ID REDHAT-RHSA-2004-463.NASL Type nessus Reporter This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2004-09-15T00:00:00
Description
Updated httpd packages that include fixes for security issues are now
available.
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.
Four issues have been discovered affecting releases of the Apache HTTP
2.0 Server, up to and including version 2.0.50 :
Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util
library. If a remote attacker sent a request including a carefully
crafted URI, an httpd child process could be made to crash. This issue
is not believed to allow arbitrary code execution on Red Hat
Enterprise Linux. This issue also does not represent a significant
denial of service attack as requests will continue to be handled by
other Apache child processes. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0786 to this
issue.
The Swedish IT Incident Centre (SITIC) reported a buffer overflow in
the expansion of environment variables during configuration file
parsing. This issue could allow a local user to gain 'apache'
privileges if an httpd process can be forced to parse a carefully
crafted .htaccess file written by a local user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0747 to this issue.
An issue was discovered in the mod_ssl module which could be triggered
if the server is configured to allow proxying to a remote SSL server.
A malicious remote SSL server could force an httpd child process to
crash by sending a carefully crafted response header. This issue is
not believed to allow execution of arbitrary code. This issue also
does not represent a significant Denial of Service attack as requests
will continue to be handled by other Apache child processes. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0751 to this issue.
An issue was discovered in the mod_dav module which could be triggered
for a location where WebDAV authoring access has been configured. A
malicious remote client which is authorized to use the LOCK method
could force an httpd child process to crash by sending a particular
sequence of LOCK requests. This issue does not allow execution of
arbitrary code. This issue also does not represent a significant
Denial of Service attack as requests will continue to be handled by
other Apache child processes. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0809 to this
issue.
Users of the Apache HTTP server should upgrade to these updated
packages, which contain backported patches that address these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2004:463. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14736);
script_version("1.29");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2004-0747", "CVE-2004-0751", "CVE-2004-0786", "CVE-2004-0809");
script_xref(name:"RHSA", value:"2004:463");
script_name(english:"RHEL 3 : httpd (RHSA-2004:463)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated httpd packages that include fixes for security issues are now
available.
The Apache HTTP server is a powerful, full-featured, efficient, and
freely-available Web server.
Four issues have been discovered affecting releases of the Apache HTTP
2.0 Server, up to and including version 2.0.50 :
Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util
library. If a remote attacker sent a request including a carefully
crafted URI, an httpd child process could be made to crash. This issue
is not believed to allow arbitrary code execution on Red Hat
Enterprise Linux. This issue also does not represent a significant
denial of service attack as requests will continue to be handled by
other Apache child processes. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0786 to this
issue.
The Swedish IT Incident Centre (SITIC) reported a buffer overflow in
the expansion of environment variables during configuration file
parsing. This issue could allow a local user to gain 'apache'
privileges if an httpd process can be forced to parse a carefully
crafted .htaccess file written by a local user. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0747 to this issue.
An issue was discovered in the mod_ssl module which could be triggered
if the server is configured to allow proxying to a remote SSL server.
A malicious remote SSL server could force an httpd child process to
crash by sending a carefully crafted response header. This issue is
not believed to allow execution of arbitrary code. This issue also
does not represent a significant Denial of Service attack as requests
will continue to be handled by other Apache child processes. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0751 to this issue.
An issue was discovered in the mod_dav module which could be triggered
for a location where WebDAV authoring access has been configured. A
malicious remote client which is authorized to use the LOCK method
could force an httpd child process to crash by sending a particular
sequence of LOCK requests. This issue does not allow execution of
arbitrary code. This issue also does not represent a significant
Denial of Service attack as requests will continue to be handled by
other Apache child processes. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0809 to this
issue.
Users of the Apache HTTP server should upgrade to these updated
packages, which contain backported patches that address these issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-0747"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-0751"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-0786"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2004-0809"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2004:463"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected httpd, httpd-devel and / or mod_ssl packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/16");
script_set_attribute(attribute:"patch_publication_date", value:"2004/09/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2004:463";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL3", reference:"httpd-2.0.46-40.ent")) flag++;
if (rpm_check(release:"RHEL3", reference:"httpd-devel-2.0.46-40.ent")) flag++;
if (rpm_check(release:"RHEL3", reference:"mod_ssl-2.0.46-40.ent")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / mod_ssl");
}
}
{"id": "REDHAT-RHSA-2004-463.NASL", "bulletinFamily": "scanner", "title": "RHEL 3 : httpd (RHSA-2004:463)", "description": "Updated httpd packages that include fixes for security issues are now\navailable.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nFour issues have been discovered affecting releases of the Apache HTTP\n2.0 Server, up to and including version 2.0.50 :\n\nTesting using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util\nlibrary. If a remote attacker sent a request including a carefully\ncrafted URI, an httpd child process could be made to crash. This issue\nis not believed to allow arbitrary code execution on Red Hat\nEnterprise Linux. This issue also does not represent a significant\ndenial of service attack as requests will continue to be handled by\nother Apache child processes. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0786 to this\nissue.\n\nThe Swedish IT Incident Centre (SITIC) reported a buffer overflow in\nthe expansion of environment variables during configuration file\nparsing. This issue could allow a local user to gain 'apache'\nprivileges if an httpd process can be forced to parse a carefully\ncrafted .htaccess file written by a local user. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0747 to this issue.\n\nAn issue was discovered in the mod_ssl module which could be triggered\nif the server is configured to allow proxying to a remote SSL server.\nA malicious remote SSL server could force an httpd child process to\ncrash by sending a carefully crafted response header. This issue is\nnot believed to allow execution of arbitrary code. This issue also\ndoes not represent a significant Denial of Service attack as requests\nwill continue to be handled by other Apache child processes. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0751 to this issue.\n\nAn issue was discovered in the mod_dav module which could be triggered\nfor a location where WebDAV authoring access has been configured. A\nmalicious remote client which is authorized to use the LOCK method\ncould force an httpd child process to crash by sending a particular\nsequence of LOCK requests. This issue does not allow execution of\narbitrary code. This issue also does not represent a significant\nDenial of Service attack as requests will continue to be handled by\nother Apache child processes. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0809 to this\nissue.\n\nUsers of the Apache HTTP server should upgrade to these updated\npackages, which contain backported patches that address these issues.", "published": "2004-09-15T00:00:00", "modified": "2004-09-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/14736", "reporter": "This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/errata/RHSA-2004:463", "https://access.redhat.com/security/cve/cve-2004-0809", "https://access.redhat.com/security/cve/cve-2004-0747", "https://access.redhat.com/security/cve/cve-2004-0786", "https://access.redhat.com/security/cve/cve-2004-0751"], "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0809", "CVE-2004-0751"], "type": "nessus", "lastseen": "2021-01-17T13:05:20", "edition": 28, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2004:463"]}, {"type": "cve", "idList": ["CVE-2004-0809", "CVE-2004-0786", "CVE-2004-0751", "CVE-2004-0747"]}, {"type": "gentoo", "idList": ["GLSA-200409-21"]}, {"type": "openvas", "idList": ["OPENVAS:52390", "OPENVAS:52388", "OPENVAS:136141256231065296", "OPENVAS:100172", "OPENVAS:54677", "OPENVAS:1361412562310100172", "OPENVAS:136141256231065249", "OPENVAS:835139", "OPENVAS:53248", "OPENVAS:1361412562310835139"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6815", "SECURITYVULNS:DOC:6814", "SECURITYVULNS:DOC:6813", "SECURITYVULNS:DOC:6936"]}, {"type": "nessus", "idList": ["FEDORA_2004-307.NASL", "FREEBSD_PKG_762D1C6D072211D9B45D000C41E2CDAD.NASL", "APACHE_2_0_51.NASL", "SUSE_SA_2004_032.NASL", "FEDORA_2004-308.NASL", "FREEBSD_PKG_4D49F4BA071F11D9B45D000C41E2CDAD.NASL", "FEDORA_2004-313.NASL", "FREEBSD_APACHE_2050_3.NASL", "GENTOO_GLSA-200409-21.NASL", "MANDRAKE_MDKSA-2004-096.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:9742", "OSVDB:9994", "OSVDB:9991", "OSVDB:9948"]}, {"type": "exploitdb", "idList": ["EDB-ID:24590"]}, {"type": "httpd", "idList": ["HTTPD:46997819411545865398807DEDBBDC96", "HTTPD:FA00EE6E5A32CC9AB0A435F425709933", "HTTPD:3CEA6CCB69756204EF98DE1CEC6D7A01", "HTTPD:13D36299E5ED3B39307152B80814F2BB", "HTTPD:FF6707403F89E77CD90F095B4014299E", "HTTPD:46E4810FE9B02B1970314436CCC68D9E", "HTTPD:F2854D56B4FE7591DFABBB5F99E48E1C", "HTTPD:13C285F77BE7E2D2180BC3CD56ACD3DE"]}, {"type": "freebsd", "idList": ["762D1C6D-0722-11D9-B45D-000C41E2CDAD", "7B81FC47-239F-11D9-814E-0001020EED82", "4D49F4BA-071F-11D9-B45D-000C41E2CDAD", "013FA252-0724-11D9-B45D-000C41E2CDAD"]}, {"type": "cert", "idList": ["VU:481998"]}, {"type": "debian", "idList": ["DEBIAN:DSA-558-1:36010"]}, {"type": "suse", "idList": ["SUSE-SA:2004:030", "SUSE-SA:2004:032"]}], "modified": "2021-01-17T13:05:20", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2021-01-17T13:05:20", "rev": 2}, "vulnersScore": 8.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:463. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14736);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_xref(name:\"RHSA\", value:\"2004:463\");\n\n script_name(english:\"RHEL 3 : httpd (RHSA-2004:463)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that include fixes for security issues are now\navailable.\n\nThe Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nFour issues have been discovered affecting releases of the Apache HTTP\n2.0 Server, up to and including version 2.0.50 :\n\nTesting using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util\nlibrary. If a remote attacker sent a request including a carefully\ncrafted URI, an httpd child process could be made to crash. This issue\nis not believed to allow arbitrary code execution on Red Hat\nEnterprise Linux. This issue also does not represent a significant\ndenial of service attack as requests will continue to be handled by\nother Apache child processes. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0786 to this\nissue.\n\nThe Swedish IT Incident Centre (SITIC) reported a buffer overflow in\nthe expansion of environment variables during configuration file\nparsing. This issue could allow a local user to gain 'apache'\nprivileges if an httpd process can be forced to parse a carefully\ncrafted .htaccess file written by a local user. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0747 to this issue.\n\nAn issue was discovered in the mod_ssl module which could be triggered\nif the server is configured to allow proxying to a remote SSL server.\nA malicious remote SSL server could force an httpd child process to\ncrash by sending a carefully crafted response header. This issue is\nnot believed to allow execution of arbitrary code. This issue also\ndoes not represent a significant Denial of Service attack as requests\nwill continue to be handled by other Apache child processes. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2004-0751 to this issue.\n\nAn issue was discovered in the mod_dav module which could be triggered\nfor a location where WebDAV authoring access has been configured. A\nmalicious remote client which is authorized to use the LOCK method\ncould force an httpd child process to crash by sending a particular\nsequence of LOCK requests. This issue does not allow execution of\narbitrary code. This issue also does not represent a significant\nDenial of Service attack as requests will continue to be handled by\nother Apache child processes. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CVE-2004-0809 to this\nissue.\n\nUsers of the Apache HTTP server should upgrade to these updated\npackages, which contain backported patches that address these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:463\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd, httpd-devel and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:463\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-40.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-40.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "14736", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "scheme": null}
{"redhat": [{"lastseen": "2019-08-13T18:44:44", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0747", "CVE-2004-0751", "CVE-2004-0786", "CVE-2004-0809"], "description": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nFour issues have been discovered affecting releases of the Apache HTTP 2.0\nServer, up to and including version 2.0.50:\n\nTesting using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util library. \nIf a remote attacker sent a request including a carefully crafted URI, an\nhttpd child process could be made to crash. This issue is not believed to\nallow arbitrary code execution on Red Hat Enterprise Linux. This issue\nalso does not represent a significant denial of service attack as requests\nwill continue to be handled by other Apache child processes. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0786 to this issue.\n\nThe Swedish IT Incident Centre (SITIC) reported a buffer overflow in the\nexpansion of environment variables during configuration file parsing. This\nissue could allow a local user to gain 'apache' privileges if an httpd\nprocess can be forced to parse a carefully crafted .htaccess file written\nby a local user. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-0747 to this issue.\n\nAn issue was discovered in the mod_ssl module which could be triggered if\nthe server is configured to allow proxying to a remote SSL server. A\nmalicious remote SSL server could force an httpd child process to crash by\nsending a carefully crafted response header. This issue is not believed to\nallow execution of arbitrary code. This issue also does not represent a\nsignificant Denial of Service attack as requests will continue to be\nhandled by other Apache child processes. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0751 to\nthis issue.\n\nAn issue was discovered in the mod_dav module which could be triggered for\na location where WebDAV authoring access has been configured. A malicious\nremote client which is authorized to use the LOCK method could force an\nhttpd child process to crash by sending a particular sequence of LOCK\nrequests. This issue does not allow execution of arbitrary code. This\nissue also does not represent a significant Denial of Service attack as\nrequests will continue to be handled by other Apache child processes. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has assigned\nthe name CAN-2004-0809 to this issue. \n\nUsers of the Apache HTTP server should upgrade to these updated packages,\nwhich contain backported patches that address these issues.", "modified": "2017-07-29T20:32:43", "published": "2004-09-15T04:00:00", "id": "RHSA-2004:463", "href": "https://access.redhat.com/errata/RHSA-2004:463", "type": "redhat", "title": "(RHSA-2004:463) httpd security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2020-10-03T11:33:39", "description": "The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.", "edition": 5, "cvss3": {}, "published": "2004-10-20T04:00:00", "title": "CVE-2004-0786", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0786"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/a:apache:http_server:2.0.40", "cpe:/a:apache:http_server:2.0.39", "cpe:/a:apache:http_server:2.0.32", "cpe:/a:apache:http_server:2.0.38", "cpe:/a:apache:http_server:2.0.35", "cpe:/a:apache:http_server:2.0.49", "cpe:/a:apache:http_server:2.0", "cpe:/a:apache:http_server:2.0.50", "cpe:/a:apache:http_server:2.0.28", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:apache:http_server:2.0.46", "cpe:/a:apache:http_server:2.0.45", "cpe:/a:apache:http_server:2.0.41", "cpe:/a:apache:http_server:2.0.44", "cpe:/a:apache:http_server:2.0.37", "cpe:/a:apache:http_server:2.0.43", "cpe:/a:apache:http_server:2.0.47", "cpe:/a:apache:http_server:2.0.36", "cpe:/a:apache:http_server:2.0.42"], "id": "CVE-2004-0786", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0786", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:33:39", "description": "The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).", "edition": 5, "cvss3": {}, "published": "2004-10-20T04:00:00", "title": "CVE-2004-0751", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0751"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/a:apache:http_server:2.0.40", "cpe:/a:apache:http_server:2.0.39", "cpe:/a:apache:http_server:2.0.32", "cpe:/a:apache:http_server:2.0.38", "cpe:/a:apache:http_server:2.0.35", "cpe:/a:apache:http_server:2.0.49", "cpe:/a:apache:http_server:2.0", "cpe:/a:apache:http_server:2.0.50", "cpe:/a:apache:http_server:2.0.28", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:apache:http_server:2.0.46", "cpe:/a:apache:http_server:2.0.45", "cpe:/a:apache:http_server:2.0.41", "cpe:/a:apache:http_server:2.0.44", "cpe:/a:apache:http_server:2.0.37", "cpe:/a:apache:http_server:2.0.43", "cpe:/a:apache:http_server:2.0.47", "cpe:/a:apache:http_server:2.0.36", "cpe:/a:apache:http_server:2.0.42"], "id": "CVE-2004-0751", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0751", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:33:39", "description": "Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.", "edition": 5, "cvss3": {}, "published": "2004-10-20T04:00:00", "title": "CVE-2004-0747", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0747"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/a:apache:http_server:2.0.40", "cpe:/a:apache:http_server:2.0.39", "cpe:/a:apache:http_server:2.0.32", "cpe:/a:apache:http_server:2.0.38", "cpe:/a:apache:http_server:2.0.35", "cpe:/a:apache:http_server:2.0.49", "cpe:/a:apache:http_server:2.0", "cpe:/a:apache:http_server:2.0.50", "cpe:/a:apache:http_server:2.0.28", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:apache:http_server:2.0.46", "cpe:/a:apache:http_server:2.0.45", "cpe:/a:apache:http_server:2.0.41", "cpe:/a:apache:http_server:2.0.44", "cpe:/a:apache:http_server:2.0.37", "cpe:/a:apache:http_server:2.0.43", "cpe:/a:apache:http_server:2.0.47", "cpe:/a:apache:http_server:2.0.36", "cpe:/a:apache:http_server:2.0.42"], "id": "CVE-2004-0747", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0747", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:33:39", "description": "The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.", "edition": 5, "cvss3": {}, "published": "2004-09-16T04:00:00", "title": "CVE-2004-0809", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0809"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/o:trustix:secure_linux:2.0", "cpe:/o:conectiva:linux:9.0", "cpe:/o:hp:hp-ux:11.11", "cpe:/a:hp:secure_web_server_for_tru64:4.0_f", "cpe:/a:hp:secure_web_server_for_tru64:5.8.1", "cpe:/a:hp:secure_web_server_for_tru64:5.1", "cpe:/o:hp:hp-ux:11.22", "cpe:/a:hp:secure_web_server_for_tru64:6.3.0", "cpe:/o:trustix:secure_linux:2.1", "cpe:/a:apache:http_server:2.0.50", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:hp:hp-ux:11.23", "cpe:/o:redhat:enterprise_linux:3.0", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "cpe:/o:turbolinux:turbolinux_desktop:10.0", "cpe:/a:hp:secure_web_server_for_tru64:5.9.1", "cpe:/a:hp:secure_web_server_for_tru64:5.1_a", "cpe:/a:hp:secure_web_server_for_tru64:5.0_a", "cpe:/o:gentoo:linux:1.4", "cpe:/o:redhat:enterprise_linux_desktop:3.0", "cpe:/o:hp:hp-ux:11.00", "cpe:/a:hp:secure_web_server_for_tru64:5.8.2", "cpe:/o:turbolinux:turbolinux_home:*", "cpe:/a:hp:secure_web_server_for_tru64:4.0_g", "cpe:/a:apache:http_server:2.0.47", "cpe:/a:hp:secure_web_server_for_tru64:5.9.2", "cpe:/o:turbolinux:turbolinux_server:10.0", "cpe:/o:conectiva:linux:10.0"], "id": "CVE-2004-0809", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0809", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:hp:secure_web_server_for_tru64:5.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*", "cpe:2.3:a:hp:secure_web_server_for_tru64:5.1_a:*:*:*:*:*:*:*", "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*", "cpe:2.3:o:turbolinux:turbolinux_home:*:*:*:*:*:*:*:*", "cpe:2.3:a:hp:secure_web_server_for_tru64:5.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "cpe:2.3:a:hp:secure_web_server_for_tru64:5.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:hp:secure_web_server_for_tru64:6.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:secure_web_server_for_tru64:4.0_g:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*", "cpe:2.3:a:hp:secure_web_server_for_tru64:5.0_a:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", "cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:hp:secure_web_server_for_tru64:5.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "cpe:2.3:a:hp:secure_web_server_for_tru64:4.0_f:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:hp:secure_web_server_for_tru64:5.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:turbolinux:turbolinux_server:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*", "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0809", "CVE-2004-0751"], "description": "### Background\n\nThe Apache HTTP server is one of most popular web servers on the internet. mod_ssl provides SSL v2/v3 and TLS v1 support for it and mod_dav is the Apache module for Distributed Authoring and Versioning (DAV). \n\n### Description\n\nA potential infinite loop has been found in the input filter of mod_ssl (CAN-2004-0748) as well as a possible segmentation fault in the char_buffer_read function if reverse proxying to a SSL server is being used (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can be triggered remotely (CAN-2004-0809). The third issue is an input validation error found in the IPv6 URI parsing routines within the apr-util library (CAN-2004-0786). Additionally a possible buffer overflow has been reported when expanding environment variables during the parsing of configuration files (CAN-2004-0747). \n\n### Impact\n\nA remote attacker could cause a Denial of Service either by aborting a SSL connection in a special way, resulting in CPU consumption, by exploiting the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker could also crash a httpd child process by sending a specially crafted URI. The last vulnerabilty could be used by a local user to gain the privileges of a httpd child, if the server parses a carefully prepared .htaccess file. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Apache 2 users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=www-servers/apache-2.0.51\"\n # emerge \">=www-servers/apache-2.0.51\"\n\nAll mod_dav users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=net-www/mod_dav-1.0.3-r2\"\n # emerge \">=net-www/mod_dav-1.0.3-r2\"", "edition": 1, "modified": "2007-12-30T00:00:00", "published": "2004-09-16T00:00:00", "id": "GLSA-200409-21", "href": "https://security.gentoo.org/glsa/200409-21", "type": "gentoo", "title": "Apache 2, mod_dav: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0809", "CVE-2004-0751"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200409-21.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54677", "href": "http://plugins.openvas.org/nasl.php?oid=54677", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200409-21 (apache)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been found in Apache 2 and mod_dav for Apache\n1.3 which could allow a remote attacker to cause a Denial of Service or a\nlocal user to get escalated privileges.\";\ntag_solution = \"All Apache 2 users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=net-www/apache-2.0.51'\n # emerge '>=net-www/apache-2.0.51'\n\nAll mod_dav users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=net-www/mod_dav-1.0.3-r2'\n # emerge '>=net-www/mod_dav-1.0.3-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-21\nhttp://bugs.gentoo.org/show_bug.cgi?id=62626\nhttp://bugs.gentoo.org/show_bug.cgi?id=63948\nhttp://bugs.gentoo.org/show_bug.cgi?id=64145\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200409-21.\";\n\n \n\nif(description)\n{\n script_id(54677);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200409-21 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/apache\", unaffected: make_list(\"ge 2.0.51\", \"lt 2.0\"), vulnerable: make_list(\"lt 2.0.51\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"net-www/mod_dav\", unaffected: make_list(\"ge 1.0.3-r2\"), vulnerable: make_list(\"le 1.0.3-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0809", "CVE-2004-0811", "CVE-2004-0751"], "description": "Check for the Version of Apache with PHP", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835139", "href": "http://plugins.openvas.org/nasl.php?oid=835139", "type": "openvas", "title": "HP-UX Update for Apache with PHP HPSBUX01090", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache with PHP HPSBUX01090\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote denial of service\n local increase in privilege\";\ntag_affected = \"Apache with PHP on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the currently supported \n versions of hpuxwsAPACHE HP-UX\";\ntag_insight = \"Several potential security vulnerabilities have been identified inApache Web \n Server and PHP running on HP-UX where a remoteuser may be able to cause a \n Denial of Service (DoS), obtainlocal elevation of privileges or gain \n unauthorized access torestricted resources.<br\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00901851-2\");\n script_id(835139);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01090\");\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\", \"CVE-2004-0811\");\n script_name( \"HP-UX Update for Apache with PHP HPSBUX01090\");\n\n script_summary(\"Check for the Version of Apache with PHP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.52.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.52.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.52.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.52.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0809", "CVE-2004-0811", "CVE-2004-0751"], "description": "Check for the Version of Apache with PHP", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835139", "type": "openvas", "title": "HP-UX Update for Apache with PHP HPSBUX01090", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache with PHP HPSBUX01090\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote denial of service\n local increase in privilege\";\ntag_affected = \"Apache with PHP on\n HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 running the currently supported \n versions of hpuxwsAPACHE HP-UX\";\ntag_insight = \"Several potential security vulnerabilities have been identified inApache Web \n Server and PHP running on HP-UX where a remoteuser may be able to cause a \n Denial of Service (DoS), obtainlocal elevation of privileges or gain \n unauthorized access torestricted resources.<br\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00901851-2\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835139\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"HPSBUX\", value: \"01090\");\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\", \"CVE-2004-0811\");\n script_name( \"HP-UX Update for Apache with PHP HPSBUX01090\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache with PHP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.00\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.52.00\", rls:\"HPUX11.00\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.52.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.52.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.52.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-15T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52388", "href": "http://plugins.openvas.org/nasl.php?oid=52388", "type": "openvas", "title": "FreeBSD Ports: apache", "sourceData": "#\n#VID 762d1c6d-0722-11d9-b45d-000c41e2cdad\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apache\n\nCVE-2004-0786\nThe IPv6 URI parsing routines in the apr-util library for Apache\n2.0.50 and earlier allow remote attackers to cause a denial of service\n(child process crash) via a certain URI, as demonstrated using the\nCodenomicon HTTP Test Tool.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://httpd.apache.org\nhttp://www.vuxml.org/freebsd/762d1c6d-0722-11d9-b45d-000c41e2cdad.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52388);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0786\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0\")>=0 && revcomp(a:bver, b:\"2.0.50_3\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0747"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-15T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52390", "href": "http://plugins.openvas.org/nasl.php?oid=52390", "type": "openvas", "title": "FreeBSD Ports: apache", "sourceData": "#\n#VID 4d49f4ba-071f-11d9-b45d-000c41e2cdad\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apache\n\nCVE-2004-0747\nBuffer overflow in Apache 2.0.50 and earlier allows local users to\ngain apache privileges via a .htaccess file that causes the overflow\nduring expansion of environment variables.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://lists.netsys.com/pipermail/full-disclosure/2004-September/026463.html\nhttp://www.vuxml.org/freebsd/4d49f4ba-071f-11d9-b45d-000c41e2cdad.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52390);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0747\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0\")>=0 && revcomp(a:bver, b:\"2.0.50_3\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0747"], "description": "According to its version number, the remote version of Apache Web\n Server is prone to a local buffer-overflow vulnerability that\n affects a configuration file environment variable.", "modified": "2019-03-07T00:00:00", "published": "2009-05-02T00:00:00", "id": "OPENVAS:1361412562310100172", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100172", "type": "openvas", "title": "Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: apache_cve_2004_0747.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# Apache Web Server Configuration File Environment Variable Local\n# Buffer Overflow Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100172\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-02 19:46:33 +0200 (Sat, 02 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2004-0747\");\n script_bugtraq_id(11182);\n script_name(\"Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/11182\");\n script_xref(name:\"URL\", value:\"http://www.apache.org/dist/httpd/Announcement2.html\");\n\n script_tag(name:\"insight\", value:\"The flas occurs because the application fails to validate user-supplied\n string lengths before copying them into finite process buffers.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released an upgrade. Please see\n the references for more information.\");\n\n script_tag(name:\"summary\", value:\"According to its version number, the remote version of Apache Web\n Server is prone to a local buffer-overflow vulnerability that\n affects a configuration file environment variable.\");\n\n script_tag(name:\"impact\", value:\"An attacker may leverage this issue to execute arbitrary code on\n the affected computer with the privileges of the Apache webserver process.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"2.0.51\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.0.51\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-19T12:03:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0747"], "description": "According to its version number, the remote version of Apache Web\n Server is prone to a local buffer-overflow vulnerability that\n affects a configuration file environment variable. This occurs\n because the application fails to validate user-supplied string\n lengths before copying them into finite process buffers.\n\n An attacker may leverage this issue to execute arbitrary code on\n the affected computer with the privileges of the Apache webserver\n process.", "modified": "2017-09-18T00:00:00", "published": "2009-05-02T00:00:00", "id": "OPENVAS:100172", "href": "http://plugins.openvas.org/nasl.php?oid=100172", "type": "openvas", "title": "Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: apache_cve_2004_0747.nasl 7176 2017-09-18 12:01:01Z cfischer $\n#\n# Apache Web Server Configuration File Environment Variable Local\n# Buffer Overflow Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"According to its version number, the remote version of Apache Web\n Server is prone to a local buffer-overflow vulnerability that\n affects a configuration file environment variable. This occurs\n because the application fails to validate user-supplied string\n lengths before copying them into finite process buffers.\n\n An attacker may leverage this issue to execute arbitrary code on\n the affected computer with the privileges of the Apache webserver\n process.\";\n\ntag_solution = \"The vendor has released an upgrade. Please see\n http://www.apache.org/dist/httpd/Announcement2.html for more\n information.\";\n\nif(description)\n{\n script_id(100172);\n script_version(\"$Revision: 7176 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-18 14:01:01 +0200 (Mon, 18 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-02 19:46:33 +0200 (Sat, 02 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_cve_id(\"CVE-2004-0747\");\n script_bugtraq_id(11182);\n script_name(\"Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"http_version.nasl\", \"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/11182\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nhttpdPort = get_http_port(default:80);\nif(!httpdPort){\n exit(0);\n}\n\nversion = get_kb_item(\"www/\" + httpdPort + \"/Apache\");\nif(version != NULL){\n if(version_is_less(version:version, test_version:\"2.0.51\")){\n security_message(httpdPort);\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0809"], "description": "The remote host is missing an update to libapache-mod-dav\nannounced via advisory DSA 558-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53248", "href": "http://plugins.openvas.org/nasl.php?oid=53248", "type": "openvas", "title": "Debian Security Advisory DSA 558-1 (libapache-mod-dav)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_558_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 558-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Julian Reschke reported a problem in mod_dav of Apache 2 in connection\nwith a NULL pointer dereference. When running in a threaded model,\nespecially with Apache 2, a segmentation fault can take out a whole\nprocess and hence create a denial of service for the whole server.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0.3-3.1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of\nApache 2.\n\nWe recommend that you upgrade your mod_dav packages.\";\ntag_summary = \"The remote host is missing an update to libapache-mod-dav\nannounced via advisory DSA 558-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20558-1\";\n\nif(description)\n{\n script_id(53248);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-0809\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 558-1 (libapache-mod-dav)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache-mod-dav\", ver:\"1.0.3-3.1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0809"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-example-pages\n libapr0\n apache2-worker\n apache2-doc\n apache2-prefork\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009547 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065249", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065249", "type": "openvas", "title": "SLES9: Security update for Apache 2", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5009547.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-example-pages\n libapr0\n apache2-worker\n apache2-doc\n apache2-prefork\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009547 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65249\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0809\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.49~27.16\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0809"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-example-pages\n libapr0\n apache2-worker\n apache2-doc\n apache2-prefork\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009547 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65249", "href": "http://plugins.openvas.org/nasl.php?oid=65249", "type": "openvas", "title": "SLES9: Security update for Apache 2", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5009547.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-example-pages\n libapr0\n apache2-worker\n apache2-doc\n apache2-prefork\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5009547 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65249);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0809\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.49~27.16\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0809", "CVE-2004-0751"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nThe Apache Software Foundation and the The Apache HTTP Server Project\r\nare pleased to announce the release of version 2.0.51 of the Apache\r\nHTTP Server ("Apache"). This Announcement notes the significant\r\nchanges in 2.0.51 as compared to 2.0.50.\r\n\r\nThis version of Apache is principally a bug fix release. Of\r\nparticular note is that 2.0.51 addresses five security\r\nvulnerabilities:\r\n\r\n An input validation issue in IPv6 literal address parsing which\r\n can result in a negative length parameter being passed to memcpy.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786]\r\n\r\n A buffer overflow in configuration file parsing could allow a\r\n local user to gain the privileges of a httpd child if the server\r\n can be forced to parse a carefully crafted .htaccess file.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747]\r\n\r\n A segfault in mod_ssl which can be triggered by a malicious\r\n remote server, if proxying to SSL servers has been configured.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751]\r\n\r\n A potential infinite loop in mod_ssl which could be triggered\r\n given particular timing of a connection abort.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748]\r\n\r\n A segfault in mod_dav_fs which can be remotely triggered by an\r\n indirect lock refresh request.\r\n [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809]\r\n\r\nThe Apache HTTP Server Project would like to thank Codenomicon for\r\nsupplying copies of their "HTTP Test Tool" used to discover\r\nCAN-2004-0786, and to SITIC for reporting the discovery of\r\nCAN-2004-0747.\r\n\r\nThis release is compatible with modules compiled for 2.0.42 and\r\nlater versions. We consider this release to be the best version of\r\nApache available and encourage users of all prior versions to\r\nupgrade.\r\n\r\nApache HTTP Server 2.0.51 is available for download from\r\n\r\n http://httpd.apache.org/download.cgi?update=200409150645\r\n\r\nPlease see the CHANGES_2.0 file, linked from the above page, for\r\na full list of changes.\r\n\r\nApache 2.0 offers numerous enhancements, improvements, and performance\r\nboosts over the 1.3 codebase. For an overview of new features introduced\r\nafter 1.3 please see\r\n\r\n http://httpd.apache.org/docs-2.0/new_features_2_0.html\r\n\r\nWhen upgrading or installing this version of Apache, please keep\r\nin mind the following:\r\nIf you intend to use Apache with one of the threaded MPMs, you must\r\nensure that the modules (and the libraries they depend on) that you\r\nwill be using are thread-safe. Please contact the vendors of these\r\nmodules to obtain this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.3 (GNU/Linux)\r\n\r\niD8DBQFBSIdJZjW2wN6IXdMRAqbGAJsFz8XbVkQvpmreh8sHE3DeACXUKwCeJkpF\r\ngxDK5D1j00qUCzksg872i1c=\r\n=ghiQ\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2004-09-16T00:00:00", "published": "2004-09-16T00:00:00", "id": "SECURITYVULNS:DOC:6814", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6814", "title": "[ANNOUNCE] Apache HTTP Server 2.0.51 Released", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0751"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandrakelinux Security Update Advisory\r\n _______________________________________________________________________\r\n\r\n Package name: apache2\r\n Advisory ID: MDKSA-2004:096\r\n Date: September 15th, 2004\r\n\r\n Affected versions: 10.0, 9.2\r\n ______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Two Denial of Service conditions were discovered in the input filter\r\n of mod_ssl, the module that enables apache to handle HTTPS requests.\r\n \r\n Another vulnerability was discovered by the ASF security team using\r\n the Codenomicon HTTP Test Tool. This vulnerability, in the apr-util\r\n library, can possibly lead to arbitray code execution if certain\r\n non-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK\r\n define).\r\n \r\n As well, the SITIC have discovered a buffer overflow when Apache\r\n expands environment variables in configuration files such as .htaccess\r\n and httpd.conf, which can lead to possible privilege escalation. This\r\n can only be done, however, if an attacker is able to place malicious\r\n configuration files on the server.\r\n \r\n Finally, a crash condition was discovered in the mod_dav module by\r\n Julian Reschke, where sending a LOCK refresh request to an indirectly\r\n locked resource could crash the server.\r\n \r\n The updated packages have been patched to protect against these\r\n vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786\r\n http://www.uniras.gov.uk/vuls/2004/403518/index.htm\r\n ______________________________________________________________________\r\n\r\n Updated Packages:\r\n \r\n Mandrakelinux 10.0:\r\n 577abf316e5d985744e3a55c00ba1ed3 10.0/RPMS/apache2-2.0.48-6.6.100mdk.i586.rpm\r\n 0f57531ce5bfd8034f1d485d55a8dc36 \r\n10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.i586.rpm\r\n 8931749f97b852f34500348a4d1f3ae0 \r\n10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.i586.rpm\r\n abd6661337d00c261462d9dc4a7e7a27 \r\n10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.i586.rpm\r\n d4ece1caa7d12cdcad37fc179a3a507a \r\n10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.i586.rpm\r\n b33b960cc734861a8b12f157c2754d37 \r\n10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.i586.rpm\r\n c49321208ca8c4e3f867acf481b56aea \r\n10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.i586.rpm\r\n f03a0281374080c36351c6994ca83fef \r\n10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.i586.rpm\r\n e6d2e946c1a4006d7da12e0d4970efdf \r\n10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.i586.rpm\r\n 4b121a7f3ac76c4d6d47b3b2dd303afc \r\n10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.i586.rpm\r\n fabdc95624a9d4863ce6a0773ba41769 \r\n10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.i586.rpm\r\n 386f4203719e4dbed7ec22c2b2416a6f \r\n10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.i586.rpm\r\n 39fb6ee3fb9a25fe9fef386b10908300 \r\n10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.i586.rpm\r\n 8769f679dd2ff3fbc61a8d53bf7e1e95 \r\n10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.i586.rpm\r\n 22cdca5e2d82338cd0cf9fb2494f93e5 \r\n10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.i586.rpm\r\n 6110769acb534f25eb2eca0240dc59c0 10.0/RPMS/libapr0-2.0.48-6.6.100mdk.i586.rpm\r\n a95799fa3e80c91b9c213e6938894004 10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm\r\n\r\n Mandrakelinux 10.0/AMD64:\r\n 6147e89235b66d584b49aa29b1bdd48f \r\namd64/10.0/RPMS/apache2-2.0.48-6.6.100mdk.amd64.rpm\r\n 43227a23672e9e794ab9c2fdbfdc29af \r\namd64/10.0/RPMS/apache2-common-2.0.48-6.6.100mdk.amd64.rpm\r\n 0f4a26910cb8d3cef4f0c6990e2dd89a \r\namd64/10.0/RPMS/apache2-devel-2.0.48-6.6.100mdk.amd64.rpm\r\n 939b4a808c3d4d4aeec7353873fe70d2 \r\namd64/10.0/RPMS/apache2-manual-2.0.48-6.6.100mdk.amd64.rpm\r\n 636cb8f74e0fd9955924de1b8c9bcd33 \r\namd64/10.0/RPMS/apache2-mod_cache-2.0.48-6.6.100mdk.amd64.rpm\r\n 84440eadc0ca8e45caf80cc1c5a110ec \r\namd64/10.0/RPMS/apache2-mod_dav-2.0.48-6.6.100mdk.amd64.rpm\r\n bb8fc55c43ed023f41b2c9134b22112b \r\namd64/10.0/RPMS/apache2-mod_deflate-2.0.48-6.6.100mdk.amd64.rpm\r\n 059c1ded4088a77ca1379b37bf488d8a \r\namd64/10.0/RPMS/apache2-mod_disk_cache-2.0.48-6.6.100mdk.amd64.rpm\r\n 21e5578866e52cafb66a8810b80bb8ee \r\namd64/10.0/RPMS/apache2-mod_file_cache-2.0.48-6.6.100mdk.amd64.rpm\r\n b772fc49e45ba69cf54befd0c43b0478 \r\namd64/10.0/RPMS/apache2-mod_ldap-2.0.48-6.6.100mdk.amd64.rpm\r\n 8ab329afc0a8114022c2989f0da114e5 \r\namd64/10.0/RPMS/apache2-mod_mem_cache-2.0.48-6.6.100mdk.amd64.rpm\r\n 3dd9a74509e65083895a38a40b5737e8 \r\namd64/10.0/RPMS/apache2-mod_proxy-2.0.48-6.6.100mdk.amd64.rpm\r\n dd8c9c7a029a409f1a9c0498e9bdb0d4 \r\namd64/10.0/RPMS/apache2-mod_ssl-2.0.48-6.6.100mdk.amd64.rpm\r\n 9823808a0fd99a4285a742bc843f2a7f \r\namd64/10.0/RPMS/apache2-modules-2.0.48-6.6.100mdk.amd64.rpm\r\n 6a801d9aa2cd2b4b2702541a29b21adc \r\namd64/10.0/RPMS/apache2-source-2.0.48-6.6.100mdk.amd64.rpm\r\n c5b670cc38bfe405e581a4d82bfbc49d \r\namd64/10.0/RPMS/lib64apr0-2.0.48-6.6.100mdk.amd64.rpm\r\n a95799fa3e80c91b9c213e6938894004 \r\namd64/10.0/SRPMS/apache2-2.0.48-6.6.100mdk.src.rpm\r\n\r\n Mandrakelinux 9.2:\r\n a5022c41292c79824da685f40a84088f 9.2/RPMS/apache2-2.0.47-6.9.92mdk.i586.rpm\r\n f7bb47cfbaaed2b59cb75c1fd19334ba \r\n9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.i586.rpm\r\n 1f71d90ac568f5e8f6ab1dfaa98cf4c3 \r\n9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.i586.rpm\r\n 5494d0648be5a27178b810980cb7f3e8 \r\n9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.i586.rpm\r\n 42f46e37fe2242947dceda9e0455bdfc \r\n9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.i586.rpm\r\n 70b913fa54ddcfa696c1bd4251a79945 \r\n9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.i586.rpm\r\n 5000116dac10fd53b04153b7380528a9 \r\n9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.i586.rpm\r\n 102a388f55bc59ad824e94913893bb97 \r\n9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.i586.rpm\r\n 4e80f75066f180226812ab89256ed651 \r\n9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.i586.rpm\r\n 67c4d53ee756149485ee98fb4a0a3f98 \r\n9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.i586.rpm\r\n 5d33dc3247dee2d598534564245534e7 \r\n9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.i586.rpm\r\n 82d6c628240e4529555f5234f61ae465 \r\n9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.i586.rpm\r\n 162af1842efde8e25cee655c9a6074d8 \r\n9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.i586.rpm\r\n 57cfc8ec7a4f0748df2512a8cab871c1 \r\n9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.i586.rpm\r\n d2b611bd99ed5f0de8a211058ea5c9b3 \r\n9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.i586.rpm\r\n 732529e90ba322a1af3e8cc52ed3b35d 9.2/RPMS/libapr0-2.0.47-6.9.92mdk.i586.rpm\r\n 0a407de570da4a4fa87f0ff01209e6cb 9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm\r\n\r\n Mandrakelinux 9.2/AMD64:\r\n d38ea5529d580f08fd41e5d60e0e27f3 \r\namd64/9.2/RPMS/apache2-2.0.47-6.9.92mdk.amd64.rpm\r\n 71b971bfa2ee3c9892c474b52d25d013 \r\namd64/9.2/RPMS/apache2-common-2.0.47-6.9.92mdk.amd64.rpm\r\n 271807bfedd2e488fe8612c1eeac884c \r\namd64/9.2/RPMS/apache2-devel-2.0.47-6.9.92mdk.amd64.rpm\r\n 956499b5a87b862eba2a6cad34acbe73 \r\namd64/9.2/RPMS/apache2-manual-2.0.47-6.9.92mdk.amd64.rpm\r\n 385ba3c32e876db596afddc5e6115904 \r\namd64/9.2/RPMS/apache2-mod_cache-2.0.47-6.9.92mdk.amd64.rpm\r\n 7ae05ee04cb1a28e028fd6bae59ba2e8 \r\namd64/9.2/RPMS/apache2-mod_dav-2.0.47-6.9.92mdk.amd64.rpm\r\n 7c2a5dce49f994d8535344e284342a84 \r\namd64/9.2/RPMS/apache2-mod_deflate-2.0.47-6.9.92mdk.amd64.rpm\r\n 43540961c80877d932bbb71a21be2e96 \r\namd64/9.2/RPMS/apache2-mod_disk_cache-2.0.47-6.9.92mdk.amd64.rpm\r\n 1a0333f97501803238053c8bf0d1a536 \r\namd64/9.2/RPMS/apache2-mod_file_cache-2.0.47-6.9.92mdk.amd64.rpm\r\n df9db8eda897070aa85b9c39552ec353 \r\namd64/9.2/RPMS/apache2-mod_ldap-2.0.47-6.9.92mdk.amd64.rpm\r\n bda589312c97917e3febd6315d403533 \r\namd64/9.2/RPMS/apache2-mod_mem_cache-2.0.47-6.9.92mdk.amd64.rpm\r\n 93c3f05ab21020651aa2f3ec8dee77eb \r\namd64/9.2/RPMS/apache2-mod_proxy-2.0.47-6.9.92mdk.amd64.rpm\r\n 0184016e442847ca432a78ee488c14da \r\namd64/9.2/RPMS/apache2-mod_ssl-2.0.47-6.9.92mdk.amd64.rpm\r\n 2e73a720242ea4010cc783afd8eb30d8 \r\namd64/9.2/RPMS/apache2-modules-2.0.47-6.9.92mdk.amd64.rpm\r\n e33488dc979fc75ff33e82b4749ac87e \r\namd64/9.2/RPMS/apache2-source-2.0.47-6.9.92mdk.amd64.rpm\r\n cc7bc30bd8cc09da849d981701a96f6c \r\namd64/9.2/RPMS/lib64apr0-2.0.47-6.9.92mdk.amd64.rpm\r\n 0a407de570da4a4fa87f0ff01209e6cb \r\namd64/9.2/SRPMS/apache2-2.0.47-6.9.92mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrakeUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandrakesoft for security. You can obtain\r\n the GPG public key of the Mandrakelinux Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandrakelinux at:\r\n\r\n http://www.mandrakesoft.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_linux-mandrake.com\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team\r\n <security linux-mandrake.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niD8DBQFBSI5pmqjQ0CJFipgRAlxGAKCpPrt7/HB5YroIdx5J84y6E5opeQCg49dn\r\nNHBQlfivIH+fWpgnCv9/jVY=\r\n=ui8Y\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2004-09-16T00:00:00", "published": "2004-09-16T00:00:00", "id": "SECURITYVULNS:DOC:6813", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6813", "title": "MDKSA-2004:096 - Updated apache2 packages fix multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "cvelist": ["CVE-2004-0747"], "description": "* SITIC Vulnerability Advisory *\r\n\r\n Advisory Name: Apache config file env variable buffer overflow\r\n Advisory Reference: SA04-002\r\n Date of initial release: 2004-09-15\r\n Product: Apache 2.0.x\r\n Platform: Linux, BSD systems, Unix, Windows\r\n Effect: Code execution when processing .htaccess files\r\nVulnerability Identifier: CAN-2004-0747\r\n\r\n\r\nOverview:\r\n\r\nApache suffers from a buffer overflow when expanding environment variables\r\nin configuration files such as .htaccess and httpd.conf. In a setup typical\r\nof ISPs, for instance, users are allowed to configure their own public_html\r\ndirectories with .htaccess files, leading to possible privilege escalation.\r\n\r\n\r\nDetails:\r\n\r\nThe buffer overflow occurs when expanding ${ENVVAR} constructs in .htaccess\r\nor httpd.conf files. The function ap_resolve_env() in server/util.c copies\r\ndata from environment variables to the character array tmp with strcat(3),\r\nleading to a buffer overflow.\r\n\r\nHTTP requests that exploit this problem are not shown in the access log. The\r\nerror log will show Segmentation faults, though.\r\n\r\n\r\nMitigating factors:\r\n\r\nExploitation requires manual installation of malicious .htaccess files by\r\nsomeone with normal user rights.\r\n\r\n\r\nAffected versions:\r\n\r\n o Apache 2.0.50\r\n o many other 2.0.x versions\r\n\r\n\r\nRecommendations:\r\n\r\n o A fix for this issue is incorporated into Apache 2.0.51\r\n o For Apache 2.0.*: The Apache Software Foundation has published a patch\r\n which is the official fix for this issue.\r\n\r\n\r\nPatch information:\r\n\r\n o The Apache 2.0.51 release is available from the following source:\r\n http://httpd.apache.org/\r\n o For Apache 2.0.*, the patch is available from the following source:\r\n http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/\r\n\r\n\r\nAcknowledgments:\r\n\r\n\r\nThis vulnerability was discovered by Ulf Harnhammar for SITIC, Swedish IT \r\nIncident Centre.\r\n\r\n\r\nContact information:\r\n\r\nSwedish IT Incident Centre, SITIC\r\nP O Box 5398, SE-102 49 Stockholm, Sweden\r\nTelephone: +46-8-678 5799\r\nEmail: sitic at pts dot se\r\nhttp://www.sitic.se\r\n\r\n\r\nRevision history:\r\n\r\nInitial release 2004-09-15\r\n\r\n\r\nAbout SITIC:\r\n\r\nThe Swedish IT Incident Centre within the National Post and Telecom Agency\r\nhas the task to support society in working with protection against IT\r\nincidents. SITIC facilitates exchange of information regarding IT incidents\r\nbetween organisations in society, and disseminates information about new\r\nproblems which potentially may impede the functionality of IT systems. In\r\naddition, SITIC provides information and advice regarding proactive measures\r\nand compiles and publishes statistics.\r\n\r\n\r\nDisclaimer:\r\n\r\nThe decision to follow or act on information or advice contained in this\r\nVulnerability Advisory is the responsibility of each user or organisation.\r\nSITIC accepts no responsibility for any errors or omissions contained within\r\nthis Vulnerability Advisory, nor for any consequences which may arise from\r\nfollowing or acting on information or advice contained herein.", "edition": 1, "modified": "2004-09-16T00:00:00", "published": "2004-09-16T00:00:00", "id": "SECURITYVULNS:DOC:6815", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6815", "title": "SA04-002 - Apache config file env variable buffer overflow", "type": "securityvulns", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "cvelist": ["CVE-2004-0809"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 558-1 security@debian.org\r\nhttp://www.debian.org/security/ Martin Schulze\r\nOctober 6th, 2004 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : libapache-mod-dav\r\nVulnerability : null pointer dereference\r\nProblem-Type : remote\r\nDebian-specific: no\r\nCVE ID : CAN-2004-0809\r\n\r\nJulian Reschke reported a problem in mod_dav of Apache 2 in connection\r\nwith a NULL pointer dereference. When running in a threaded model,\r\nespecially with Apache 2, a segmentation fault can take out a whole\r\nprocess and hence create a denial of service for the whole server.\r\n\r\nFor the stable distribution (woody) this problem has been fixed in\r\nversion 1.0.3-3.1.\r\n\r\nFor the unstable distribution (sid) this problem has been fixed in\r\nversion 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of\r\nApache 2.\r\n\r\nWe recommend that you upgrade your mod_dav packages.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 3.0 alias woody\r\n- --------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.dsc\r\n Size/MD5 checksum: 645 5b405cd8fe0471edd793343ef8237b26\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.diff.gz\r\n Size/MD5 checksum: 4523 94edc74f33414e93af4ca7fa849b3fb3\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3.orig.tar.gz\r\n Size/MD5 checksum: 185284 ba83f2aa6e13b216a11d465b82aab484\r\n\r\n Alpha architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_alpha.deb\r\n Size/MD5 checksum: 96522 7e5d5d2184629de6be880eb0650d7fd1\r\n\r\n ARM architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_arm.deb\r\n Size/MD5 checksum: 81860 fbe2d647e0037436d710ee857c947a52\r\n\r\n Intel IA-32 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_i386.deb\r\n Size/MD5 checksum: 80122 dfaab95268192557f711ab9fbd7f9f9b\r\n\r\n Intel IA-64 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_ia64.deb\r\n Size/MD5 checksum: 116596 bb369037b3d2ee0110c15d0b085a410b\r\n\r\n HP Precision architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_hppa.deb\r\n Size/MD5 checksum: 90406 fc707743732c491c29bfdb21d469736f\r\n\r\n Motorola 680x0 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_m68k.deb\r\n Size/MD5 checksum: 80030 1b434a6598c06e23f3bb253867f59ae5\r\n\r\n Big endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mips.deb\r\n Size/MD5 checksum: 84944 a422f253d772ca1c2dae84bac0bb79ea\r\n\r\n Little endian MIPS architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mipsel.deb\r\n Size/MD5 checksum: 85094 4cf00ccacd87e2295af6618987950e13\r\n\r\n PowerPC architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_powerpc.deb\r\n Size/MD5 checksum: 84516 853b2929e7f371e79f153f6c57414a1f\r\n\r\n IBM S/390 architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_s390.deb\r\n Size/MD5 checksum: 82424 7f092c974abfe792278c925bdd345775\r\n\r\n Sun Sparc architecture:\r\n\r\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_sparc.deb\r\n Size/MD5 checksum: 92438 77bdcf29501a581a1cb768af644c923b\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.5 (GNU/Linux)\r\n\r\niD8DBQFBY5+qW5ql+IAeqTIRAsAfAJ9OCkuj0CiIUV/GxATw5IqYG014OgCgsO57\r\n2tpvIRLP8zoqZDV47z9ssf8=\r\n=vMyZ\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.netsys.com/full-disclosure-charter.html", "edition": 1, "modified": "2004-10-06T00:00:00", "published": "2004-10-06T00:00:00", "id": "SECURITYVULNS:DOC:6936", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6936", "title": "[Full-Disclosure] [SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T10:51:51", "description": "The remote host is affected by the vulnerability described in GLSA-200409-21\n(Apache 2, mod_dav: Multiple vulnerabilities)\n\n A potential infinite loop has been found in the input filter of mod_ssl\n (CAN-2004-0748) as well as a possible segmentation fault in the\n char_buffer_read function if reverse proxying to a SSL server is being used\n (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or\n mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can\n be triggered remotely (CAN-2004-0809). The third issue is an input\n validation error found in the IPv6 URI parsing routines within the apr-util\n library (CAN-2004-0786). Additionally a possible buffer overflow has been\n reported when expanding environment variables during the parsing of\n configuration files (CAN-2004-0747).\n \nImpact :\n\n A remote attacker could cause a Denial of Service either by aborting a SSL\n connection in a special way, resulting in CPU consumption, by exploiting\n the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker\n could also crash a httpd child process by sending a specially crafted URI.\n The last vulnerability could be used by a local user to gain the privileges\n of a httpd child, if the server parses a carefully prepared .htaccess file.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2004-09-17T00:00:00", "title": "GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0809", "CVE-2004-0751"], "modified": "2004-09-17T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:mod_dav", "p-cpe:/a:gentoo:linux:apache"], "id": "GENTOO_GLSA-200409-21.NASL", "href": "https://www.tenable.com/plugins/nessus/14766", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200409-21.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14766);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_xref(name:\"GLSA\", value:\"200409-21\");\n\n script_name(english:\"GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200409-21\n(Apache 2, mod_dav: Multiple vulnerabilities)\n\n A potential infinite loop has been found in the input filter of mod_ssl\n (CAN-2004-0748) as well as a possible segmentation fault in the\n char_buffer_read function if reverse proxying to a SSL server is being used\n (CAN-2004-0751). Furthermore, mod_dav, as shipped in Apache httpd 2 or\n mod_dav 1.0.x for Apache 1.3, contains a NULL pointer dereference which can\n be triggered remotely (CAN-2004-0809). The third issue is an input\n validation error found in the IPv6 URI parsing routines within the apr-util\n library (CAN-2004-0786). Additionally a possible buffer overflow has been\n reported when expanding environment variables during the parsing of\n configuration files (CAN-2004-0747).\n \nImpact :\n\n A remote attacker could cause a Denial of Service either by aborting a SSL\n connection in a special way, resulting in CPU consumption, by exploiting\n the segmentation fault in mod_ssl or the mod_dav flaw. A remote attacker\n could also crash a httpd child process by sending a specially crafted URI.\n The last vulnerability could be used by a local user to gain the privileges\n of a httpd child, if the server parses a carefully prepared .htaccess file.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200409-21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache 2 users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=www-servers/apache-2.0.51'\n # emerge '>=www-servers/apache-2.0.51'\n All mod_dav users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=net-www/mod_dav-1.0.3-r2'\n # emerge '>=net-www/mod_dav-1.0.3-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-www/mod_dav\", unaffected:make_list(\"ge 1.0.3-r2\"), vulnerable:make_list(\"le 1.0.3-r1\"))) flag++;\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.0.51\", \"lt 2.0\"), vulnerable:make_list(\"lt 2.0.51\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache 2 / mod_dav\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:20:49", "description": "According to its Server response header, the remote host is running a\nversion of Apache 2.0.x prior to 2.0.51. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An input validation issue in apr-util can be triggered\n by malformed IPv6 literal addresses and result in a \n buffer overflow (CVE-2004-0786).\n\n - There is a buffer overflow that can be triggered when\n expanding environment variables during configuration\n file parsing (CVE-2004-0747).\n\n - A segfault in mod_dav_ds when handling an indirect lock\n refresh can lead to a process crash (CVE-2004-0809).\n\n - A segfault in the SSL input filter can be triggered\n if using 'speculative' mode by, for instance, a proxy\n request to an SSL server (CVE-2004-0751).\n\n - There is the potential for an infinite loop in mod_ssl\n (CVE-2004-0748).", "edition": 27, "cvss3": {"score": 5.6, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2004-09-16T00:00:00", "title": "Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0809", "CVE-2004-0751"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_0_51.NASL", "href": "https://www.tenable.com/plugins/nessus/14748", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(14748);\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n script_version(\"1.30\");\n\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_bugtraq_id(11185, 11187);\n\n script_name(english:\"Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its Server response header, the remote host is running a\nversion of Apache 2.0.x prior to 2.0.51. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An input validation issue in apr-util can be triggered\n by malformed IPv6 literal addresses and result in a \n buffer overflow (CVE-2004-0786).\n\n - There is a buffer overflow that can be triggered when\n expanding environment variables during configuration\n file parsing (CVE-2004-0747).\n\n - A segfault in mod_dav_ds when handling an indirect lock\n refresh can lead to a process crash (CVE-2004-0809).\n\n - A segfault in the SSL input filter can be triggered\n if using 'speculative' mode by, for instance, a proxy\n request to an SSL server (CVE-2004-0751).\n\n - There is the potential for an infinite loop in mod_ssl\n (CVE-2004-0748).\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://bz.apache.org/bugzilla/show_bug.cgi?id=31183\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.0\" );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apache 2.0.51 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/16\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/07/08\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks version of Apache\";\n \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Web Servers\");\n script_dependencie(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor\n# was used\nif (version =~ '^2(\\\\.0)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^2\\\\.0' && ver_compare(ver:version, fix:'2.0.51') == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.51\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:22", "description": "Two Denial of Service conditions were discovered in the input filter\nof mod_ssl, the module that enables apache to handle HTTPS requests.\n\nAnother vulnerability was discovered by the ASF security team using\nthe Codenomicon HTTP Test Tool. This vulnerability, in the apr-util\nlibrary, can possibly lead to arbitrary code execution if certain\nnon-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK\ndefine).\n\nAs well, the SITIC have discovered a buffer overflow when Apache\nexpands environment variables in configuration files such as .htaccess\nand httpd.conf, which can lead to possible privilege escalation. This\ncan only be done, however, if an attacker is able to place malicious\nconfiguration files on the server.\n\nFinally, a crash condition was discovered in the mod_dav module by\nJulian Reschke, where sending a LOCK refresh request to an indirectly\nlocked resource could crash the server.\n\nThe updated packages have been patched to protect against these\nvulnerabilities.", "edition": 24, "published": "2004-09-16T00:00:00", "title": "Mandrake Linux Security Advisory : apache2 (MDKSA-2004:096)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786", "CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0809", "CVE-2004-0783", "CVE-2004-0751"], "modified": "2004-09-16T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache2-mod_dav", "p-cpe:/a:mandriva:linux:apache2-mod_ssl", "p-cpe:/a:mandriva:linux:apache2-mod_ldap", "p-cpe:/a:mandriva:linux:apache2", "p-cpe:/a:mandriva:linux:lib64apr0", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "p-cpe:/a:mandriva:linux:apache2-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache2-common", "p-cpe:/a:mandriva:linux:apache2-devel", "p-cpe:/a:mandriva:linux:apache2-modules", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:apache2-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache2-manual", "p-cpe:/a:mandriva:linux:apache2-mod_file_cache", "p-cpe:/a:mandriva:linux:apache2-mod_proxy", "p-cpe:/a:mandriva:linux:apache2-mod_cache", "p-cpe:/a:mandriva:linux:libapr0", "p-cpe:/a:mandriva:linux:apache2-mod_deflate", "p-cpe:/a:mandriva:linux:apache2-source"], "id": "MANDRAKE_MDKSA-2004-096.NASL", "href": "https://www.tenable.com/plugins/nessus/14752", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:096. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14752);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0748\", \"CVE-2004-0751\", \"CVE-2004-0783\", \"CVE-2004-0786\", \"CVE-2004-0809\");\n script_xref(name:\"MDKSA\", value:\"2004:096\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache2 (MDKSA-2004:096)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two Denial of Service conditions were discovered in the input filter\nof mod_ssl, the module that enables apache to handle HTTPS requests.\n\nAnother vulnerability was discovered by the ASF security team using\nthe Codenomicon HTTP Test Tool. This vulnerability, in the apr-util\nlibrary, can possibly lead to arbitrary code execution if certain\nnon-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK\ndefine).\n\nAs well, the SITIC have discovered a buffer overflow when Apache\nexpands environment variables in configuration files such as .htaccess\nand httpd.conf, which can lead to possible privilege escalation. This\ncan only be done, however, if an attacker is able to place malicious\nconfiguration files on the server.\n\nFinally, a crash condition was discovered in the mod_dav module by\nJulian Reschke, where sending a LOCK refresh request to an indirectly\nlocked resource could crash the server.\n\nThe updated packages have been patched to protect against these\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.uniras.gov.uk/vuls/2004/403518/index.htm\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache2-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64apr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-common-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-devel-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-manual-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_cache-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_dav-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_deflate-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_disk_cache-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_file_cache-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ldap-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_mem_cache-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_proxy-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-mod_ssl-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-modules-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"apache2-source-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64apr0-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libapr0-2.0.48-6.6.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-common-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-devel-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-manual-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_cache-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_dav-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_deflate-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_disk_cache-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_file_cache-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_ldap-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_mem_cache-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_proxy-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-mod_ssl-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-modules-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"apache2-source-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"amd64\", reference:\"lib64apr0-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", cpu:\"i386\", reference:\"libapr0-2.0.47-6.9.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:05:43", "description": " - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.7\n\n - ap_rgetline_core fix from Rici Lake\n\n - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.6\n\n - fix 2.0.51 regression in Satisfy merging (CVE-2004-0811)\n\n - Thu Sep 16 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.5\n\n - mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade\n from 2.0.50\n\n - revert mod_ldap/mod_auth_ldap changes likewise\n\n - Wed Sep 15 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.1\n\n - update to 2.0.51, including security fixes for :\n\n - core: CVE-2004-0747\n\n - mod_dav_fs: CVE-2004-0809\n\n - mod_ssl: CVE-2004-0751, CVE-2004-0748\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2004-09-24T00:00:00", "title": "Fedora Core 2 : httpd-2.0.51-2.7 (2004-313)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0747", "CVE-2004-0748", "CVE-2004-0809", "CVE-2004-0811", "CVE-2004-0751"], "modified": "2004-09-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:mod_ssl"], "id": "FEDORA_2004-313.NASL", "href": "https://www.tenable.com/plugins/nessus/14807", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-313.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14807);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0811\");\n script_xref(name:\"FEDORA\", value:\"2004-313\");\n\n script_name(english:\"Fedora Core 2 : httpd-2.0.51-2.7 (2004-313)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.7\n\n - ap_rgetline_core fix from Rici Lake\n\n - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.6\n\n - fix 2.0.51 regression in Satisfy merging (CVE-2004-0811)\n\n - Thu Sep 16 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.5\n\n - mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade\n from 2.0.50\n\n - revert mod_ldap/mod_auth_ldap changes likewise\n\n - Wed Sep 15 2004 Joe Orton <jorton at redhat.com>\n 2.0.51-2.1\n\n - update to 2.0.51, including security fixes for :\n\n - core: CVE-2004-0747\n\n - mod_dav_fs: CVE-2004-0809\n\n - mod_ssl: CVE-2004-0751, CVE-2004-0748\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-September/000303.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eabde590\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"httpd-2.0.51-2.7\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"httpd-debuginfo-2.0.51-2.7\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"httpd-devel-2.0.51-2.7\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"httpd-manual-2.0.51-2.7\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"mod_ssl-2.0.51-2.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:14:44", "description": "The remote host is missing the patch for the advisory SUSE-SA:2004:032 (apache2).\n\n\nThe Apache daemon is running on most of the web-servers used in the\nInternet today.\nThe Red Hat ASF Security-Team and the Swedish IT Incident Center within\nthe National Post and Telecom Agency (SITIC) have found a bug in apache2\neach.\nThe first vulnerability appears in the apr_uri_parse() function while\nhandling IPv6 addresses. The affected code passes a negative length\nargument to the memcpy() function. On BSD systems this can lead to remote\ncommand execution due to the nature of the memcpy() implementation.\nOn Linux this bug will result in a remote denial-of-service condition.\nThe second bug is a local buffer overflow that occurs while expanding\n${ENVVAR} in the .htaccess and httpd.conf file. Both files are not\nwriteable by normal user by default.", "edition": 22, "published": "2004-09-15T00:00:00", "title": "SUSE-SA:2004:032: apache2", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786", "CVE-2004-0747"], "modified": "2004-09-15T00:00:00", "cpe": [], "id": "SUSE_SA_2004_032.NASL", "href": "https://www.tenable.com/plugins/nessus/14731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:032\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif(description)\n{\n script_id(14731);\n script_version(\"1.15\");\n script_cve_id(\"CVE-2004-0747\", \"CVE-2004-0786\");\n script_bugtraq_id(11187, 11182);\n \n name[\"english\"] = \"SUSE-SA:2004:032: apache2\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2004:032 (apache2).\n\n\nThe Apache daemon is running on most of the web-servers used in the\nInternet today.\nThe Red Hat ASF Security-Team and the Swedish IT Incident Center within\nthe National Post and Telecom Agency (SITIC) have found a bug in apache2\neach.\nThe first vulnerability appears in the apr_uri_parse() function while\nhandling IPv6 addresses. The affected code passes a negative length\nargument to the memcpy() function. On BSD systems this can lead to remote\ncommand execution due to the nature of the memcpy() implementation.\nOn Linux this bug will result in a remote denial-of-service condition.\nThe second bug is a local buffer overflow that occurs while expanding\n${ENVVAR} in the .htaccess and httpd.conf file. Both files are not\nwriteable by normal user by default.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/2004_32_apache2.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the apache2 package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"apache2-2.0.48-139\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.48-139\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.48-139\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apr-2.0.48-139\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-perchild-2.0.48-139\", release:\"SUSE8.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.48-139\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.48-139\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.48-139\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libapr0-2.0.48-139\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-leader-2.0.48-139\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.48-139\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.48-139\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.48-139\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libapr0-2.0.48-139\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-leader-2.0.48-139\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-metuxmpm-2.0.48-139\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-2.0.49-27.14\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-prefork-2.0.49-27.14\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"apache2-worker-2.0.49-27.14\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"libapr0-2.0.49-27.14\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"apache2-\", release:\"SUSE8.1\")\n || rpm_exists(rpm:\"apache2-\", release:\"SUSE8.2\")\n || rpm_exists(rpm:\"apache2-\", release:\"SUSE9.0\")\n || rpm_exists(rpm:\"apache2-\", release:\"SUSE9.1\") )\n{\n set_kb_item(name:\"CVE-2004-0747\", value:TRUE);\n set_kb_item(name:\"CVE-2004-0786\", value:TRUE);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-09-26T17:25:39", "edition": 1, "description": "The following package needs to be updated: apache", "published": "2004-09-16T00:00:00", "type": "nessus", "title": "FreeBSD : apache -- apr_uri_parse IPv6 address handling vulnerability (14)", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786"], "modified": "2004-09-16T00:00:00", "id": "FREEBSD_APACHE_2050_3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=14761", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_762d1c6d072211d9b45d000c41e2cdad.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(14761);\n script_version(\"$Revision: 1.7 $\");\n script_cve_id(\"CVE-2004-0786\");\n\n script_name(english:\"FreeBSD : apache -- apr_uri_parse IPv6 address handling vulnerability (14)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: apache');\nscript_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P');\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791\nhttp://bugs.libgd.org/?do=details&task_id=89\nhttp://bugs.libgd.org/?do=details&task_id=94\nhttp://httpd.apache.org\nhttp://secunia.com/advisories/11608\nhttp://secunia.com/advisories/21601\nhttp://www.ethereal.com/appnotes/enpa-sa-00014.html\nhttp://www.frsirt.com/english/advisories/2007/2336\nhttp://www.libgd.org/ReleaseNote020035\nhttp://www.mozilla.org/projects/security/known-vulnerabilities.html\nhttp://www.mozilla.org/security/announce/mfsa2005-46.html\nhttp://www.mozilla.org/security/announce/mfsa2005-47.html\nhttp://www.osvdb.org/6131');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/762d1c6d-0722-11d9-b45d-000c41e2cdad.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/16\");\n script_end_attributes();\n script_summary(english:\"Check for apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #37109 (freebsd_pkg_762d1c6d072211d9b45d000c41e2cdad.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=5;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"apache>=2.0<2.0.50_3\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-01-07T10:45:48", "description": "The Apache Software Foundation Security Team discovered a programming\nerror in the apr-util library function apr_uri_parse. When parsing\nIPv6 literal addresses, it is possible that a length is incorrectly\ncalculated to be negative, and this value is passed to memcpy. This\nmay result in an exploitable vulnerability on some platforms,\nincluding FreeBSD.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "FreeBSD : apache -- apr_uri_parse IPv6 address handling vulnerability (762d1c6d-0722-11d9-b45d-000c41e2cdad)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:apache"], "id": "FREEBSD_PKG_762D1C6D072211D9B45D000C41E2CDAD.NASL", "href": "https://www.tenable.com/plugins/nessus/37109", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37109);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0786\");\n\n script_name(english:\"FreeBSD : apache -- apr_uri_parse IPv6 address handling vulnerability (762d1c6d-0722-11d9-b45d-000c41e2cdad)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache Software Foundation Security Team discovered a programming\nerror in the apr-util library function apr_uri_parse. When parsing\nIPv6 literal addresses, it is possible that a length is incorrectly\ncalculated to be negative, and this value is passed to memcpy. This\nmay result in an exploitable vulnerability on some platforms,\nincluding FreeBSD.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://httpd.apache.org\"\n );\n # https://vuxml.freebsd.org/freebsd/762d1c6d-0722-11d9-b45d-000c41e2cdad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04992b8c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache>=2.0<2.0.50_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:05:43", "description": "Testing using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util\nlibrary. If a remote attacker sent a request including a carefully\ncrafted URI, an httpd child process could be made to crash. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0786 to this issue.\n\nThis update includes a backported patch for this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2004-09-17T00:00:00", "title": "Fedora Core 1 : apr-util-0.9.4-2.1 (2004-307)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786"], "modified": "2004-09-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:1", "p-cpe:/a:fedoraproject:fedora:apr-util-debuginfo", "p-cpe:/a:fedoraproject:fedora:apr-util", "p-cpe:/a:fedoraproject:fedora:apr-util-devel"], "id": "FEDORA_2004-307.NASL", "href": "https://www.tenable.com/plugins/nessus/14764", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-307.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14764);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0786\");\n script_xref(name:\"FEDORA\", value:\"2004-307\");\n\n script_name(english:\"Fedora Core 1 : apr-util-0.9.4-2.1 (2004-307)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Testing using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util\nlibrary. If a remote attacker sent a request including a carefully\ncrafted URI, an httpd child process could be made to crash. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0786 to this issue.\n\nThis update includes a backported patch for this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-September/000296.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3a90dfb8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected apr-util, apr-util-debuginfo and / or\napr-util-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apr-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apr-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 1.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC1\", reference:\"apr-util-0.9.4-2.1\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"apr-util-debuginfo-0.9.4-2.1\")) flag++;\nif (rpm_check(release:\"FC1\", reference:\"apr-util-devel-0.9.4-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apr-util / apr-util-debuginfo / apr-util-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:05:43", "description": "Testing using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util\nlibrary. If a remote attacker sent a request including a carefully\ncrafted URI, an httpd child process could be made to crash. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0786 to this issue.\n\nThis update includes a backported fix for this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2004-09-17T00:00:00", "title": "Fedora Core 2 : apr-util-0.9.4-14.2 (2004-308)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0786"], "modified": "2004-09-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:apr-util-debuginfo", "p-cpe:/a:fedoraproject:fedora:apr-util", "p-cpe:/a:fedoraproject:fedora:apr-util-devel"], "id": "FEDORA_2004-308.NASL", "href": "https://www.tenable.com/plugins/nessus/14765", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-308.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14765);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2004-0786\");\n script_xref(name:\"FEDORA\", value:\"2004-308\");\n\n script_name(english:\"Fedora Core 2 : apr-util-0.9.4-14.2 (2004-308)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Testing using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util\nlibrary. If a remote attacker sent a request including a carefully\ncrafted URI, an httpd child process could be made to crash. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2004-0786 to this issue.\n\nThis update includes a backported fix for this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-September/000297.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2452249e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected apr-util, apr-util-debuginfo and / or\napr-util-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apr-util-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:apr-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"apr-util-0.9.4-14.2\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"apr-util-debuginfo-0.9.4-14.2\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"apr-util-devel-0.9.4-14.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apr-util / apr-util-debuginfo / apr-util-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:43:15", "description": "SITIC discovered a vulnerability in Apache 2's handling of\nenvironmental variable settings in the httpd configuration files (the\nmain `httpd.conf' and `.htaccess' files). According to a SITIC\nadvisory :\n\nThe buffer overflow occurs when expanding ${ENVVAR} constructs in\n.htaccess or httpd.conf files. The function ap_resolve_env() in\nserver/util.c copies data from environment variables to the character\narray tmp with strcat(3), leading to a buffer overflow.", "edition": 26, "published": "2009-04-23T00:00:00", "title": "FreeBSD : apache -- ap_resolve_env buffer overflow (4d49f4ba-071f-11d9-b45d-000c41e2cdad)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0747"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:apache"], "id": "FREEBSD_PKG_4D49F4BA071F11D9B45D000C41E2CDAD.NASL", "href": "https://www.tenable.com/plugins/nessus/36910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36910);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0747\");\n\n script_name(english:\"FreeBSD : apache -- ap_resolve_env buffer overflow (4d49f4ba-071f-11d9-b45d-000c41e2cdad)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SITIC discovered a vulnerability in Apache 2's handling of\nenvironmental variable settings in the httpd configuration files (the\nmain `httpd.conf' and `.htaccess' files). According to a SITIC\nadvisory :\n\nThe buffer overflow occurs when expanding ${ENVVAR} constructs in\n.htaccess or httpd.conf files. The function ap_resolve_env() in\nserver/util.c copies data from environment variables to the character\narray tmp with strcat(3), leading to a buffer overflow.\"\n );\n # http://lists.netsys.com/pipermail/full-disclosure/2004-September/026463.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?994407f9\"\n );\n # https://vuxml.freebsd.org/freebsd/4d49f4ba-071f-11d9-b45d-000c41e2cdad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ab21727\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache>=2.0<2.0.50_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2004-0751"], "edition": 1, "description": "## Vulnerability Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker aborts an SSL connection in a particular state causing an infinite loop to occur. The flaw occurs in ssl_engine_io.c when using a RewriteRule to do reverse proxying to an SSL server.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: \n\n1. Disable mod_ssl in your Apache configuration file.\n\n2. If your running one of the Redhat Enterprise Operating Systems, you can apply an appropriate RPM from: RHSA link above.\n\n3. There's a workaround available from CVS. It has not been tested and should be considered unstable:\n\n--- httpd-2.0/modules/ssl/ssl_engine_io.c 2004/07/13 18:11:22 1.124\n+++ httpd-2.0/modules/ssl/ssl_engine_io.c 2004/08/11 13:19:24 1.125\n@@ -589,6 +589,10 @@\nwhile (1) {\n\nif (!inctx->filter_ctx->pssl) {\n+ /* Ensure a non-zero error code is returned */\n+ if (inctx->rc == APR_SUCCESS) {\n+ inctx->rc = APR_EGENERAL;\n+ }\nbreak;\n}\n## Short Description\nApache contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker aborts an SSL connection in a particular state causing an infinite loop to occur. The flaw occurs in ssl_engine_io.c when using a RewriteRule to do reverse proxying to an SSL server.\n## References:\nVendor URL: http://www.modssl.org/\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2004-463.html)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01090)\n[Vendor Specific Advisory URL](http://issues.apache.org/bugzilla/show_bug.cgi?id=30134)\n[Vendor Specific Advisory URL](https://rhn.redhat.com/errata/RHSA-2004-349.html)\nSecurity Tracker: 1011213\n[Secunia Advisory ID:12434](https://secuniaresearch.flexerasoftware.com/advisories/12434/)\n[Secunia Advisory ID:13025](https://secuniaresearch.flexerasoftware.com/advisories/13025/)\n[Secunia Advisory ID:12474](https://secuniaresearch.flexerasoftware.com/advisories/12474/)\n[Secunia Advisory ID:12577](https://secuniaresearch.flexerasoftware.com/advisories/12577/)\n[Secunia Advisory ID:12646](https://secuniaresearch.flexerasoftware.com/advisories/12646/)\n[Related OSVDB ID: 9523](https://vulners.com/osvdb/OSVDB:9523)\nOther Advisory URL: http://www.suse.de/de/security/2004_30_apache2.html\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200409-21.xml\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0102.html\n[CVE-2004-0751](https://vulners.com/cve/CVE-2004-0751)\n", "modified": "2004-09-02T00:00:00", "published": "2004-09-02T00:00:00", "id": "OSVDB:9742", "href": "https://vulners.com/osvdb/OSVDB:9742", "title": "Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "cvelist": ["CVE-2004-0786"], "edition": 1, "description": "## Vulnerability Description\nThe IPv6 URI parsing routines in the apr-util library for Apache HTTP Server and IBM HTTP Server contains a flaw that may allow a remote denial of service. With a specially crafted URI request, a remote attacker could cause a httpd child process to crash, resulting in a loss of availability for the service.\n## Solution Description\nUpgrade to version 2.0.51 or higher or apply the patch from IBM, as it has been reported to fix this vulnerability.\n## Short Description\nThe IPv6 URI parsing routines in the apr-util library for Apache HTTP Server and IBM HTTP Server contains a flaw that may allow a remote denial of service. With a specially crafted URI request, a remote attacker could cause a httpd child process to crash, resulting in a loss of availability for the service.\n## References:\nVendor URL: http://httpd.apache.org/\nVendor URL: http://www.ibm.com/us/\nVendor Specific Solution URL: http://www.apacheweek.com/features/security-20\nVendor Specific Solution URL: http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0786.patch\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?rs=177&uid=swg24007795)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01090)\nSecurity Tracker: 1011299\n[Secunia Advisory ID:13025](https://secuniaresearch.flexerasoftware.com/advisories/13025/)\n[Secunia Advisory ID:12540](https://secuniaresearch.flexerasoftware.com/advisories/12540/)\n[Secunia Advisory ID:12922](https://secuniaresearch.flexerasoftware.com/advisories/12922/)\n[Related OSVDB ID: 9991](https://vulners.com/osvdb/OSVDB:9991)\nRedHat RHSA: RHSA-2004:463\nOther Advisory URL: http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-3404.txt\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:096\nOther Advisory URL: http://www.suse.de/de/security/2004_32_apache2.html\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200409-21.xml\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868\n[Nessus Plugin ID:14764](https://vulners.com/search?query=pluginID:14764)\n[Nessus Plugin ID:14765](https://vulners.com/search?query=pluginID:14765)\nKeyword: PQ94086\nISS X-Force ID: 17382\n[CVE-2004-0786](https://vulners.com/cve/CVE-2004-0786)\n", "modified": "2004-09-15T12:53:10", "published": "2004-09-15T12:53:10", "href": "https://vulners.com/osvdb/OSVDB:9994", "id": "OSVDB:9994", "type": "osvdb", "title": "Apache HTTP Server apr-util IPV6 Parsing DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "cvelist": ["CVE-2004-0747"], "edition": 1, "description": "## Vulnerability Description\nApache HTTP Server and IBM HTTP Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when function ap_resolve_env() in server/util.c expands environment variable constructs from configuration files such as .htaccess or httpd.conf. For an attacker to exploit the flaw they would need to carefully craft malicious configuration files and have write access to the legitimate copies. This flaw may lead to a loss of confidentiality.\n## Solution Description\nUpgrade to version 2.0.51 or higher or apply the patch from IBM, as it has been reported to fix this vulnerability.\n## Short Description\nApache HTTP Server and IBM HTTP Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when function ap_resolve_env() in server/util.c expands environment variable constructs from configuration files such as .htaccess or httpd.conf. For an attacker to exploit the flaw they would need to carefully craft malicious configuration files and have write access to the legitimate copies. This flaw may lead to a loss of confidentiality.\n## References:\nVendor URL: http://httpd.apache.org/\nVendor URL: http://www.ibm.com/us/\nVendor Specific Solution URL: http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/CAN-2004-0747.patch\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?rs=177&uid=swg24007795)\n[Vendor Specific Advisory URL](http://www.apacheweek.com/features/security-20)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01090)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBOV01083)\nSecurity Tracker: 1011303\n[Secunia Advisory ID:13025](https://secuniaresearch.flexerasoftware.com/advisories/13025/)\n[Secunia Advisory ID:13027](https://secuniaresearch.flexerasoftware.com/advisories/13027/)\n[Secunia Advisory ID:12540](https://secuniaresearch.flexerasoftware.com/advisories/12540/)\n[Secunia Advisory ID:12922](https://secuniaresearch.flexerasoftware.com/advisories/12922/)\n[Related OSVDB ID: 9994](https://vulners.com/osvdb/OSVDB:9994)\nRedHat RHSA: RHSA-2004:463\nOther Advisory URL: http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-3404.txt\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:096\nOther Advisory URL: http://www.suse.de/de/security/2004_32_apache2.html\nOther Advisory URL: http://www.sitic.se/rad_och_rekommendationer/sa04-002.html\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200409-21.xml\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0501.html\nKeyword: PQ94086\nISS X-Force ID: 17384\n[CVE-2004-0747](https://vulners.com/cve/CVE-2004-0747)\n", "modified": "2004-09-15T12:54:16", "published": "2004-09-15T12:54:16", "href": "https://vulners.com/osvdb/OSVDB:9991", "id": "OSVDB:9991", "type": "osvdb", "title": "Apache HTTP Server ap_resolve_env Environment Variable Local Overflow", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:05", "bulletinFamily": "software", "cvelist": ["CVE-2004-0809"], "edition": 1, "description": "## Vulnerability Description\nApache mod_dav contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a particular sequence of LOCK requests and will result in loss of availability for the httpd child process.\n## Solution Description\nUpgrade to version 2.0.51-dev or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nApache mod_dav contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a particular sequence of LOCK requests and will result in loss of availability for the httpd child process.\n## References:\nVendor URL: http://www.lyra.org/greg/mod_dav/\nVendor Specific Solution URL: http://www.apacheweek.com/features/security-20\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01090)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?uid=swg21190212)\nSecurity Tracker: 1011248\n[Secunia Advisory ID:13025](https://secuniaresearch.flexerasoftware.com/advisories/13025/)\n[Secunia Advisory ID:12547](https://secuniaresearch.flexerasoftware.com/advisories/12547/)\n[Secunia Advisory ID:12577](https://secuniaresearch.flexerasoftware.com/advisories/12577/)\n[Secunia Advisory ID:12743](https://secuniaresearch.flexerasoftware.com/advisories/12743/)\n[Secunia Advisory ID:12527](https://secuniaresearch.flexerasoftware.com/advisories/12527/)\n[Secunia Advisory ID:12646](https://secuniaresearch.flexerasoftware.com/advisories/12646/)\n[Secunia Advisory ID:13243](https://secuniaresearch.flexerasoftware.com/advisories/13243/)\nRedHat RHSA: RHSA-2004:463\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200409-21.xml\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868\nOther Advisory URL: http://www.debian.org/security/2004/dsa-558\n[CVE-2004-0809](https://vulners.com/cve/CVE-2004-0809)\n", "modified": "2004-09-14T16:13:18", "published": "2004-09-14T16:13:18", "href": "https://vulners.com/osvdb/OSVDB:9948", "id": "OSVDB:9948", "type": "osvdb", "title": "mod_dav for Apache HTTP Server LOCK Request DoS", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T23:35:49", "description": "Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability. CVE-2004-0751. Dos exploit for linux platform", "published": "2004-09-10T00:00:00", "type": "exploitdb", "title": "Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0751"], "modified": "2004-09-10T00:00:00", "id": "EDB-ID:24590", "href": "https://www.exploit-db.com/exploits/24590/", "sourceData": "source: http://www.securityfocus.com/bid/11154/info\r\n\r\nApache 2.x mod_ssl is reported prone to a remote denial of service vulnerability. This issue likely exists because the application fails to handle exceptional conditions. The vulnerability originates in the 'char_buffer_read' function of the 'ssl_engine_io.c' file. \r\n\r\nIt is likely that this issue only results in a denial of service condition in child process. This BID will be updated as more information becomes available.\r\n\r\nApache 2.0.50 is reported to be affected by this issue, however, it is possible that other versions are vulnerable as well.\r\n\r\nWith the following configuration in httpd.conf:\r\nListen 47290\r\nSSLProxyEngine on\r\nRewriteEngine on\r\nRewriteRule /(.*) https://www.example.com/$1 [P]\r\n\r\nThe server may be crashed by issuing the following URI:\r\nhttp://www.example.com:47290/eRoomASP/CookieTest.asp?facility=facility&URL=%2FeRoom%2FFacility%2FRoom%2F0_4242", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/24590/"}], "httpd": [{"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2004-0751"], "description": "\n\nAn issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50\nwhich could be triggered if\nthe server is configured to allow proxying to a remote SSL server. A\nmalicious remote SSL server could force an httpd child process to crash by\nsending a carefully crafted response header. This issue is not believed to\nallow execution of arbitrary code and will only result in a denial\nof service where a threaded process model is in use.\n\n", "edition": 1, "modified": "2004-09-15T00:00:00", "published": "2004-07-07T00:00:00", "id": "HTTPD:46E4810FE9B02B1970314436CCC68D9E", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.51: Malicious SSL proxy can cause crash", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-12-24T14:26:52", "bulletinFamily": "software", "cvelist": ["CVE-2004-0751"], "description": "\n\nAn issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50\nwhich could be triggered if\nthe server is configured to allow proxying to a remote SSL server. A\nmalicious remote SSL server could force an httpd child process to crash by\nsending a carefully crafted response header. This issue is not believed to\nallow execution of arbitrary code and will only result in a denial\nof service where a threaded process model is in use.\n\n", "edition": 5, "modified": "2004-07-07T00:00:00", "published": "2004-07-07T00:00:00", "id": "HTTPD:13C285F77BE7E2D2180BC3CD56ACD3DE", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: Malicious SSL proxy can cause crash", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2004-0786"], "description": "\n\nTesting using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util library.\nIf a remote attacker sent a request including a carefully crafted URI, an\nhttpd child process could be made to crash. One some BSD systems it\nis believed this flaw may be able to lead to remote code execution.\n\n", "edition": 1, "modified": "2004-09-15T00:00:00", "published": "2004-08-25T00:00:00", "id": "HTTPD:F2854D56B4FE7591DFABBB5F99E48E1C", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.51: IPv6 URI parsing heap overflow", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-12-24T14:26:52", "bulletinFamily": "software", "cvelist": ["CVE-2004-0786"], "description": "\n\nTesting using the Codenomicon HTTP Test Tool performed by the Apache\nSoftware Foundation security group and Red Hat uncovered an input\nvalidation issue in the IPv6 URI parsing routines in the apr-util library.\nIf a remote attacker sent a request including a carefully crafted URI, an\nhttpd child process could be made to crash. One some BSD systems it\nis believed this flaw may be able to lead to remote code execution.\n\n", "edition": 5, "modified": "2004-09-15T00:00:00", "published": "2004-08-25T00:00:00", "id": "HTTPD:3CEA6CCB69756204EF98DE1CEC6D7A01", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: IPv6 URI parsing heap overflow", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2004-0747"], "description": "\n\nA buffer overflow was found in the\nexpansion of environment variables during configuration file parsing. This\nissue could allow a local user to gain the privileges of a httpd\nchild if a server can be forced to parse a carefully crafted .htaccess file \nwritten by a local user.\n\n", "edition": 1, "modified": "2004-09-15T00:00:00", "published": "2004-08-05T00:00:00", "id": "HTTPD:FA00EE6E5A32CC9AB0A435F425709933", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.51: Environment variable expansion flaw", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-12-24T14:26:52", "bulletinFamily": "software", "cvelist": ["CVE-2004-0747"], "description": "\n\nA buffer overflow was found in the\nexpansion of environment variables during configuration file parsing. This\nissue could allow a local user to gain the privileges of a httpd\nchild if a server can be forced to parse a carefully crafted .htaccess file \nwritten by a local user.\n\n", "edition": 5, "modified": "2004-09-15T00:00:00", "published": "2004-08-05T00:00:00", "id": "HTTPD:FF6707403F89E77CD90F095B4014299E", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: Environment variable expansion flaw", "type": "httpd", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2016-09-26T21:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2004-0809"], "description": "\n\nAn issue was discovered in the mod_dav module which could be triggered\nfor a location where WebDAV authoring access has been configured. A\nmalicious remote client which is authorized to use the LOCK method\ncould force an httpd child process to crash by sending a particular\nsequence of LOCK requests. This issue does not allow execution of\narbitrary code. and will only result in a denial of service where a\nthreaded process model is in use.\n\n", "edition": 1, "modified": "2004-09-15T00:00:00", "published": "2004-09-12T00:00:00", "id": "HTTPD:13D36299E5ED3B39307152B80814F2BB", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.51: WebDAV remote crash", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-12-24T14:26:52", "bulletinFamily": "software", "cvelist": ["CVE-2004-0809"], "description": "\n\nAn issue was discovered in the mod_dav module which could be triggered\nfor a location where WebDAV authoring access has been configured. A\nmalicious remote client which is authorized to use the LOCK method\ncould force an httpd child process to crash by sending a particular\nsequence of LOCK requests. This issue does not allow execution of\narbitrary code. and will only result in a denial of service where a\nthreaded process model is in use.\n\n", "edition": 5, "modified": "2004-09-12T00:00:00", "published": "2004-09-12T00:00:00", "id": "HTTPD:46997819411545865398807DEDBBDC96", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: WebDAV remote crash", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0786"], "description": "\nThe Apache Software Foundation Security Team discovered a\n\t programming error in the apr-util library function apr_uri_parse.\n\t When parsing IPv6 literal addresses, it is possible that a\n\t length is incorrectly calculated to be negative, and this\n\t value is passed to memcpy. This may result in an exploitable\n\t vulnerability on some platforms, including FreeBSD.\n", "edition": 4, "modified": "2004-09-15T00:00:00", "published": "2004-09-15T00:00:00", "id": "762D1C6D-0722-11D9-B45D-000C41E2CDAD", "href": "https://vuxml.freebsd.org/freebsd/762d1c6d-0722-11d9-b45d-000c41e2cdad.html", "title": "apache -- apr_uri_parse IPv6 address handling vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0747"], "description": "\nSITIC discovered a vulnerability in Apache 2's handling of\n\t environmental variable settings in the httpd configuration\n\t files (the main `httpd.conf' and `.htaccess' files).\n\t According to a SITIC advisory:\n\nThe buffer overflow occurs when expanding ${ENVVAR}\n\t constructs in .htaccess or httpd.conf files. The function\n\t ap_resolve_env() in server/util.c copies data from\n\t environment variables to the character array tmp with\n\t strcat(3), leading to a buffer overflow.\n\n", "edition": 4, "modified": "2004-09-15T00:00:00", "published": "2004-09-15T00:00:00", "id": "4D49F4BA-071F-11D9-B45D-000C41E2CDAD", "href": "https://vuxml.freebsd.org/freebsd/4d49f4ba-071f-11d9-b45d-000c41e2cdad.html", "title": "apache -- ap_resolve_env buffer overflow", "type": "freebsd", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0809"], "description": "\nA malicious user with DAV write privileges can trigger a null\n\t pointer dereference in the Apache mod_dav module. This\n\t could cause the server to become unavailable.\n", "edition": 4, "modified": "2004-09-15T00:00:00", "published": "2004-09-15T00:00:00", "id": "013FA252-0724-11D9-B45D-000C41E2CDAD", "href": "https://vuxml.freebsd.org/freebsd/013fa252-0724-11d9-b45d-000c41e2cdad.html", "title": "mod_dav -- lock related denial-of-service", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:10", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0748", "CVE-2004-0751"], "description": "\nThe Apache HTTP Server 2.0.51 release notes report that the\n\t following issues have been fixed:\n\nA segfault in mod_ssl which can be triggered by a\n\t malicious remote server, if proxying to SSL servers has\n\t been configured. [CAN-2004-0751]\nA potential infinite loop in mod_ssl which could be\n\t triggered given particular timing of a connection\n\t abort. [CAN-2004-0748]\n\n", "edition": 4, "modified": "2004-07-07T00:00:00", "published": "2004-07-07T00:00:00", "id": "7B81FC47-239F-11D9-814E-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/7b81fc47-239f-11d9-814e-0001020eed82.html", "title": "apache2 -- SSL remote DoS", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:43:50", "bulletinFamily": "info", "cvelist": ["CVE-2004-0747"], "description": "### Overview \n\nThere is a buffer overflow vulnerability in ap_resolve_env() function of Apache that could allow a local user to gain elevated privileges.\n\n### Description \n\nThe [Apache HTTP Server](<http://httpd.apache.org/>) is a freely available web server that runs on a variety of operating systems including Unix, Linux, and Microsoft Windows. The `ap_resolve_env()` function is responsible for expanding environment variables when parsing configurations files such as `.htaccess` or `httpd.conf`. There is a vulnerability in this function that could allow a local user to trigger a buffer overflow.\n\nThe Apache Software Foundation notes that in order to exploit this vulnerability, a local user would need to install the malicious configuration file on the server and force the server to parse this file. \n \n--- \n \n### Impact \n\nA local user with the ability to force a vulnerable to server to parse a malicious configuration file could gain elevated privileges. \n \n--- \n \n### Solution \n\n**Upgrade or Apply Patch** \nUpgrade or apply patch as specified by your vendor. This issue is resolved in Apache version 2.0.51. \n \n--- \n \n### Vendor Information\n\n481998\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apache __ Affected\n\nUpdated: September 17, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nPlease refer to the [Apache Security Announcement](<http://www.apache.org/dist/httpd/Announcement2.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23481998 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.apache.org/dist/httpd/Announcement2.html>\n * <http://www.uniras.gov.uk/vuls/2004/403518/index.htm>\n * <http://secunia.com/advisories/12540/>\n * <http://www.securitytracker.com/alerts/2004/Sep/1011303.html>\n * <http://rhn.redhat.com/errata/RHSA-2004-463.html>\n\n### Acknowledgements\n\nThis vulnerability was reported by the Swedish IT Incident Centre within the National Post and Telecom Agency (SITIC).\n\nThis document was written by Damon Morda.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2004-0747](<http://web.nvd.nist.gov/vuln/detail/CVE-2004-0747>) \n---|--- \n**Severity Metric:** | 3.38 \n**Date Public:** | 2004-09-15 \n**Date First Published:** | 2004-09-17 \n**Date Last Updated: ** | 2004-09-17 20:09 UTC \n**Document Revision: ** | 11 \n", "modified": "2004-09-17T20:09:00", "published": "2004-09-17T00:00:00", "id": "VU:481998", "href": "https://www.kb.cert.org/vuls/id/481998", "type": "cert", "title": "Apache vulnerable to buffer overflow when expanding environment variables", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:25", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0809"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 558-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 6th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : libapache-mod-dav\nVulnerability : null pointer dereference\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2004-0809\n\nJulian Reschke reported a problem in mod_dav of Apache 2 in connection\nwith a NULL pointer dereference. When running in a threaded model,\nespecially with Apache 2, a segmentation fault can take out a whole\nprocess and hence create a denial of service for the whole server.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.0.3-3.1.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of\nApache 2.\n\nWe recommend that you upgrade your mod_dav packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.dsc\n Size/MD5 checksum: 645 5b405cd8fe0471edd793343ef8237b26\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.diff.gz\n Size/MD5 checksum: 4523 94edc74f33414e93af4ca7fa849b3fb3\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3.orig.tar.gz\n Size/MD5 checksum: 185284 ba83f2aa6e13b216a11d465b82aab484\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_alpha.deb\n Size/MD5 checksum: 96522 7e5d5d2184629de6be880eb0650d7fd1\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_arm.deb\n Size/MD5 checksum: 81860 fbe2d647e0037436d710ee857c947a52\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_i386.deb\n Size/MD5 checksum: 80122 dfaab95268192557f711ab9fbd7f9f9b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_ia64.deb\n Size/MD5 checksum: 116596 bb369037b3d2ee0110c15d0b085a410b\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_hppa.deb\n Size/MD5 checksum: 90406 fc707743732c491c29bfdb21d469736f\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_m68k.deb\n Size/MD5 checksum: 80030 1b434a6598c06e23f3bb253867f59ae5\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mips.deb\n Size/MD5 checksum: 84944 a422f253d772ca1c2dae84bac0bb79ea\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mipsel.deb\n Size/MD5 checksum: 85094 4cf00ccacd87e2295af6618987950e13\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_powerpc.deb\n Size/MD5 checksum: 84516 853b2929e7f371e79f153f6c57414a1f\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_s390.deb\n Size/MD5 checksum: 82424 7f092c974abfe792278c925bdd345775\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_sparc.deb\n Size/MD5 checksum: 92438 77bdcf29501a581a1cb768af644c923b\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2004-10-06T00:00:00", "published": "2004-10-06T00:00:00", "id": "DEBIAN:DSA-558-1:36010", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00162.html", "title": "[SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:57:20", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0788", "CVE-2004-0786", "CVE-2004-0765", "CVE-2004-0747", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0784", "CVE-2004-0807", "CVE-2004-0718", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0494", "CVE-2004-0808", "CVE-2004-0782", "CVE-2004-0783", "CVE-2004-0597", "CVE-2004-0722", "CVE-2004-0832", "CVE-2004-0785", "CVE-2004-0759", "CVE-2004-0754", "CVE-2004-0763", "CVE-2004-0761"], "description": "The Apache daemon is running on most of the web-servers used in the Internet today. The Red Hat ASF Security-Team and the Swedish IT Incident Center within the National Post and Telecom Agency (SITIC) have found a bug in apache2 each. The first vulnerability appears in the apr_uri_parse() function while handling IPv6 addresses. The affected code passes a negative length argument to the memcpy() function. On BSD systems this can lead to remote command execution due to the nature of the memcpy() implementation. On Linux this bug will result in a remote denial-of-service condition. The second bug is a local buffer overflow that occurs while expanding ${ENVVAR} in the .htaccess and httpd.conf file. Both files are not writeable by normal user by default.\n#### Solution\nThere is no known workaround.", "edition": 1, "modified": "2004-09-15T15:46:39", "published": "2004-09-15T15:46:39", "id": "SUSE-SA:2004:032", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00011.html", "title": "remote denial-of-service in apache2", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0765", "CVE-2004-0762", "CVE-2004-0758", "CVE-2004-0718", "CVE-2004-0748", "CVE-2004-0764", "CVE-2004-0757", "CVE-2004-0597", "CVE-2004-0760", "CVE-2004-0722", "CVE-2004-0759", "CVE-2004-0751", "CVE-2004-0763", "CVE-2004-0761"], "description": "The mod_ssl apache module, as part of our apache2 package, enables the apache webserver to handle the HTTPS protocol. Within the mod_ssl module, two Denial of Service conditions in the input filter have been found. The CVE project assigned the identifiers CAN-2004-0748 and CAN-2004-0751 to these issues.\n#### Solution\nAs temporary workaround you may disable the mod_ssl module in your apache configuration and restart the apache process without SSL support.", "edition": 1, "modified": "2004-09-06T13:51:41", "published": "2004-09-06T13:51:41", "id": "SUSE-SA:2004:030", "href": "http://lists.opensuse.org/opensuse-security-announce/2004-09/msg00009.html", "title": "remote DoS condition in apache2", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}