RHEL 6 : httpd (RHSA-2017:2972) (Optionsbleed)

2017-10-20T00:00:00

Description

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es) : * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) * A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171) Red Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.

{"id": "REDHAT-RHSA-2017-2972.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 6 : httpd (RHSA-2017:2972) (Optionsbleed)", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.\n(CVE-2017-12171)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.", "published": "2017-10-20T00:00:00", "modified": "2019-10-24T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://www.tenable.com/plugins/nessus/104006", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/errata/RHSA-2017:2972", "https://access.redhat.com/security/cve/cve-2017-12171", "https://access.redhat.com/security/cve/cve-2017-9798", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12171", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798"], "cvelist": ["CVE-2017-12171", "CVE-2017-9798"], "immutableFields": [], "lastseen": "2023-01-30T14:45:18", "viewCount": 65, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2017-896", "ALAS-2017-921"]}, {"type": "apple", "idList": ["APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201709-15"]}, {"type": "attackerkb", "idList": ["AKB:D0F5AA2A-4D99-41A6-9F83-6D0EA1AD01FC"]}, {"type": "avleonov", "idList": ["AVLEONOV:101A90D5F21CD7ACE01781C2913D1B6D"]}, {"type": "centos", "idList": ["CESA-2017:2882", "CESA-2017:2972"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0774", "CPAI-2017-0896"]}, {"type": "cve", "idList": ["CVE-2017-12171", "CVE-2017-9798"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1102-1:511F7", "DEBIAN:DLA-1102-1:7F277", "DEBIAN:DSA-3980-1:6FBEB", "DEBIAN:DSA-3980-1:C7ED3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-12171", "DEBIANCVE:CVE-2017-9798"]}, {"type": "exploitdb", "idList": ["EDB-ID:42745"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D"]}, {"type": "f5", "idList": ["F5:K68804133", "F5:K70084351"]}, {"type": "fedora", "idList": ["FEDORA:092E9605F081", "FEDORA:63AEC601CFBA", "FEDORA:A9847604E850"]}, {"type": "freebsd", "idList": ["76B085E2-9D33-11E7-9260-000C292EE6B8"]}, {"type": "gentoo", "idList": ["GLSA-201710-32"]}, {"type": "hackerone", "idList": ["H1:269568"]}, {"type": "httpd", "idList": ["HTTPD:6236A32987BAE49DFBF020477B1278DD", "HTTPD:7DDAAFDB1FD8B2E7FD36ADABA5DB6DAA"]}, {"type": "ibm", "idList": ["0EB149242AF86C92359FD2819FE5CA2FA94AAA9A6E3A7381956968DD540CEF70", "12C657CCB040A2D71F5E7B37692A10A6A4BAA07FBFEAADA8E6F9A5BCFCFD9FAB", "1D18DE555FB91F29F8BBC3532E15A21A7A5DE61EF8C2DB29C73E6BDCF4F0E604", "21781046737819F9BECB0172803EAC75FA331A489C94879B0B9D69C572F33FCF", "381B76F53A26572A7C476380F44421473D669346B3F00F995B318188F2D2B793", "59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1", "75AE9D4CB9FE02C082FC4424DBD420EA2EAC4CD4BCE0C4E376DC8DEE1119F8D3", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "825B52995DBE90672BBA09CCFBDD51925814B984495E8E740D466D1C921FE61C", "86D355F68F85D65B3FD45457F96CAF7864164018AA27439D7F53F3145DFF6AB4", "91C10A77460E47F53661352C6380E6E959F0A94B552C3AE3314BBEC480C0AD09", "94533C1AEDE627C97E171FC1339661B263CF1EA6678274080F922CA0E372274C", "99C4FE5226D6D4C3DFB065D997F2D2D168A50F2B090813B4AFFCC6BF971F9576", "B37FB96EE4FA4B06328DA641D49120233F6F6FC031E87E5A21A71F34BB882B42", "C52E4F43633A26DE3EC912F6665C082BAA08696723A69DA841FA0065F135AD79", "CF5AE1AC4D7F12352FB77F91CC5048FC41163311A15377504B06C6A053ADC4D7", "E321CD2FAD2352A58756D698FB9F6AEEA2D5866CC41E10025794D036A188BF76", "E515D9AE5ED3FEB7BDBAF35D90286D2E963A5E50F83A19555DC0BA545BE5A8E7"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837"]}, {"type": "mageia", "idList": ["MGASA-2018-0007", "MGASA-2018-0009"]}, {"type": "nessus", "idList": ["700513.PRM", "ALA_ALAS-2017-896.NASL", "ALA_ALAS-2017-921.NASL", "APACHE_2_4_28.NASL", "CENTOS_RHSA-2017-2882.NASL", "CENTOS_RHSA-2017-2972.NASL", "DEBIAN_DLA-1102.NASL", "DEBIAN_DSA-3980.NASL", "EULEROS_SA-2017-1252.NASL", "EULEROS_SA-2017-1253.NASL", "EULEROS_SA-2019-1389.NASL", "EULEROS_SA-2019-1419.NASL", "FEDORA_2017-A52F252521.NASL", "FEDORA_2017-FDD3A98E8F.NASL", "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "GENTOO_GLSA-201710-32.NASL", "IBM_HTTP_SERVER_298437.NASL", "JUNIPER_SPACE_JSA_10838.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_13_2.NASL", "NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL", "NEWSTART_CGSL_NS-SA-2019-0156_HTTPD.NASL", "OPENSUSE-2017-1083.NASL", "OPENSUSE-2018-389.NASL", "ORACLELINUX_ELSA-2017-2882.NASL", "ORACLELINUX_ELSA-2017-2972.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "REDHAT-RHSA-2017-2882.NASL", "REDHAT-RHSA-2017-3113.NASL", "REDHAT-RHSA-2017-3193.NASL", "REDHAT-RHSA-2017-3194.NASL", "REDHAT-RHSA-2017-3195.NASL", "REDHAT-RHSA-2017-3240.NASL", "REDHAT-RHSA-2017-3476.NASL", "REDHAT-RHSA-2017-3477.NASL", "SLACKWARE_SSA_2017-261-01.NASL", "SL_20171011_HTTPD_ON_SL7_X.NASL", "SL_20171019_HTTPD_ON_SL6_X.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_SU-2017-2542-1.NASL", "SUSE_SU-2017-2718-1.NASL", "SUSE_SU-2017-2756-1.NASL", "SUSE_SU-2017-2907-1.NASL", "UBUNTU_USN-3425-1.NASL", "VIRTUOZZO_VZLSA-2017-2972.NASL", "WEB_APPLICATION_SCANNING_98913"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108252", "OPENVAS:1361412562310112048", "OPENVAS:1361412562310703980", "OPENVAS:1361412562310812035", "OPENVAS:1361412562310812045", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310843313", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310873446", "OPENVAS:1361412562310874436", "OPENVAS:1361412562310882784", "OPENVAS:1361412562310882791", "OPENVAS:1361412562310891102", "OPENVAS:1361412562311220171252", "OPENVAS:1361412562311220171253", "OPENVAS:1361412562311220191389", "OPENVAS:1361412562311220191419"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJUL2018", "ORACLE:CPUOCT2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2882", "ELSA-2017-2972"]}, {"type": "osv", "idList": ["OSV:DLA-1102-1", "OSV:DSA-3980-1"]}, {"type": "photon", "idList": ["PHSA-2017-0077"]}, {"type": "redhat", "idList": ["RHSA-2017:2882", "RHSA-2017:2972", "RHSA-2017:3018", "RHSA-2017:3113", "RHSA-2017:3114", "RHSA-2017:3193", "RHSA-2017:3194", "RHSA-2017:3195", "RHSA-2017:3239", "RHSA-2017:3240", "RHSA-2017:3475", "RHSA-2017:3476", "RHSA-2017:3477"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-12171", "RH:CVE-2017-9798"]}, {"type": "seebug", "idList": ["SSV:96537"]}, {"type": "slackware", "idList": ["SSA-2017-261-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1057-1"]}, {"type": "symantec", "idList": ["SMNTC-1457"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A5BD476BF79F7E3854840596F916518C"]}, {"type": "ubuntu", "idList": ["USN-3425-1", "USN-3425-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-12171", "UB:CVE-2017-9798"]}, {"type": "zdt", "idList": ["1337DAY-ID-28573"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-896", "ALAS-2017-921"]}, {"type": "apple", "idList": ["APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201709-15"]}, {"type": "attackerkb", "idList": ["AKB:D0F5AA2A-4D99-41A6-9F83-6D0EA1AD01FC"]}, {"type": "avleonov", "idList": ["AVLEONOV:101A90D5F21CD7ACE01781C2913D1B6D"]}, {"type": "centos", "idList": ["CESA-2017:2882", "CESA-2017:2972"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0774", "CPAI-2017-0896"]}, {"type": "cve", "idList": ["CVE-2017-9798"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1102-1:7F277", "DEBIAN:DSA-3980-1:C7ED3"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-12171", "DEBIANCVE:CVE-2017-9798"]}, {"type": "exploitdb", "idList": ["EDB-ID:42745"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D"]}, {"type": "f5", "idList": ["F5:K70084351"]}, {"type": "fedora", "idList": ["FEDORA:092E9605F081", "FEDORA:63AEC601CFBA", "FEDORA:A9847604E850"]}, {"type": "freebsd", "idList": ["76B085E2-9D33-11E7-9260-000C292EE6B8"]}, {"type": "gentoo", "idList": ["GLSA-201710-32"]}, {"type": "hackerone", "idList": ["H1:269568"]}, {"type": "httpd", "idList": ["HTTPD:7DDAAFDB1FD8B2E7FD36ADABA5DB6DAA"]}, {"type": "ibm", "idList": ["59AFB6B22B3D21FAFDC933DA29973F4C6887013B5320E839F5B0B140E8DDA7D1"]}, {"type": "kitploit", "idList": ["KITPLOIT:5052987141331551837"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/APACHE_OPTIONSBLEED"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-896.NASL", "CENTOS_RHSA-2017-2882.NASL", "CENTOS_RHSA-2017-2972.NASL", "DEBIAN_DLA-1102.NASL", "DEBIAN_DSA-3980.NASL", "FEDORA_2017-A52F252521.NASL", "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "GENTOO_GLSA-201710-32.NASL", "OPENSUSE-2017-1083.NASL", "OPENSUSE-2018-389.NASL", "ORACLELINUX_ELSA-2017-2882.NASL", "ORACLELINUX_ELSA-2017-2972.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "REDHAT-RHSA-2017-2882.NASL", "SLACKWARE_SSA_2017-261-01.NASL", "SL_20171011_HTTPD_ON_SL7_X.NASL", "SL_20171019_HTTPD_ON_SL6_X.NASL", "SUSE_SU-2017-2542-1.NASL", "SUSE_SU-2017-2718-1.NASL", "SUSE_SU-2017-2756-1.NASL", "UBUNTU_USN-3425-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108252", "OPENVAS:1361412562310703980", "OPENVAS:1361412562310812045", "OPENVAS:1361412562310843313", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310873446", "OPENVAS:1361412562310874436", "OPENVAS:1361412562310882791"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2882", "ELSA-2017-2972"]}, {"type": "photon", "idList": ["PHSA-2017-0077"]}, {"type": "redhat", "idList": ["RHSA-2017:2882"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-12171"]}, {"type": "seebug", "idList": ["SSV:96537"]}, {"type": "slackware", "idList": ["SSA-2017-261-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1057-1"]}, {"type": "symantec", "idList": ["SMNTC-1457"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:A5BD476BF79F7E3854840596F916518C"]}, {"type": "ubuntu", "idList": ["USN-3425-1", "USN-3425-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-12171"]}, {"type": "zdt", "idList": ["1337DAY-ID-28573"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-12171", "epss": "0.002190000", "percentile": "0.580610000", "modified": "2023-03-14"}, {"cve": "CVE-2017-9798", "epss": "0.974640000", "percentile": "0.999170000", "modified": "2023-03-14"}], "vulnersScore": -0.1}, "_state": {"dependencies": 1675089973, "score": 1675090009, "epss": 1678845721}, "_internal": {"score_hash": "e081c1d421fbca1b39fb41bee04f3414"}, "pluginID": "104006", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2972. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104006);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-12171\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2972\");\n\n script_name(english:\"RHEL 6 : httpd (RHSA-2017:2972) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version\nof httpd, causing comments in the 'Allow' and 'Deny' configuration\nlines to be parsed incorrectly. A web administrator could\nunintentionally allow any client to access a restricted HTTP resource.\n(CVE-2017-12171)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798\nand KAWAHARA Masashi for reporting CVE-2017-12171.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2972\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-debuginfo-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-devel-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"httpd-manual-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"httpd-tools-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"httpd-tools-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_ssl-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_ssl-2.2.15-60.el6_9.6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.15-60.el6_9.6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:6"], "solution": "Update the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "vendor_cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "vpr": {"risk factor": "Medium", "score": "4.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2017-10-19T00:00:00", "vulnerabilityPublicationDate": "2017-09-18T00:00:00", "exploitableWith": []}

{"oraclelinux": [{"lastseen": "2021-07-30T06:24:54", "description": "[2.2.15-60.0.1.6]\n- replace index.html with Oracle's index page oracle_index.html\n- update vstring in specfile\n[2.2.15-60.6]\n- Resolves: #1493061 - CVE-2017-9798 httpd: various flaws", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-19T00:00:00", "type": "oraclelinux", "title": "httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171", "CVE-2017-9798"], "modified": "2017-10-19T00:00:00", "id": "ELSA-2017-2972", "href": "http://linux.oracle.com/errata/ELSA-2017-2972.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-07-28T14:25:00", "description": "[2.4.6-67.0.1.el7_4.5]\n- replace index.html with Oracle's index page oracle_index.html\n[2.4.6-67.5]\n- Resolves: #1493064 - CVE-2017-9798 httpd: Use-after-free by limiting\n unregistered HTTP method", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-11T00:00:00", "type": "oraclelinux", "title": "httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-10-11T00:00:00", "id": "ELSA-2017-2882", "href": "http://linux.oracle.com/errata/ELSA-2017-2882.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-01-29T14:42:37", "description": "Security Fix(es) :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n - A regression was found in the Scientific Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-20T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20171019) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171", "CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171019_HTTPD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/104007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104007);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-12171\", \"CVE-2017-9798\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20171019) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A use-after-free flaw was found in the way httpd handled\n invalid and previously unregistered HTTP methods\n specified in the Limit directive used in an .htaccess\n file. A remote attacker could possibly use this flaw to\n disclose portions of the server memory, or cause httpd\n child process to crash. (CVE-2017-9798)\n\n - A regression was found in the Scientific Linux 6.9\n version of httpd, causing comments in the 'Allow' and\n 'Deny' configuration lines to be parsed incorrectly. A\n web administrator could unintentionally allow any client\n to access a restricted HTTP resource. (CVE-2017-12171)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=12001\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b44b9094\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"httpd-2.2.15-60.el6_9.6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-debuginfo-2.2.15-60.el6_9.6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-devel-2.2.15-60.el6_9.6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-manual-2.2.15-60.el6_9.6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"httpd-tools-2.2.15-60.el6_9.6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mod_ssl-2.2.15-60.el6_9.6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-29T14:42:40", "description": "From Red Hat Security Advisory 2017:2972 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.\n(CVE-2017-12171)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-20T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : httpd (ELSA-2017-2972) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171", "CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2017-2972.NASL", "href": "https://www.tenable.com/plugins/nessus/104002", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2972 and \n# Oracle Linux Security Advisory ELSA-2017-2972 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104002);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-12171\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2972\");\n\n script_name(english:\"Oracle Linux 6 : httpd (ELSA-2017-2972) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2972 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version\nof httpd, causing comments in the 'Allow' and 'Deny' configuration\nlines to be parsed incorrectly. A web administrator could\nunintentionally allow any client to access a restricted HTTP resource.\n(CVE-2017-12171)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798\nand KAWAHARA Masashi for reporting CVE-2017-12171.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007268.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"httpd-2.2.15-60.0.1.el6_9.6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-devel-2.2.15-60.0.1.el6_9.6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-manual-2.2.15-60.0.1.el6_9.6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"httpd-tools-2.2.15-60.0.1.el6_9.6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"mod_ssl-2.2.15-60.0.1.el6_9.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-29T14:43:19", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.\n(CVE-2017-12171)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-23T00:00:00", "type": "nessus", "title": "CentOS 6 : httpd (CESA-2017:2972) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171", "CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2017-2972.NASL", "href": "https://www.tenable.com/plugins/nessus/104053", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2972 and \n# CentOS Errata and Security Advisory 2017:2972 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104053);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-12171\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2972\");\n\n script_name(english:\"CentOS 6 : httpd (CESA-2017:2972) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version\nof httpd, causing comments in the 'Allow' and 'Deny' configuration\nlines to be parsed incorrectly. A web administrator could\nunintentionally allow any client to access a restricted HTTP resource.\n(CVE-2017-12171)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798\nand KAWAHARA Masashi for reporting CVE-2017-12171.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022601.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?606f1793\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12171\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-2.2.15-60.el6.centos.6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-devel-2.2.15-60.el6.centos.6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-manual-2.2.15-60.el6.centos.6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"httpd-tools-2.2.15-60.el6.centos.6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"mod_ssl-2.2.15-60.el6.centos.6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ssl\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-29T15:27:47", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.\n(CVE-2017-12171)\n\nRed Hat would like to thank Hanno BAPck for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2972)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171", "CVE-2017-9798"], "modified": "2022-05-26T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:httpd", "p-cpe:/a:virtuozzo:virtuozzo:httpd-devel", "p-cpe:/a:virtuozzo:virtuozzo:httpd-manual", "p-cpe:/a:virtuozzo:virtuozzo:httpd-tools", "p-cpe:/a:virtuozzo:virtuozzo:mod_ssl", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2017-2972.NASL", "href": "https://www.tenable.com/plugins/nessus/119234", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119234);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/26\");\n\n script_cve_id(\"CVE-2017-9798\", \"CVE-2017-12171\");\n\n script_name(english:\"Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2972)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version\nof httpd, causing comments in the 'Allow' and 'Deny' configuration\nlines to be parsed incorrectly. A web administrator could\nunintentionally allow any client to access a restricted HTTP resource.\n(CVE-2017-12171)\n\nRed Hat would like to thank Hanno BAPck for reporting CVE-2017-9798\nand KAWAHARA Masashi for reporting CVE-2017-12171.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-2972.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1f4b306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:2972\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd / httpd-devel / httpd-manual / httpd-tools / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12171\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-9798\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.2.15-60.vl6.6\",\n \"httpd-devel-2.2.15-60.vl6.6\",\n \"httpd-manual-2.2.15-60.vl6.6\",\n \"httpd-tools-2.2.15-60.vl6.6\",\n \"mod_ssl-2.2.15-60.vl6.6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-01T15:24:01", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by a vulnerability:\n\n - A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the Allow and Deny configuration lines to be parsed incorrectly.\n A web administrator could unintentionally allow any client to access a restricted HTTP resource.\n (CVE-2017-12171)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : httpd Vulnerability (NS-SA-2019-0156)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0156_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/127433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0156. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127433);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-12171\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : httpd Vulnerability (NS-SA-2019-0156)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by a\nvulnerability:\n\n - A regression was found in the Red Hat Enterprise Linux\n 6.9 version of httpd, causing comments in the Allow\n and Deny configuration lines to be parsed incorrectly.\n A web administrator could unintentionally allow any\n client to access a restricted HTTP resource.\n (CVE-2017-12171)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0156\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12171\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"httpd-2.2.15-69.el6.centos\",\n \"httpd-debuginfo-2.2.15-69.el6.centos\",\n \"httpd-devel-2.2.15-69.el6.centos\",\n \"httpd-manual-2.2.15-69.el6.centos\",\n \"httpd-tools-2.2.15-69.el6.centos\",\n \"mod_ssl-2.2.15-69.el6.centos\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-03T15:06:01", "description": "Hash (#) character matches all IPs :\n\nA regression was found in httpd, causing comments in the 'Allow' and 'Deny' configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2017-11-06T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd (ALAS-2017-921)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171"], "modified": "2018-09-24T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-921.NASL", "href": "https://www.tenable.com/plugins/nessus/104395", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-921.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104395);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/09/24 9:27:18\");\n\n script_cve_id(\"CVE-2017-12171\");\n script_xref(name:\"ALAS\", value:\"2017-921\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2017-921)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hash (#) character matches all IPs :\n\nA regression was found in httpd, causing comments in the 'Allow' and\n'Deny' configuration lines to be parsed incorrectly. A web\nadministrator could unintentionally allow any client to access a\nrestricted HTTP resource. (CVE-2017-12171)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-921.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.34-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.34-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.34-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.34-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.34-1.16.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.34-1.16.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-29T14:41:48", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-21T00:00:00", "type": "nessus", "title": "Debian DSA-3980-1 : apache2 - security update (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3980.NASL", "href": "https://www.tenable.com/plugins/nessus/103364", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3980. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103364);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"DSA\", value:\"3980\");\n\n script_name(english:\"Debian DSA-3980-1 : apache2 - security update (Optionsbleed)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/apache2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3980\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the apache2 packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"apache2\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-bin\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-data\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-dbg\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-dev\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-doc\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-event\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-itk\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-mpm-worker\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2-utils\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2.2-bin\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"apache2.2-common\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-macro\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libapache2-mod-proxy-html\", reference:\"2.4.10-10+deb8u11\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-bin\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-data\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dbg\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-dev\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-doc\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-ssl-dev\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-custom\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-suexec-pristine\", reference:\"2.4.25-3+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"apache2-utils\", reference:\"2.4.25-3+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:16", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2017:2882) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/103804", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2882. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103804);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2882\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2017:2882) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2882\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"httpd-manual-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_session-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-67.el7.5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7.5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:16", "description": "This update for apache2 fixes one issues. This security issue was fixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2718-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2718-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2718-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103833);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2718-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes one issues. This security issue was\nfixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172718-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3bb4ad6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2017-1682=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2017-1682=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-1682=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-debuginfo-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-debugsource-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-example-pages-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-prefork-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-prefork-debuginfo-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-utils-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-utils-debuginfo-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-worker-2.4.16-20.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"apache2-worker-debuginfo-2.4.16-20.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T15:04:05", "description": "This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why wouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : httpd (2017-fdd3a98e8f) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-FDD3A98E8F.NASL", "href": "https://www.tenable.com/plugins/nessus/106018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-fdd3a98e8f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106018);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"FEDORA\", value:\"2017-fdd3a98e8f\");\n\n script_name(english:\"Fedora 27 : httpd (2017-fdd3a98e8f) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a release fixing a security fix applied upstream, known as\n'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why\nwouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-fdd3a98e8f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"httpd-2.4.27-8.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:17", "description": "According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1253)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1253.NASL", "href": "https://www.tenable.com/plugins/nessus/104278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104278);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9798\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1253)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the httpd packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1253\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97163687\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-45.0.1.4.h5\",\n \"httpd-devel-2.4.6-45.0.1.4.h5\",\n \"httpd-manual-2.4.6-45.0.1.4.h5\",\n \"httpd-tools-2.4.6-45.0.1.4.h5\",\n \"mod_ssl-2.4.6-45.0.1.4.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:22", "description": "Hanno Bock discovered that the Apache HTTP Server incorrectly handled Limit directives in .htaccess files. In certain configurations, a remote attacker could possibly use this issue to read arbitrary server memory, including sensitive information. This issue is known as Optionsbleed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : apache2 vulnerability (USN-3425-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3425-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103356", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3425-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103356);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"USN\", value:\"3425-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : apache2 vulnerability (USN-3425-1) (Optionsbleed)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Hanno Bock discovered that the Apache HTTP Server incorrectly handled\nLimit directives in .htaccess files. In certain configurations, a\nremote attacker could possibly use this issue to read arbitrary server\nmemory, including sensitive information. This issue is known as\nOptionsbleed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3425-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected apache2-bin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.7-1ubuntu4.18\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.18-2ubuntu3.5\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.25-3ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-bin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:31", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of .htaccess files by the Apache HTTP Server could result in memory disclosure.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "Debian DLA-1102-1 : apache2 security update (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "p-cpe:/a:debian:debian_linux:apache2-dbg", "p-cpe:/a:debian:debian_linux:apache2-doc", "p-cpe:/a:debian:debian_linux:apache2-mpm-event", "p-cpe:/a:debian:debian_linux:apache2-mpm-itk", "p-cpe:/a:debian:debian_linux:apache2-mpm-prefork", "p-cpe:/a:debian:debian_linux:apache2-mpm-worker", "p-cpe:/a:debian:debian_linux:apache2-prefork-dev", "p-cpe:/a:debian:debian_linux:apache2-suexec", "p-cpe:/a:debian:debian_linux:apache2-suexec-custom", "p-cpe:/a:debian:debian_linux:apache2-threaded-dev", "p-cpe:/a:debian:debian_linux:apache2-utils", "p-cpe:/a:debian:debian_linux:apache2.2-bin", "p-cpe:/a:debian:debian_linux:apache2.2-common", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1102.NASL", "href": "https://www.tenable.com/plugins/nessus/103389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1102-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103389);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"Debian DLA-1102-1 : apache2 security update (Optionsbleed)\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/apache2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"apache2\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-dbg\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-doc\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2-utils\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-bin\", reference:\"2.2.22-13+deb7u12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"apache2.2-common\", reference:\"2.2.22-13+deb7u12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:31", "description": "This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (openSUSE-2017-1083) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-debuginfo", "p-cpe:/a:novell:opensuse:apache2-debugsource", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-event", "p-cpe:/a:novell:opensuse:apache2-event-debuginfo", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-utils-debuginfo", "p-cpe:/a:novell:opensuse:apache2-worker", "p-cpe:/a:novell:opensuse:apache2-worker-debuginfo", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/103399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1083.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103399);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"openSUSE Security Update : apache2 (openSUSE-2017-1083) (Optionsbleed)\");\n script_summary(english:\"Check for the openSUSE-2017-1083 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058).\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-event-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-debugsource-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-devel-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-event-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-event-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-example-pages-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-prefork-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-prefork-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-utils-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-utils-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-worker-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"apache2-worker-debuginfo-2.4.23-8.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-debugsource-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-devel-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-event-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-example-pages-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-prefork-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-utils-debuginfo-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-2.4.23-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"apache2-worker-debuginfo-2.4.23-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-debuginfo / apache2-debugsource / apache2-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:58", "description": "This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2542-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2542-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2542-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103413);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2542-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes the following security issue :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172542-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e60e3183\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1572=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1572=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1572=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1572=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1572=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-debugsource-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-example-pages-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-prefork-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-prefork-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-utils-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-utils-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-worker-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"apache2-worker-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-debugsource-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-example-pages-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-prefork-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-prefork-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-utils-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-utils-debuginfo-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-worker-2.4.23-29.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"apache2-worker-debuginfo-2.4.23-29.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:45", "description": "This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why wouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-25T00:00:00", "type": "nessus", "title": "Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-A52F252521.NASL", "href": "https://www.tenable.com/plugins/nessus/103438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-a52f252521.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103438);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"FEDORA\", value:\"2017-a52f252521\");\n\n script_name(english:\"Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is a release fixing a security fix applied upstream, known as\n'optionsbleed' in popular parlance.\n\nIt is relevant for hosted and co-located instances of Fedora (and why\nwouldn't you?).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a52f252521\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"httpd-2.4.27-3.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:37", "description": "Security Fix(es) :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL7.x x86_64 (20171011) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:httpd", "p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo", "p-cpe:/a:fermilab:scientific_linux:httpd-devel", "p-cpe:/a:fermilab:scientific_linux:httpd-manual", "p-cpe:/a:fermilab:scientific_linux:httpd-tools", "p-cpe:/a:fermilab:scientific_linux:mod_ldap", "p-cpe:/a:fermilab:scientific_linux:mod_proxy_html", "p-cpe:/a:fermilab:scientific_linux:mod_session", "p-cpe:/a:fermilab:scientific_linux:mod_ssl", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20171011_HTTPD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/103806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103806);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL7.x x86_64 (20171011) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A use-after-free flaw was found in the way httpd handled\n invalid and previously unregistered HTTP methods\n specified in the Limit directive used in an .htaccess\n file. A remote attacker could possibly use this flaw to\n disclose portions of the server memory, or cause httpd\n child process to crash. (CVE-2017-9798)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=9988\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e195877f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"httpd-manual-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7_4.5\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7_4.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-30T14:45:02", "description": "From Red Hat Security Advisory 2017:2882 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : httpd (ELSA-2017-2882) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:httpd-tools", "p-cpe:/a:oracle:linux:mod_ldap", "p-cpe:/a:oracle:linux:mod_proxy_html", "p-cpe:/a:oracle:linux:mod_session", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/103803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2882 and \n# Oracle Linux Security Advisory ELSA-2017-2882 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103803);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2882\");\n\n script_name(english:\"Oracle Linux 7 : httpd (ELSA-2017-2882) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2882 :\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007263.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.0.1.el7_4.5\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.0.1.el7_4.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:31", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "nessus", "title": "CentOS 7 : httpd (CESA-2017:2882) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:httpd-tools", "p-cpe:/a:centos:centos:mod_ldap", "p-cpe:/a:centos:centos:mod_proxy_html", "p-cpe:/a:centos:centos:mod_session", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-2882.NASL", "href": "https://www.tenable.com/plugins/nessus/103790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2882 and \n# CentOS Errata and Security Advisory 2017:2882 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103790);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:2882\");\n\n script_name(english:\"CentOS 7 : httpd (CESA-2017:2882) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-October/022565.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68e97394\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9798\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-manual-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-67.el7.centos.5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-67.el7.centos.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-tools / mod_ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:45", "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-261-01.NASL", "href": "https://www.tenable.com/plugins/nessus/103306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-261-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103306);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"SSA\", value:\"2017-261-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.551634\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bf69bb8a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"i486\", pkgnum:\"2_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"i486\", pkgnum:\"2_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"i486\", pkgnum:\"2_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.34\", pkgarch:\"x86_64\", pkgnum:\"2_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i486\", pkgnum:\"2_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i486\", pkgnum:\"2_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i586\", pkgnum:\"2_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"2_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"i586\", pkgnum:\"3\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.4.27\", pkgarch:\"x86_64\", pkgnum:\"3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:22", "description": "The Fuzzing Project reports :\n\nApache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-20T00:00:00", "type": "nessus", "title": "FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache22", "p-cpe:/a:freebsd:freebsd:apache24", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_76B085E29D3311E79260000C292EE6B8.NASL", "href": "https://www.tenable.com/plugins/nessus/103344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103344);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-9798\");\n\n script_name(english:\"FreeBSD : Apache -- HTTP OPTIONS method can leak server memory (76b085e2-9d33-11e7-9260-000c292ee6b8) (Optionsbleed)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Fuzzing Project reports :\n\nApache httpd allows remote attackers to read secret data from process\nmemory if the Limit directive can be set in a user's .htaccess file,\nor if httpd.conf has certain misconfigurations, aka Optionsbleed. This\naffects the Apache HTTP Server through 2.2.34 and 2.4.x through\n2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request\nwhen attempting to read secret data. This is a use-after-free issue\nand thus secret data is not always sent, and the specific data depends\non many factors including configuration. Exploitation with .htaccess\ncan be blocked with a patch to the ap_limit_section function in\nserver/core.c.\"\n );\n # https://vuxml.freebsd.org/freebsd/76b085e2-9d33-11e7-9260-000c292ee6b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a9655b5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache24<2.4.27_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache22<2.2.34_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-23T14:56:26", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the <Limit {method}> directive in an .htaccess file.\n\nNote that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-09T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2023-03-14T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"], "id": "WEB_APPLICATION_SCANNING_98913", "href": "https://www.tenable.com/plugins/was/98913", "sourceData": "No source data", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:43:30", "description": "According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1252)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-devel", "p-cpe:/a:huawei:euleros:httpd-manual", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1252.NASL", "href": "https://www.tenable.com/plugins/nessus/104277", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104277);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-9798\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1252)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the httpd packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1252\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d09c3870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-45.0.1.4.h8\",\n \"httpd-devel-2.4.6-45.0.1.4.h8\",\n \"httpd-manual-2.4.6-45.0.1.4.h8\",\n \"httpd-tools-2.4.6-45.0.1.4.h8\",\n \"mod_ssl-2.4.6-45.0.1.4.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:41:58", "description": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration.(CVE-2017-9798)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd-tools", "p-cpe:/a:amazon:linux:httpd24", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:mod24_ssl", "p-cpe:/a:amazon:linux:mod_ssl", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-896.NASL", "href": "https://www.tenable.com/plugins/nessus/103309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-896.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103309);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_xref(name:\"ALAS\", value:\"2017-896\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache httpd allows remote attackers to read secret data from process\nmemory if the Limit directive can be set in a user's .htaccess file,\nor if httpd.conf has certain misconfigurations, aka Optionsbleed. The\nattacker sends an unauthenticated OPTIONS HTTP request when attempting\nto read secret data. This is a use-after-free issue and thus secret\ndata is not always sent, and the specific data depends on many factors\nincluding configuration.(CVE-2017-9798)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-896.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update httpd24' to update your system.\n\nRun 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.34-1.15.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-debuginfo-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-devel-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-manual-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-tools-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ldap-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_proxy_html-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_session-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ssl-2.4.27-3.73.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.34-1.15.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-29T14:42:37", "description": "According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP vulnerability related to the <Limit {method}> directive in an .htaccess file.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-13T00:00:00", "type": "nessus", "title": "Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:apache:http_server", "cpe:/a:apache:httpd"], "id": "APACHE_2_4_28.NASL", "href": "https://www.tenable.com/plugins/nessus/103838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103838);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n\n script_name(english:\"Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache running on the remote\nhost is 2.4.x prior to 2.4.28. It is, therefore, affected by an HTTP\nvulnerability related to the <Limit {method}> directive in an \n.htaccess file.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.4.28\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.28 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9798\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nconstraints = [\n { \"min_version\" : \"2.4\", \"fixed_version\" : \"2.4.28\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-10T14:54:44", "description": "The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache, as follows:\n\n - Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. (CVE-2017-9798)\n\n - Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. (CVE-2017-12618)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-10T00:00:00", "type": "nessus", "title": "IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.15 / 8.5.0.0 < 8.5.5.13 / 9.0.0.0 < 9.0.0.6 Multiple Vulnerabilities (298437)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12618", "CVE-2017-9798"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:ibm:http_server"], "id": "IBM_HTTP_SERVER_298437.NASL", "href": "https://www.tenable.com/plugins/nessus/144074", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144074);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2017-9798\", \"CVE-2017-12618\");\n script_bugtraq_id(100872, 101558);\n\n script_name(english:\"IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.15 / 8.5.0.0 < 8.5.5.13 / 9.0.0.0 < 9.0.0.6 Multiple Vulnerabilities (298437)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache, as\nfollows:\n\n - Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be\n set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This\n affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an\n unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue\n and thus secret data is not always sent, and the specific data depends on many factors including\n configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in\n server/core.c. (CVE-2017-9798)\n\n - Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database\n files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with\n write access to the database can make a program or process using these functions crash, and cause a denial\n of service. (CVE-2017-12618)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.ibm.com/support/pages/node/298437\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM HTTP Server version 7.0.0.45, 8.0.0.15, 8.5.5.13, 9.0.0.6, or later. Alternatively, upgrade to the\nminimal fix pack levels required by the interim fix and then apply Interim Fix PI87445.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9798\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_http_server_nix_installed.nbin\");\n script_require_keys(\"installed_sw/IBM HTTP Server (IHS)\");\n\n exit(0);\n}\n\n\ninclude('vcf.inc');\n\napp = 'IBM HTTP Server (IHS)';\nfix = 'Interim Fix PI87445';\n\napp_info = vcf::get_app_info(app:app);\nvcf::check_granularity(app_info:app_info, sig_segments:4);\n\nif ('PI87445' >< app_info['Fixes'])\n audit(AUDIT_INST_VER_NOT_VULN, app);\n\nconstraints = [\n { 'min_version' : '7.0.0.0', 'max_version' : '7.0.0.43', 'fixed_display' : '7.0.0.45 or ' + fix },\n { 'min_version' : '8.0.0.0', 'max_version' : '8.0.0.14', 'fixed_display' : '8.0.0.15 or ' + fix },\n { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.12', 'fixed_display' : '8.5.5.13 or ' + fix },\n { 'min_version' : '9.0.0.0', 'max_version' : '9.0.0.5', 'fixed_display' : '9.0.0.6 or ' + fix }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-03T14:44:17", "description": "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in the Enterprise Manager Base Platform component.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-20T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (July 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5645", "CVE-2017-9798"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager"], "id": "ORACLE_ENTERPRISE_MANAGER_JUL_2018_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/111152", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111152);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2017-5645\", \"CVE-2017-9798\");\n script_bugtraq_id(97702, 100872);\n script_xref(name:\"IAVA\", value:\"2020-A-0326\");\n\n script_name(english:\"Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (July 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Cloud Control installed on\nthe remote host is affected by multiple vulnerabilities in the\nEnterprise Manager Base Platform component.\");\n # https://support.oracle.com/rs?type=doc&id=2394520.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?19cc26a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2018 Oracle Critical\nPatch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5645\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Cloud Control\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"install_func.inc\");\n\nproduct = \"Oracle Enterprise Manager Cloud Control\";\ninstall = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nemchome = install['path'];\n\npatchid = NULL;\nmissing = NULL;\npatched = FALSE;\nfix = NULL;\n\nif (version =~ \"^13\\.2\\.0\\.0(\\.[0-9]+)?$\")\n{\n patchid = \"28161815\";\n fix = \"13.2.0.0.180717\";\n}\nelse if (version =~ \"^12\\.1\\.0\\.5(\\.[0-9]+)?$\")\n{\n patchid = \"28026487\";\n fix = \"12.1.0.5.180717\";\n}\n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\n# compare version to check if we've already adjusted for patch level during detection\nif (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);\n\n# Now look for the affected components\npatchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));\nif (isnull(patchesinstalled))\n missing = patchid;\nelse\n{\n foreach applied (keys(patchesinstalled[emchome]))\n {\n if (applied == patchid)\n {\n patched = TRUE;\n break;\n }\n else\n {\n foreach bugid (patchesinstalled[emchome][applied]['bugs'])\n {\n if (bugid == patchid)\n {\n patched = TRUE;\n break;\n }\n }\n if (patched) break;\n }\n }\n if (!patched)\n missing = patchid;\n}\n\nif (empty_or_null(missing))\n audit(AUDIT_HOST_NOT, 'affected');\n\norder = make_list('Product', 'Version', \"Missing patch\");\nreport = make_array(\n order[0], product,\n order[1], version,\n order[2], patchid\n);\nreport = report_items_str(report_items:report, ordered_fields:order);\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-18T15:37:29", "description": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 21st November 2017] Previously, this erratum was marked as a replacement of the JBoss Enterprise Application Platform 6.4.16 Natives. This was incorrect; the erratum is an update, not a replacement. The erratum text has been modified to reflect this.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThis release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS /SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Bock for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es) :\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-11-20T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : JBoss EAP (RHSA-2017:3240) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:httpd22", "p-cpe:/a:redhat:enterprise_linux:httpd22-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd22-devel", "p-cpe:/a:redhat:enterprise_linux:httpd22-manual", "p-cpe:/a:redhat:enterprise_linux:httpd22-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_ldap22", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:mod_ssl22", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-3240.NASL", "href": "https://www.tenable.com/plugins/nessus/104699", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3240. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104699);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2016-2183\", \"CVE-2017-9788\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3240\");\n\n script_name(english:\"RHEL 6 / 7 : JBoss EAP (RHSA-2017:3240) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for Red Hat JBoss Enterprise Application\nPlatform 6.4 for RHEL 6 and Red Hat JBoss Enterprise Application\nPlatform 6.4 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 21st November 2017] Previously, this erratum was marked as a\nreplacement of the JBoss Enterprise Application Platform 6.4.16\nNatives. This was incorrect; the erratum is an update, not a\nreplacement. The erratum text has been modified to reflect this.\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server.\n\nThis release provides an update to httpd and OpenSSL. The updates are\ndocumented in the Release Notes document linked to in the References.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nThis release of JBoss Enterprise Application Platform 6.4.18 Natives\nserves as an update to the JBoss Enterprise Application Platform\n6.4.16 Natives and includes bug fixes which are documented in the\nRelease Notes document linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 Natives\nare advised to upgrade to these updated packages.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of\nthe TLS /SSL protocol. A man-in-the-middle attacker could use this\nflaw to recover some plaintext data by capturing large amounts of\nencrypted traffic between TLS/SSL server and client if the\ncommunication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and\nHanno Bock for reporting CVE-2017-9798. Upstream acknowledges\nKarthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the\noriginal reporters of CVE-2016-2183.\n\nBug Fix(es) :\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2\n(BZ#1508880)\n\n* mod_cluster segfaults in process_info() due to wrongly generated\nassembler instruction movslq (BZ#1508884)\n\n* Corruption in nodestatsmem in multiple core dumps but in different\nfunctions of each core dump. (BZ#1508885)\"\n );\n # https://access.redhat.com/documentation/en/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/documentation/en-us/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/3229231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl22\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3240\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jbossas-welcome-content-eap\") || rpm_exists(release:\"RHEL7\", rpm:\"jbossas-welcome-content-eap\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss EAP\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-debuginfo-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-devel-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-devel-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-manual-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-tools-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_ldap-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ldap-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_ssl-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.26-57.ep6.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-debuginfo-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-devel-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-manual-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-tools-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap22-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl22-2.2.26-58.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-03-07T15:17:48", "description": "The version of Oracle Secure Global Desktop installed on the remote host is 5.3 and is missing a security patch from the April 2018 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-04-19T00:00:00", "type": "nessus", "title": "Oracle Secure Global Desktop Multiple Vulnerabilities (April 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3737", "CVE-2017-3738", "CVE-2017-9798"], "modified": "2021-10-25T00:00:00", "cpe": ["cpe:/a:oracle:virtualization_secure_global_desktop"], "id": "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/109165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109165);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/25\");\n\n script_cve_id(\"CVE-2017-3737\", \"CVE-2017-3738\", \"CVE-2017-9798\");\n script_bugtraq_id(100872, 102103, 102118);\n\n script_name(english:\"Oracle Secure Global Desktop Multiple Vulnerabilities (April 2018 CPU)\");\n script_summary(english:\"Checks the version of Oracle Secure Global Desktop.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Secure Global Desktop installed on the remote\nhost is 5.3 and is missing a security patch from the April 2018\nCritical Patch Update (CPU). It is, therefore, affected by multiple\nvulnerabilities.\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixOVIR\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05e0bcf5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2018 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:virtualization_secure_global_desktop\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_secure_global_desktop_installed.nbin\");\n script_require_keys(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\napp = \"Oracle Secure Global Desktop\";\nversion = get_kb_item_or_exit(\"Host/Oracle_Secure_Global_Desktop/Version\");\n\n# this check is for Oracle Secure Global Desktop packages built for Linux platform\nuname = get_kb_item_or_exit(\"Host/uname\");\nif (\"Linux\" >!< uname) audit(AUDIT_OS_NOT, \"Linux\");\n\nfix_required = NULL;\n\nif (version =~ \"^5\\.30($|\\.)\") fix_required = 'Patch_53p4';\n\nif (isnull(fix_required)) audit(AUDIT_INST_VER_NOT_VULN, \"Oracle Secure Global Desktop\", version);\n\npatches = get_kb_list(\"Host/Oracle_Secure_Global_Desktop/Patches\");\n\npatched = FALSE;\nforeach patch (patches)\n{\n if (patch == fix_required)\n {\n patched = TRUE;\n break;\n }\n}\n\nif (patched) audit(AUDIT_INST_VER_NOT_VULN, app, version + ' (with ' + fix_required + ')');\n\nreport = '\\n Installed version : ' + version +\n '\\n Patch required : ' + fix_required +\n '\\n';\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:42:08", "description": "An update is now available for JBoss Core Services on RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* An out-of-bounds array dereference was found in apr_time_exp_get().\nAn attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-19T00:00:00", "type": "nessus", "title": "RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3477) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2017-3477.NASL", "href": "https://www.tenable.com/plugins/nessus/105369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3477. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105369);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-12613\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3477\");\n\n script_name(english:\"RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3477) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for JBoss Core Services on RHEL 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red\nHat JBoss middleware products. This software, such as Apache HTTP\nServer, is common to multiple JBoss middleware products, and is\npackaged under Red Hat JBoss Core Services to allow for faster\ndistribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 3 serves as an update to Red Hat JBoss Core Services\nApache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes,\nwhich are documented in the Release Notes document linked to in the\nReferences.\n\nSecurity Fix(es) :\n\n* An out-of-bounds array dereference was found in apr_time_exp_get().\nAn attacker could abuse an unvalidated usage of this function to cause\na denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n # https://access.redhat.com/documentation/en/red-hat-jboss-core-services/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75d9eb14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12613\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3477\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-devel-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-libs-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-libs-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"jbcs-httpd24-httpd-manual-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-selinux-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-httpd-tools-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_bmx-0.9.6-15.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-0.9.6-15.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-15.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-15.GA.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_1.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ldap-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_session-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-mod_ssl-2.4.23-125.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.23-125.jbcs.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbcs-httpd24-httpd / jbcs-httpd24-httpd-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:42:01", "description": "An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es) :\n\n* An out-of-bounds array dereference was found in apr_time_exp_get().\nAn attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-19T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3476) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-3476.NASL", "href": "https://www.tenable.com/plugins/nessus/105368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3476. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105368);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-12613\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3476\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.23 (RHSA-2017:3476) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update is now available for JBoss Core Services on RHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat JBoss Core Services is a set of supplementary software for Red\nHat JBoss middleware products. This software, such as Apache HTTP\nServer, is common to multiple JBoss middleware products, and is\npackaged under Red Hat JBoss Core Services to allow for faster\ndistribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 3 serves as an update to Red Hat JBoss Core Services\nApache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes,\nwhich are documented in the Release Notes document linked to in the\nReferences.\n\nSecurity Fix(es) :\n\n* An out-of-bounds array dereference was found in apr_time_exp_get().\nAn attacker could abuse an unvalidated usage of this function to cause\na denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n # https://access.redhat.com/documentation/en/red-hat-jboss-core-services/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75d9eb14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12613\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_bmx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3476\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-debuginfo-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-devel-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-libs-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"jbcs-httpd24-httpd-manual-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-selinux-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-httpd-tools-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-0.9.6-15.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_bmx-debuginfo-0.9.6-15.GA.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_1.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ldap-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_proxy_html-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_session-2.4.23-125.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-mod_ssl-2.4.23-125.jbcs.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jbcs-httpd24-httpd / jbcs-httpd24-httpd-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:36:44", "description": "This update for apache2 fixes several issues. These security issues were fixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that allowed for an information leak via OPTIONS (bsc#1058058)\n\n - CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest could have lead to leakage of potentially confidential information, and a segfault in other cases resulting in DoS (bsc#1048576).\n\n - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header (bsc#1045060).\n\n - CVE-2017-3169: mod_ssl may dereferenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS (bsc#1045062).\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed (bsc#1045065).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-19T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-2756-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2756-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103961);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\");\n\n script_name(english:\"SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:2756-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes several issues. These security issues\nwere fixed :\n\n - CVE-2017-9798: Prevent use-after-free use of memory that\n allowed for an information leak via OPTIONS\n (bsc#1058058)\n\n - CVE-2017-9788: Uninitialized memory reflection in\n mod_auth_digest could have lead to leakage of\n potentially confidential information, and a segfault in\n other cases resulting in DoS (bsc#1048576).\n\n - CVE-2017-7679: mod_mime could have read one byte past\n the end of a buffer when sending a malicious\n Content-Type response header (bsc#1045060).\n\n - CVE-2017-3169: mod_ssl may dereferenced a NULL pointer\n when third-party modules call\n ap_hook_process_connection() during an HTTP request to\n an HTTPS port allowing for DoS (bsc#1045062).\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by\n third-party modules outside of the authentication phase\n may have lead to authentication requirements being\n bypassed (bsc#1045065).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7679/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9788/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172756-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4b7d18d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-1709=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-debuginfo-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-debugsource-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-example-pages-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-prefork-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-prefork-debuginfo-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-utils-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-utils-debuginfo-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-worker-2.4.10-14.28.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"apache2-worker-debuginfo-2.4.10-14.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-17T14:30:39", "description": "An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS /SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno Bock for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es) :\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2017-11-08T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2017-12615", "CVE-2017-12617", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:httpd22", "p-cpe:/a:redhat:enterprise_linux:httpd22-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd22-devel", "p-cpe:/a:redhat:enterprise_linux:httpd22-manual", "p-cpe:/a:redhat:enterprise_linux:httpd22-tools", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl", "p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native", "p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_ldap22", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:mod_ssl22", "p-cpe:/a:redhat:enterprise_linux:tomcat6", "p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat6-maven-devel", "p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api", "p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7", "p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps", "p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp", "p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc", "p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-lib", "p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j", "p-cpe:/a:redhat:enterprise_linux:tomcat7-maven-devel", "p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api", "p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-3113.NASL", "href": "https://www.tenable.com/plugins/nessus/104456", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3113. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104456);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2016-2183\",\n \"CVE-2017-12615\",\n \"CVE-2017-12617\",\n \"CVE-2017-9788\",\n \"CVE-2017-9798\"\n );\n script_xref(name:\"RHSA\", value:\"2017:3113\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113) (Optionsbleed)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update is now available for Red Hat JBoss Enterprise Web Server\n2.1.2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for\nRHEL 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)\nand Transport Layer Security (TLS) protocols, as well as a\nfull-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and\nJavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for\nRed Hat JBoss Web Server 2.1.2. The updates are documented in the\nRelease Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves\nas a update for Red Hat JBoss Web Server 2, and includes bug fixes,\nwhich are documented in the Release Notes document linked to in the\nReferences.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated\npackages, which resolve several security issues.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context\nwas configured with readonly=false and HTTP PUT requests were allowed,\nan attacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context\nwas configured with readonly=false and HTTP PUT requests were allowed,\nan attacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of\nthe TLS /SSL protocol. A man-in-the-middle attacker could use this\nflaw to recover some plaintext data by capturing large amounts of\nencrypted traffic between TLS/SSL server and client if the\ncommunication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and\nHanno Bock for reporting CVE-2017-9798. Upstream acknowledges\nKarthikeyan Bhargavan (Inria) and Gaetan Leurent (Inria) as the\noriginal reporters of CVE-2016-2183.\n\nBug Fix(es) :\n\n* Corruption in nodestatsmem in multiple core dumps but in different\nfunctions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated\nassembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2\n(BZ#1493075)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/3227901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017:3113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-2183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-12617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-9788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-9798\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd22-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jbcs-httpd24-openssl-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_cluster-native-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-el-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-jsp-2.1-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-maven-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-servlet-2.5-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat6-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-log4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-maven-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3113\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"jws-2\") || rpm_exists(release:\"RHEL7\", rpm:\"jws-2\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JBoss Web Server\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-debuginfo-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-devel-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-devel-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-manual-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"httpd-tools-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_ldap-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ldap-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i386\", reference:\"mod_ssl-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.26-57.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-admin-webapps-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-docs-webapp-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-el-2.1-api-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-javadoc-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-jsp-2.1-api-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-lib-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-log4j-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-maven-devel-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-servlet-2.5-api-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat6-webapps-6.0.41-19_patch_04.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-admin-webapps-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-docs-webapp-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-el-2.2-api-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-javadoc-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-jsp-2.2-api-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-lib-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-log4j-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-maven-devel-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-servlet-3.0-api-7.0.54-28_patch_05.ep6.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"tomcat7-webapps-7.0.54-28_patch_05.ep6.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-debuginfo-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-devel-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-manual-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"httpd22-tools-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-debuginfo-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-devel-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-libs-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-perl-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"jbcs-httpd24-openssl-static-1.0.2h-14.jbcs.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_cluster-native-1.2.13-9.Final_redhat_2.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_cluster-native-debuginfo-1.2.13-9.Final_redhat_2.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ldap22-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"mod_ssl22-2.2.26-58.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-admin-webapps-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-docs-webapp-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-el-2.1-api-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-javadoc-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-jsp-2.1-api-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-lib-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-log4j-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-maven-devel-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-servlet-2.5-api-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat6-webapps-6.0.41-19_patch_04.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-admin-webapps-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-docs-webapp-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-el-2.2-api-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-javadoc-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-jsp-2.2-api-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-lib-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-log4j-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-maven-devel-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-servlet-3.0-api-7.0.54-28_patch_05.ep6.