE-2018-1378)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for apache2 fixes the following issues :
Security issues fixed :
- CVE-2018-11763: In Apache HTTP Server by sending
continuous, large SETTINGS frames a client can occupy a
connection, server thread and CPU time without any
connection timeout coming to effect. This affects only
HTTP/2 connections. (bsc#1109961)
This update was imported from the SUSE:SLE-12-SP2:Update update
project.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109961");
script_set_attribute(attribute:"solution", value:
"Update the affected apache2 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-11763");
script_set_attribute(attribute:"cvss3_score_rationale", value:"Scoring adjustsed to align with CVSS 3.1 attack complexity guidance.");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2018/11/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-event-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-example-pages");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-debuginfo-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-debugsource-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-devel-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-event-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-event-debuginfo-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-example-pages-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-prefork-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-prefork-debuginfo-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-utils-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-utils-debuginfo-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-worker-2.4.23-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"apache2-worker-debuginfo-2.4.23-31.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation