Lucene search
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2013-0815.NASLHistoryMay 14, 2013 - 12:00 a.m.
RHEL 5 / 6 : httpd (RHSA-2013:0815)
2013-05-1400:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The Apache HTTP Server is a popular web server.
Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module’s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user’s manager interface session.
(CVE-2012-4558)
It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user.
(CVE-2013-1862)
Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim’s browser generate an HTTP request with a specially crafted Host header. (CVE-2012-3499)
All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:0815. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(66403);
script_version("1.28");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-3499", "CVE-2012-4558", "CVE-2013-1862");
script_bugtraq_id(58165);
script_xref(name:"RHSA", value:"2013:0815");
script_name(english:"RHEL 5 / 6 : httpd (RHSA-2013:0815)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated httpd packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The Apache HTTP Server is a popular web server.
Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module's manager web interface. If a remote attacker could trick a
user, who was logged into the manager web interface, into visiting a
specially crafted URL, it would lead to arbitrary web script execution
in the context of the user's manager interface session.
(CVE-2012-4558)
It was found that mod_rewrite did not filter terminal escape sequences
from its log file. If mod_rewrite was configured with the RewriteLog
directive, a remote attacker could use specially crafted HTTP requests
to inject terminal escape sequences into the mod_rewrite log file. If
a victim viewed the log file with a terminal emulator, it could result
in arbitrary command execution with the privileges of that user.
(CVE-2013-1862)
Cross-site scripting (XSS) flaws were found in the mod_info,
mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An
attacker could possibly use these flaws to perform XSS attacks if they
were able to make the victim's browser generate an HTTP request with a
specially crafted Host header. (CVE-2012-3499)
All httpd users should upgrade to these updated packages, which
contain backported patches to correct these issues. After installing
the updated packages, the httpd daemon will be restarted
automatically."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2013:0815"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2012-4558"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2013-1862"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2012-3499"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-manual");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mod_ssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/26");
script_set_attribute(attribute:"patch_publication_date", value:"2013/05/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2013:0815";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"httpd-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"httpd-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"httpd-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", reference:"httpd-debuginfo-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", reference:"httpd-devel-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"httpd-manual-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"httpd-manual-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"httpd-manual-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"mod_ssl-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"mod_ssl-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"mod_ssl-2.2.3-78.el5_9")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"httpd-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"httpd-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", reference:"httpd-debuginfo-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", reference:"httpd-devel-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", reference:"httpd-manual-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"httpd-tools-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"httpd-tools-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"httpd-tools-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"mod_ssl-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"mod_ssl-2.2.15-28.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"mod_ssl-2.2.15-28.el6_4")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc");