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"tomcat7-webapps-7.0.54-28_patch_05.ep6.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:16", "description": "An update for httpd is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "nessus", "title": "RHEL 6 : httpd (RHSA-2017:3195) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2017-3195.NASL", "href": "https://www.tenable.com/plugins/nessus/104541", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3195. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104541);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3195\");\n\n script_name(english:\"RHEL 6 : httpd (RHSA-2017:3195) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 6.7\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.7\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3195\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"httpd-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"httpd-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"httpd-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"httpd-debuginfo-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"httpd-devel-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"httpd-manual-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"httpd-tools-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"httpd-tools-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"httpd-tools-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"mod_ssl-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"mod_ssl-2.2.15-47.el6_7.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.15-47.el6_7.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:16", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.3 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2017:3194) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7.3"], "id": "REDHAT-RHSA-2017-3194.NASL", "href": "https://www.tenable.com/plugins/nessus/104540", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3194. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104540);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3194\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2017:3194) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.3\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token()\nfunction. A remote attacker could use this flaw to cause httpd child\nprocess to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3194\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"httpd-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"httpd-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"httpd-manual-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"mod_session-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-45.el7_3.5\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-45.el7_3.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:37", "description": "An update for httpd is now available for Red Hat Enterprise Linux 7.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-14T00:00:00", "type": "nessus", "title": "RHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-tools", "p-cpe:/a:redhat:enterprise_linux:mod_ldap", "p-cpe:/a:redhat:enterprise_linux:mod_proxy_html", "p-cpe:/a:redhat:enterprise_linux:mod_session", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:7.2"], "id": "REDHAT-RHSA-2017-3193.NASL", "href": "https://www.tenable.com/plugins/nessus/104539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:3193. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104539);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\");\n script_xref(name:\"RHSA\", value:\"2017:3193\");\n\n script_name(english:\"RHEL 7 : httpd (RHSA-2017:3193) (Optionsbleed)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for httpd is now available for Red Hat Enterprise Linux 7.2\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe httpd packages provide the Apache HTTP Server, a powerful,\nefficient, and extensible web server.\n\nSecurity Fix(es) :\n\n* It was discovered that the httpd's mod_auth_digest module did not\nproperly initialize memory before using it when processing certain\nheaders related to digest authentication. A remote attacker could\npossibly use this flaw to disclose potentially sensitive information\nor cause httpd child process to crash by sending specially crafted\nrequests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to\nauthentication bypass. A remote attacker could possibly use this flaw\nto bypass required authentication if the API was used incorrectly by\none of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl\nmodule. A remote attacker could use this flaw to cause an httpd child\nprocess to crash if another module used by httpd called a certain API\nfunction during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token()\nfunction. A remote attacker could use this flaw to cause httpd child\nprocess to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A\nuser permitted to modify httpd's MIME configuration could use this\nflaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive\nused in an .htaccess file. A remote attacker could possibly use this\nflaw to disclose portions of the server memory, or cause httpd child\nprocess to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:3193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9798\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:3193\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"httpd-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"httpd-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"httpd-debuginfo-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"httpd-debuginfo-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"httpd-devel-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"httpd-devel-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"httpd-manual-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"httpd-tools-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"httpd-tools-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"mod_ldap-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"mod_ldap-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"mod_proxy_html-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"mod_proxy_html-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"mod_session-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"mod_session-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"mod_ssl-2.4.6-40.el7_2.6\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"mod_ssl-2.4.6-40.el7_2.6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:31:36", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.(CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.(CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.(CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash.(CVE-2017-7679)\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.(CVE-2017-9788)\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.(CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : httpd (EulerOS-SA-2019-1389)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798", "CVE-2018-17199"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1389.NASL", "href": "https://www.tenable.com/plugins/nessus/124892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124892);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\",\n \"CVE-2017-9798\",\n \"CVE-2018-17199\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : httpd (EulerOS-SA-2019-1389)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In Apache HTTP Server 2.4 release 2.4.37 and prior,\n mod_session checks the session expiry time before\n decoding the session. This causes session expiry time\n to be ignored for mod_session_cookie sessions since the\n expiry time is loaded when the session is\n decoded.(CVE-2018-17199)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by\n httpd.(CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the\n httpd's mod_ssl module. A remote attacker could use\n this flaw to cause an httpd child process to crash if\n another module used by httpd called a certain API\n function during the processing of an HTTPS\n request.(CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's\n ap_find_token() function. A remote attacker could use\n this flaw to cause httpd child process to crash via a\n specially crafted HTTP request.(CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's\n MIME configuration could use this flaw to cause httpd\n child process to crash.(CVE-2017-7679)\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server.(CVE-2017-9788)\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash.(CVE-2017-9798)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1389\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5abd589d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-80.1.h4\",\n \"httpd-tools-2.4.6-80.1.h4\",\n \"mod_ssl-2.4.6-80.1.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:23", "description": "The remote host is affected by the vulnerability described in GLSA-201710-32 (Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details.\n Impact :\n\n The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets. Additionally attackers may cause a Denial of Service condition, bypass authentication, or cause information loss.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-30T00:00:00", "type": "nessus", "title": "GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9789", "CVE-2017-9798"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201710-32.NASL", "href": "https://www.tenable.com/plugins/nessus/104233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201710-32.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104233);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9789\", \"CVE-2017-9798\");\n script_xref(name:\"GLSA\", value:\"201710-32\");\n\n script_name(english:\"GLSA-201710-32 : Apache: Multiple vulnerabilities (Optionsbleed)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201710-32\n(Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Apache. Please review\n the referenced CVE identifiers for details.\n \nImpact :\n\n The Optionsbleed vulnerability can leak arbitrary memory from the server\n process that may contain secrets. Additionally attackers may cause a\n Denial of Service condition, bypass authentication, or cause information\n loss.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201710-32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.4.27-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.4.27-r1\"), vulnerable:make_list(\"lt 2.4.27-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T14:36:36", "description": "According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities:\n\n - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution.\n (CVE-2016-1000031)\n\n - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763).\n\n - A deserialization vulnerability in jackson-databind, a fast and powerful JSON library for Java, allows an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.\n (CVE-2018-19362)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-19T00:00:00", "type": "nessus", "title": "Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031", "CVE-2017-9798", "CVE-2018-11763", "CVE-2018-11784", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-8034"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:primavera_unifier"], "id": "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/124170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124170);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2016-1000031\",\n \"CVE-2017-9798\",\n \"CVE-2018-8034\",\n \"CVE-2018-11763\",\n \"CVE-2018-11784\",\n \"CVE-2018-19360\",\n \"CVE-2018-19361\",\n \"CVE-2018-19362\"\n );\n script_bugtraq_id(\n 93604,\n 100872,\n 104895,\n 105414,\n 105524\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle Primavera\nUnifier installation running on the remote web server is 16.x prior to\n16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, \ntherefore, affected by multiple vulnerabilities:\n\n - A deserialization vulnerability in Apache Commons\n FileUpload allows for remote code execution.\n (CVE-2016-1000031)\n\n - A denial of service (DoS) vulnerability exists in\n Apache HTTP Server 2.4.17 to 2.4.34, due to a design\n error. An unauthenticated, remote attacker can\n exploit this issue by sending continuous, large\n SETTINGS frames to cause a client to occupy a\n connection, server thread and CPU time without any\n connection timeout coming to effect. This affects\n only HTTP/2 connections. A possible mitigation is to\n not enable the h2 protocol. (CVE-2018-11763).\n\n - A deserialization vulnerability in jackson-databind, a\n fast and powerful JSON library for Java, allows an\n unauthenticated user to perform code execution. The\n issue was resolved by extending the blacklist and\n blocking more classes from polymorphic deserialization.\n (CVE-2018-19362)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9166970d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle Primavera Unifier version 16.2.15.7 / 17.12.10 / 18.8.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_unifier\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_unifier.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera Unifier\", \"www/weblogic\");\n script_require_ports(\"Services/www\", 8002);\n\n exit(0);\n}\n\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nget_install_count(app_name:\"Oracle Primavera Unifier\", exit_if_zero:TRUE);\n\nport = get_http_port(default:8002);\nget_kb_item_or_exit(\"www/weblogic/\" + port + \"/installed\");\n\napp_info = vcf::get_app_info(app:\"Oracle Primavera Unifier\", port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { \"min_version\" : \"16.1.0.0\", \"fixed_version\" : \"16.2.15.7\" },\n { \"min_version\" : \"17.7.0.0\", \"fixed_version\" : \"17.12.10\" },\n { \"min_version\" : \"18.8.0.0\", \"fixed_version\" : \"18.8.6\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE); \n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:37:07", "description": "This update for apache2 fixes the following issues :\n\n - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files.\n (bsc#1052830)\n\n - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed :\n\n - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added :\n\n - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.\n (bsc#1045061)\n\n - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062)\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065)\n\n - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-31T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2699", "CVE-2010-0425", "CVE-2012-0021", "CVE-2014-0118", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-doc", "p-cpe:/a:novell:suse_linux:apache2-example-pages", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-2907-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104270", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2907-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104270);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-2699\", \"CVE-2010-0425\", \"CVE-2012-0021\", \"CVE-2014-0118\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9798\");\n script_bugtraq_id(36596, 38494, 51705, 68745);\n\n script_name(english:\"SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for apache2 fixes the following issues :\n\n - Allow disabling SNI on proxy connections using 'SetEnv\n proxy-disable-sni 1' in the configuration files.\n (bsc#1052830)\n\n - Allow ECDH again in mod_ssl, it had been incorrectly\n disabled with the 2.2.34 update. (bsc#1064561) Following\n security issue has been fixed :\n\n - CVE-2017-9798: A use-after-free in the OPTIONS command\n could be used by attackers to disclose memory of the\n apache server process, when htaccess uses incorrect\n Limit statement. (bsc#1058058) Additionally, references\n to the following security issues, fixed by the previous\n version-update of apache2 to Apache HTTPD 2.2.34 have\n been added :\n\n - CVE-2017-7668: The HTTP strict parsing introduced a bug\n in token list parsing, which allowed ap_find_token() to\n search past the end of its input string. By maliciously\n crafting a sequence of request headers, an attacker may\n have be able to cause a segmentation fault, or to force\n ap_find_token() to return an incorrect value.\n (bsc#1045061)\n\n - CVE-2017-3169: mod_ssl may have de-referenced a NULL\n pointer when third-party modules call\n ap_hook_process_connection() during an HTTP request to\n an HTTPS port allowing for DoS. (bsc#1045062)\n\n - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by\n third-party modules outside of the authentication phase\n may have lead to authentication requirements being\n bypassed. (bsc#1045065)\n\n - CVE-2017-7679: mod_mime could have read one byte past\n the end of a buffer when sending a malicious\n Content-Type response header. (bsc#1045060)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2009-2699/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2010-0425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-0021/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-0118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7668/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7679/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9798/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172907-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?084963fe\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Studio Onsite 1.3:zypper in -t patch slestso13-apache2-13331=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-apache2-13331=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-apache2-13331=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-apache2-13331=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-apache2-13331=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-apache2-13331=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-apache2-13331=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-doc-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-example-pages-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-prefork-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-utils-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"apache2-worker-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-devel-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-doc-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-example-pages-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-prefork-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-utils-2.2.34-70.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"apache2-worker-2.2.34-70.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-23T02:29:32", "description": "The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:\n\n - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution.\n (CVE-2016-1000031)\n\n - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack.\n An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734)\n\n - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect.\n This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.\n (CVE-2018-11763).\n\n - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258)", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Ops Center (Apr 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1000031", "CVE-2018-0161", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407", "CVE-2018-11763", "CVE-2017-9798", "CVE-2018-1258", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1257", "CVE-2018-15756"], "modified": "2019-05-17T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager_ops_center"], "id": "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "href": "https://www.tenable.com/plugins/nessus/125147", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125147);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/05/17 9:44:17\");\n\n script_cve_id(\n \"CVE-2016-1000031\",\n \"CVE-2018-0161\",\n \"CVE-2018-0734\",\n \"CVE-2018-0735\",\n \"CVE-2018-5407\",\n \"CVE-2018-11763\",\n \"CVE-2017-9798\",\n \"CVE-2018-1258\",\n \"CVE-2018-11039\",\n \"CVE-2018-11040\",\n \"CVE-2018-1257\",\n \"CVE-2018-15756\"\n );\n\n script_bugtraq_id(\n 93604,\n 100872,\n 103573,\n 104222,\n 104260,\n 105414,\n 105703,\n 105750,\n 105758,\n 105897,\n 107984,\n 107986\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0130\");\n\n script_name(english:\"Oracle Enterprise Manager Ops Center (Apr 2019 CPU)\");\n script_summary(english:\"Checks for the patch ID.\");\n script_set_attribute(attribute:\"synopsis\", value:\n\"An enterprise management application installed on the remote host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Enterprise Manager Cloud Control installed on\nthe remote host is affected by multiple vulnerabilities in\nEnterprise Manager Base Platform component:\n\n - A deserialization vulnerability in Apache Commons\n FileUpload allows for remote code execution.\n (CVE-2016-1000031)\n\n - An information disclosure vulnerability exists in OpenSSL\n due to the potential for a side-channel timing attack.\n An unauthenticated attacker can exploit this to disclose\n potentially sensitive information. (CVE-2018-0734)\n\n - A denial of service (DoS) vulnerability exists in Apache\n HTTP Server 2.4.17 to 2.4.34, due to a design error. An\n unauthenticated, remote attacker can exploit this issue\n by sending continuous, large SETTINGS frames to cause a\n client to occupy a connection, server thread and CPU\n time without any connection timeout coming to effect.\n This affects only HTTP/2 connections. A possible\n mitigation is to not enable the h2 protocol.\n (CVE-2018-11763).\n\n - Networking component of Enterprise Manager Base Platform\n (Spring Framework) is easily exploited and may allow an\n unauthenticated, remote attacker to takeover the\n Enterprise Manager Base Platform. (CVE-2018-1258)\n\n\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9166970d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2019\nOracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager_ops_center\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_ops_center_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Ops Center\");\n\n exit(0);\n}\n\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('install_func.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\napp_name = 'Oracle Enterprise Manager Ops Center';\n\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nversion_full = install['Full Patch Version'];\npath = install['path'];\npatch_version = install['Patch Version'];\n\n\npatchid = NULL;\nfix = NULL;\n\nif (version_full =~ \"^12\\.3\\.3\\.\")\n{\n patchid = '29623885';\n fix = '1819';\n} \n\nif (isnull(patchid))\n audit(AUDIT_HOST_NOT, 'affected');\n\nif (ver_compare(ver:patch_version, fix:fix, strict:FALSE) != -1)\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_full, path);\n\nreport = \n '\\n Path : ' + path + \n '\\n Version : ' + version + \n '\\n Ops Agent Version : ' + version_full + \n '\\n Current Patch : ' + patch_version + \n '\\n Fixed Patch Version : ' + fix +\n '\\n Fix : ' + patchid;\n\nsecurity_report_v4(extra:report, severity:SECURITY_HOLE, port:0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T14:36:36", "description": "According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) installation running on the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to 15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x prior to 18.8.8.0. It is, therefore, affected by multiple vulnerabilities:\n\n - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution.\n (CVE-2016-1000031)\n\n - A denial of service vulnerability in the bundled third-party component OpenSSL library's DSA signature algorithm that renders it vulnerable to a timing side channel attack. An attacker could leverage this vulnerability to recover the private key.\n (CVE-2018-0734)\n\n - A deserialization vulnerability in jackson-databind, a fast and powerful JSON library for Java, allows an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization.\n (CVE-2018-19362)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-19T00:00:00", "type": "nessus", "title": "Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031", "CVE-2017-9798", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-11763", "CVE-2018-11784", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-5407", "CVE-2018-8034", "CVE-2019-2701"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management"], "id": "ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/124169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124169);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2016-1000031\",\n \"CVE-2017-9798\",\n \"CVE-2018-0734\",\n \"CVE-2018-0735\",\n \"CVE-2018-5407\",\n \"CVE-2018-8034\",\n \"CVE-2018-11763\",\n \"CVE-2018-11784\",\n \"CVE-2018-19360\",\n \"CVE-2018-19361\",\n \"CVE-2018-19362\",\n \"CVE-2019-2701\"\n );\n script_bugtraq_id(\n 93604,\n 100872,\n 104895,\n 105414,\n 105524,\n 105750,\n 105758,\n 105897\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on the remote web server is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Oracle Primavera\nP6 Enterprise Project Portfolio Management (EPPM) installation running\non the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to\n15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x\nprior to 18.8.8.0. It is, therefore, affected by multiple\nvulnerabilities:\n\n - A deserialization vulnerability in Apache Commons\n FileUpload allows for remote code execution.\n (CVE-2016-1000031)\n\n - A denial of service vulnerability in the bundled\n third-party component OpenSSL library's DSA signature\n algorithm that renders it vulnerable to a timing side\n channel attack. An attacker could leverage this\n vulnerability to recover the private key.\n (CVE-2018-0734)\n\n - A deserialization vulnerability in jackson-databind, a\n fast and powerful JSON library for Java, allows an\n unauthenticated user to perform code execution. The\n issue was resolved by extending the blacklist and\n blocking more classes from polymorphic deserialization.\n (CVE-2018-19362)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9166970d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle Primavera P6 Enterprise Project Portfolio Management\n(EPPM) version 8.4.15.10 / 15.2.18.4 / 16.2.17.2 / 17.12.12.0 / 18.8.8.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1000031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_primavera_p6_eppm.nbin\");\n script_require_keys(\"installed_sw/Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM)\", \"www/weblogic\");\n script_require_ports(\"Services/www\", 8004);\n\n exit(0);\n}\n\ninclude(\"http.inc\");\ninclude(\"vcf.inc\");\n\nget_install_count(app_name:\"Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM)\", exit_if_zero:TRUE);\n\nport = get_http_port(default:8004);\nget_kb_item_or_exit(\"www/weblogic/\" + port + \"/installed\");\n\napp_info = vcf::get_app_info(app:\"Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM)\", port:port);\n\nconstraints = [\n { \"min_version\" : \"8.4.0.0\", \"fixed_version\" : \"8.4.15.10\" },\n { \"min_version\" : \"15.1.0.0\", \"fixed_version\" : \"15.2.18.4\" },\n { \"min_version\" : \"16.2.0.0\", \"fixed_version\" : \"16.2.17.2\" },\n { \"min_version\" : \"17.7.0.0\", \"fixed_version\" : \"17.12.12.0\" },\n { \"min_version\" : \"18.0.0.0\", \"fixed_version\" : \"18.8.8.0\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T15:07:33", "description": "This update for VirtualBox to version 5.1.36 fixes multiple issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or frequently repeatable crash (complete DOS)\n\n - CVE-2018-2830: Attacker with host login may have compromised Virtualbox or further system services after interaction with a third user\n\n - CVE-2018-2831: Attacker with host login may have compromised VirtualBox or further system services, allowing read access to some data\n\n - CVE-2018-2835: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user\n\n - CVE-2018-2836: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user\n\n - CVE-2018-2837: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user\n\n - CVE-2018-2842: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user\n\n - CVE-2018-2843: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user \n\n - CVE-2018-2844: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user \n\n - CVE-2018-2845: Attacker with host login may have caused a hang or frequently repeatable crash (complete DOS), and perform unauthorized read and write operation to some VirtualBox accessible data\n\n - CVE-2018-2860: Privileged attacker may have gained control over VirtualBox and possibly further system services\n\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose- 3678108.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067 .html#AppendixOVIR\n\nThis update also contains all upstream fixes and improvements in the stable 5.1.36 release.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-04-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3737", "CVE-2017-9798", "CVE-2018-0739", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2860"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-source", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-vnc", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-389.NASL", "href": "https://www.tenable.com/plugins/nessus/109294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-389.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109294);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3737\", \"CVE-2017-9798\", \"CVE-2018-0739\", \"CVE-2018-2830\", \"CVE-2018-2831\", \"CVE-2018-2835\", \"CVE-2018-2836\", \"CVE-2018-2837\", \"CVE-2018-2842\", \"CVE-2018-2843\", \"CVE-2018-2844\", \"CVE-2018-2845\", \"CVE-2018-2860\");\n\n script_name(english:\"openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)\");\n script_summary(english:\"Check for the openSUSE-2018-389 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for VirtualBox to version 5.1.36 fixes multiple issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0739: Unauthorized remote attacker may have\n caused a hang or frequently repeatable crash (complete\n DOS)\n\n - CVE-2018-2830: Attacker with host login may have\n compromised Virtualbox or further system services after\n interaction with a third user\n\n - CVE-2018-2831: Attacker with host login may have\n compromised VirtualBox or further system services,\n allowing read access to some data\n\n - CVE-2018-2835: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user\n\n - CVE-2018-2836: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user\n\n - CVE-2018-2837: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user\n\n - CVE-2018-2842: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user\n\n - CVE-2018-2843: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user \n\n - CVE-2018-2844: Attacker with host login may have gained\n control over VirtualBox and possibly further system\n services after interacting with a third user \n\n - CVE-2018-2845: Attacker with host login may have caused\n a hang or frequently repeatable crash (complete DOS),\n and perform unauthorized read and write operation to\n some VirtualBox accessible data\n\n - CVE-2018-2860: Privileged attacker may have gained\n control over VirtualBox and possibly further system\n services\n\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-\n3678108.html\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067\n.html#AppendixOVIR\n\nThis update also contains all upstream fixes and improvements in the\nstable 5.1.36 release.