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | httpd | p-cpe:/a:redhat:enterprise_linux:httpd |
| redhat | enterprise_linux | httpd-debuginfo | p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo |
| redhat | enterprise_linux | httpd-devel | p-cpe:/a:redhat:enterprise_linux:httpd-devel |
| redhat | enterprise_linux | httpd-manual | p-cpe:/a:redhat:enterprise_linux:httpd-manual |
| redhat | enterprise_linux | httpd-tools | p-cpe:/a:redhat:enterprise_linux:httpd-tools |
| redhat | enterprise_linux | mod_ssl | p-cpe:/a:redhat:enterprise_linux:mod_ssl |
| redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
| redhat | enterprise_linux | 5.9 | cpe:/o:redhat:enterprise_linux:5.9 |
| redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
| redhat | enterprise_linux | 6.4 | cpe:/o:redhat:enterprise_linux:6.4 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
access.redhat.com/errata/RHSA-2013:0815
access.redhat.com/security/cve/cve-2012-3499
access.redhat.com/security/cve/cve-2012-4558
access.redhat.com/security/cve/cve-2013-1862
Related
openvas
openvas
CentOS Update for httpd CESA-2013:0815 centos5
2013-05-17 00:00:00
CentOS Update for httpd CESA-2013:0815 centos6
2013-05-17 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-193)
2015-09-08 00:00:00
nessus
nessus
CentOS 5 / 6 : httpd (CESA-2013:0815)
2013-05-14 00:00:00
Amazon Linux AMI : httpd (ALAS-2013-193)
2013-09-04 00:00:00
Amazon Linux AMI : httpd24 (ALAS-2013-194)
2013-09-04 00:00:00
oraclelinux
oraclelinux
httpd security update
2013-05-13 00:00:00
amazon
amazon
Medium: httpd
2013-05-24 13:56:00
Medium: httpd24
2013-05-24 13:57:00
Medium: httpd24
2013-03-26 21:29:00
veracode
veracode
Arbitrary Code Injection
2019-05-02 04:44:51
Cross-site Scripting (XSS)
2019-01-15 08:52:43
Remote Code Execution (RCE)
2019-01-15 08:57:06
redhat
redhat
(RHSA-2013:0815) Moderate: httpd security update
2013-05-13 00:00:00
centos
centos
httpd, mod_ssl security update
2013-05-13 22:32:03
fedora
fedora
[SECURITY] Fedora 18 Update: httpd-2.4.4-2.fc18
2013-04-01 03:30:25
f5
f5
SOL15865 - Apache HTTP server vulnerability CVE-2012-4558
2014-11-25 00:00:00
SOL15900 - Apache HTTP server vulnerability CVE-2012-3499
2014-12-10 00:00:00
K15900 : Apache HTTP server vulnerability CVE-2012-3499
2014-12-11 00:00:00
freebsd
freebsd
apache22 -- several vulnerabilities
2012-10-07 00:00:00
apache22 -- several vulnerabilities
2013-06-21 00:00:00
slackware
slackware
httpd
2013-03-03 15:02:33
securityvulns
securityvulns
Apache security vulnerabilities
2013-03-02 00:00:00
[ MDVSA-2013:015 ] apache
2013-03-02 00:00:00
Apache security vulnerabilities
2013-07-15 00:00:00
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DSA 2637-1] apache2 security update
2013-03-04 21:34:32
[SECURITY] [DSA 2637-1] apache2 security update
2013-03-04 21:34:32
osv
osv
apache2 - several
2013-03-04 00:00:00
hackerone
hackerone
Marktplaats: Multiple Apache 2.2.22 Vulnerabilities (XSS/ Code Exec/ DoS)
2015-06-09 17:47:58
Pornhub: SSRF & XSS (W3 Total Cache)
2016-05-14 01:22:59
U.S. Dept Of Defense: Out-of-date Version (Apache)
2016-11-24 15:09:27
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2013-03-18 00:00:00
Apache HTTP Server vulnerabilities
2013-07-15 00:00:00
prion
prion
Cross site scripting
2013-02-26 16:55:00
Cross site scripting
2013-02-26 16:55:00
Command injection
2013-06-10 17:55:00
cve
cve
seebug
seebug
Apache HTTP Server多个模块主机名和URI跨站脚本漏洞
2013-02-28 00:00:00
Apache HTTP Server balancer_handler函数跨站脚本漏洞(CVE-2012-4558)
2013-02-28 00:00:00
Apache HTTP Server日志内终端转义序列命令注入漏洞
2013-05-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTPD mod_proxy_balancer Cross Site Scripting (CVE-2012-4558)
2013-03-24 00:00:00
Apache HTTP Server mod_rewrite RewriteLog Command Execution - Ver2 (CVE-2013-1862)
2015-03-26 00:00:00
Apache HTTP Server mod_rewrite RewriteLog Command Execution (CVE-2013-1862)
2013-09-09 00:00:00
httpd
httpd
Apache Httpd < 2.4.4 : XSS due to unescaped hostnames
2012-07-11 00:00:00
Apache Httpd < 2.2.24 : XSS due to unescaped hostnames
2012-07-11 00:00:00
Apache Httpd < 2.4.4 : XSS in mod_proxy_balancer
2012-10-07 00:00:00
debiancve
debiancve
ibm
ibm
cisco
cisco
Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability
2013-05-30 19:48:16
mageia
mageia
Updated apache packages fix security vulnerabilities
2013-06-19 14:11:42
kaspersky
kaspersky
KLA10068 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00
KLA10065 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2013-09-23 00:00:00
suse
suse
Security update for apache2 (important)
2014-09-02 21:04:17
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
Related for REDHAT-RHSA-2013-0815.NASL