\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixOVIR\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05e0bcf5\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7eca6abf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089997\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected virtualbox packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-vnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-virtualbox-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-virtualbox-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-debugsource-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-devel-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-desktop-icons-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-kmp-default-5.1.36_k4.4.126_48-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.1.36_k4.4.126_48-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-source-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-tools-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-tools-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-x11-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-guest-x11-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-kmp-default-5.1.36_k4.4.126_48-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-kmp-default-debuginfo-5.1.36_k4.4.126_48-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-host-source-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-qt-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-qt-debuginfo-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-vnc-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-websrv-5.1.36-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"virtualbox-websrv-debuginfo-5.1.36-50.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:22:43", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities:\n\n - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.\n (CVE-2005-1268)\n\n - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding:\n chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088)\n\n - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700)\n\n - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728)\n\n - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352)\n\n - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.\n (CVE-2005-3357)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452)\n\n - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638)\n\n - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1268", "CVE-2005-2088", "CVE-2005-2700", "CVE-2005-2728", "CVE-2005-3352", "CVE-2005-3357", "CVE-2009-3555", "CVE-2010-1452", "CVE-2011-3638", "CVE-2016-8743", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL", "href": "https://www.tenable.com/plugins/nessus/127360", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0118. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127360);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2005-1268\",\n \"CVE-2005-2088\",\n \"CVE-2005-2700\",\n \"CVE-2005-2728\",\n \"CVE-2005-3352\",\n \"CVE-2005-3357\",\n \"CVE-2009-3555\",\n \"CVE-2010-1452\",\n \"CVE-2011-3638\",\n \"CVE-2016-8743\",\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\",\n \"CVE-2017-9798\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple\nvulnerabilities:\n\n - Off-by-one error in the mod_ssl Certificate Revocation\n List (CRL) verification callback in Apache, when\n configured to use a CRL, allows remote attackers to\n cause a denial of service (child process crash) via a\n CRL that causes a buffer overflow of one null byte.\n (CVE-2005-1268)\n\n - The Apache HTTP server before 1.3.34, and 2.0.x before\n 2.0.55, when acting as an HTTP proxy, allows remote\n attackers to poison the web cache, bypass web\n application firewall protection, and conduct XSS attacks\n via an HTTP request with both a Transfer-Encoding:\n chunked header and a Content-Length header, which\n causes Apache to incorrectly handle and forward the body\n of the request in a way that causes the receiving server\n to process it as a separate HTTP request, aka HTTP\n Request Smuggling. (CVE-2005-2088)\n\n - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using\n SSLVerifyClient optional in the global virtual host\n configuration, does not properly enforce\n SSLVerifyClient require in a per-location context,\n which allows remote attackers to bypass intended access\n restrictions. (CVE-2005-2700)\n\n - The byte-range filter in Apache 2.0 before 2.0.54 allows\n remote attackers to cause a denial of service (memory\n consumption) via an HTTP header with a large Range\n field. (CVE-2005-2728)\n\n - Cross-site scripting (XSS) vulnerability in the mod_imap\n module of Apache httpd before 1.3.35-dev and Apache\n httpd 2.0.x before 2.0.56-dev allows remote attackers to\n inject arbitrary web script or HTML via the Referer when\n using image maps. (CVE-2005-3352)\n\n - mod_ssl in Apache 2.0 up to 2.0.55, when configured with\n an SSL vhost with access control and a custom error 400\n error page, allows remote attackers to cause a denial of\n service (application crash) via a non-SSL request to an\n SSL port, which triggers a NULL pointer dereference.\n (CVE-2005-3357)\n\n - The TLS protocol, and the SSL protocol 3.0 and possibly\n earlier, as used in Microsoft Internet Information\n Services (IIS) 7.0, mod_ssl in the Apache HTTP Server\n 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5\n and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, multiple Cisco products, and other\n products, does not properly associate renegotiation\n handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS\n sessions, and possibly other types of sessions protected\n by TLS or SSL, by sending an unauthenticated request\n that is processed retroactively by a server in a post-\n renegotiation context, related to a plaintext\n injection attack, aka the Project Mogul issue.\n (CVE-2009-3555)\n\n - The (1) mod_cache and (2) mod_dav modules in the Apache\n HTTP Server 2.2.x before 2.2.16 allow remote attackers\n to cause a denial of service (process crash) via a\n request that lacks a path. (CVE-2010-1452)\n\n - fs/ext4/extents.c in the Linux kernel before 3.0 does\n not mark a modified extent as dirty in certain cases of\n extent splitting, which allows local users to cause a\n denial of service (system crash) via vectors involving\n ext4 umount and mount operations. (CVE-2011-3638)\n\n - It was discovered that the HTTP parser in httpd\n incorrectly allowed certain characters not permitted by\n the HTTP protocol specification to appear unencoded in\n HTTP request headers. If httpd was used in conjunction\n with a proxy or backend server that interpreted those\n characters differently, a remote attacker could possibly\n use this flaw to inject data into HTTP responses,\n resulting in proxy cache poisoning. (CVE-2016-8743)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by httpd.\n (CVE-2017-3167)\n\n - A NULL pointer dereference flaw was found in the httpd's\n mod_ssl module. A remote attacker could use this flaw to\n cause an httpd child process to crash if another module\n used by httpd called a certain API function during the\n processing of an HTTPS request. (CVE-2017-3169)\n\n - A buffer over-read flaw was found in the httpd's\n ap_find_token() function. A remote attacker could use\n this flaw to cause httpd child process to crash via a\n specially crafted HTTP request. (CVE-2017-7668)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's MIME\n configuration could use this flaw to cause httpd child\n process to crash. (CVE-2017-7679)\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server. (CVE-2017-9788)\n\n - A use-after-free flaw was found in the way httpd handled\n invalid and previously unregistered HTTP methods\n specified in the Limit directive used in an .htaccess\n file. A remote attacker could possibly use this flaw to\n disclose portions of the server memory, or cause httpd\n child process to crash. (CVE-2017-9798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0118\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL httpd packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-2700\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-7679\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"httpd-2.2.15-60.el6.centos.6\",\n \"httpd-devel-2.2.15-60.el6.centos.6\",\n \"httpd-manual-2.2.15-60.el6.centos.6\",\n \"httpd-tools-2.2.15-60.el6.centos.6\",\n \"mod_ssl-2.2.15-60.el6.centos.6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:40:58", "description": "The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :\n\n - apache\n - curl\n - IOAcceleratorFamily\n - IOKit\n - Kernel\n - OpenSSL\n - Screen Sharing Server", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-07T00:00:00", "type": "nessus", "title": "macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-12837", "CVE-2017-13847", "CVE-2017-13855", "CVE-2017-13862", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13872", "CVE-2017-13904", "CVE-2017-15422", "CVE-2017-3735", "CVE-2017-7154", "CVE-2017-7158", "CVE-2017-7159", "CVE-2017-7162", "CVE-2017-7172", "CVE-2017-7173", "CVE-2017-9798"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOSX_SECUPD2017-005.NASL", "href": "https://www.tenable.com/plugins/nessus/105081", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105081);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-3735\",\n \"CVE-2017-7154\",\n \"CVE-2017-7158\",\n \"CVE-2017-7159\",\n \"CVE-2017-7162\",\n \"CVE-2017-7172\",\n \"CVE-2017-7173\",\n \"CVE-2017-9798\",\n \"CVE-2017-12837\",\n \"CVE-2017-13847\",\n \"CVE-2017-13855\",\n \"CVE-2017-13862\",\n \"CVE-2017-13867\",\n \"CVE-2017-13868\",\n \"CVE-2017-13869\",\n \"CVE-2017-13872\",\n \"CVE-2017-13904\",\n \"CVE-2017-15422\",\n \"CVE-2017-1000254\"\n );\n script_bugtraq_id(\n 100515,\n 100860,\n 100872,\n 101115,\n 101981,\n 102097,\n 102098,\n 102100,\n 103134,\n 103135\n );\n\n script_name(english:\"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-002 and 2017-005)\");\n script_summary(english:\"Checks for the presence of Security Update 2017-002 / 2017-005.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update that\nfixes multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is\nmissing a security update. It is therefore, affected by multiple\nvulnerabilities affecting the following components :\n\n - apache\n - curl\n - IOAcceleratorFamily\n - IOKit\n - Kernel\n - OpenSSL\n - Screen Sharing Server\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208331\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2017-005 or later for 10.11.x or\nSecurity Update 2017-002 or later for 10.12.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7172\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X Root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item_or_exit(\"Host/MacOSX/Version\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11\\.6|12\\.6)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.11.6 or Mac OS X 10.12.6\");\n\nif (\"10.11.6\" >< os)\n patch = \"2017-005\";\nelse\n patch = \"2017-002\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = pgrep(\n pattern:\"^com\\.apple\\.pkg\\.update\\.(security\\.|os\\.SecUpd).*bom$\",\n string:packages\n);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = pregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:36", "description": "According to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-21T00:00:00", "type": "nessus", "title": "Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5174", "CVE-2015-5188", "CVE-2015-5220", "CVE-2015-5304", "CVE-2015-7236", "CVE-2015-7501", "CVE-2016-2141", "CVE-2016-8743", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-12172", "CVE-2017-14106", "CVE-2017-15098", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-5645", "CVE-2017-5664", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798", "CVE-2018-0011", "CVE-2018-0012", "CVE-2018-0013"], "modified": "2019-06-11T00:00:00", "cpe": ["cpe:/a:juniper:junos_space"], "id": "JUNIPER_SPACE_JSA_10838.NASL", "href": "https://www.tenable.com/plugins/nessus/108520", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108520);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/06/11 15:17:50\");\n\n script_cve_id(\n \"CVE-2015-5174\",\n \"CVE-2015-5188\",\n \"CVE-2015-5220\",\n \"CVE-2015-5304\",\n \"CVE-2015-7236\",\n \"CVE-2015-7501\",\n \"CVE-2016-2141\",\n \"CVE-2016-8743\",\n \"CVE-2017-1000111\",\n \"CVE-2017-1000112\",\n \"CVE-2017-12172\",\n \"CVE-2017-14106\",\n \"CVE-2017-15098\",\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-5645\",\n \"CVE-2017-5664\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\",\n \"CVE-2017-9798\",\n \"CVE-2018-0011\",\n \"CVE-2018-0012\",\n \"CVE-2018-0013\"\n );\n script_bugtraq_id(\n 57974,\n 76771,\n 77345,\n 78215,\n 79788,\n 83329,\n 91481,\n 95077,\n 97702,\n 98888,\n 99134,\n 99135,\n 99137,\n 99170,\n 99569,\n 100262,\n 100267,\n 100872,\n 100878,\n 101781,\n 101949\n );\n\n script_name(english:\"Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)\");\n script_summary(english:\"Checks the version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Junos Space\nversion is prior to 17.2R1. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10838\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Junos Space 17.2R1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_space\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Junos_Space/version\");\n\n exit(0);\n}\n\ninclude(\"junos.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Junos_Space/version');\n\ncheck_junos_space(ver:ver, fix:'17.2R1', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-23T02:31:42", "description": "According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.(CVE-2014-0098)\n\n - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user.(CVE-2014-0226)\n\n - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.(CVE-2016-8743)\n\n - A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled.(CVE-2014-3581)\n\n - Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding.\n A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.(CVE-2015-3183)\n\n - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.(CVE-2017-15710)\n\n - A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.(CVE-2017-3169)\n\n - It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.(CVE-2016-5387)\n\n - A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash.(CVE-2017-7679)\n\n - A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.\n The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.(CVE-2018-1303)\n\n - It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.(CVE-2017-9788)\n\n - A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers.(CVE-2013-5704)\n\n - A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.(CVE-2017-7668)\n\n - A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration.\n It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.(CVE-2019-0217)\n\n - A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.\n (CVE-2013-4352)\n\n - he dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. (CVE-2013-6438)\n\n - A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash.\n (CVE-2014-0117)\n\n - A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the 'DEFLATE' input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.(CVE-2014-0118)\n\n - A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely.(CVE-2014-0231)\n\n - It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185)\n\n - It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736)\n\n - It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication.(CVE-2016-2161)\n\n - It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.(CVE-2017-3167)\n\n - A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n - In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. (CVE-2018-1312)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4352", "CVE-2013-5704", "CVE-2013-6438", "CVE-2014-0098", "CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3581", "CVE-2015-3183", "CVE-2015-3185", "CVE-2016-0736", "CVE-2016-2161", "CVE-2016-5387", "CVE-2016-8743", "CVE-2017-15710", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798", "CVE-2018-1303", "CVE-2018-1312", "CVE-2019-0217"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:httpd", "p-cpe:/a:huawei:euleros:httpd-tools", "p-cpe:/a:huawei:euleros:mod_ssl", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1419.NASL", "href": "https://www.tenable.com/plugins/nessus/124922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124922);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4352\",\n \"CVE-2013-5704\",\n \"CVE-2013-6438\",\n \"CVE-2014-0098\",\n \"CVE-2014-0117\",\n \"CVE-2014-0118\",\n \"CVE-2014-0226\",\n \"CVE-2014-0231\",\n \"CVE-2014-3581\",\n \"CVE-2015-3183\",\n \"CVE-2015-3185\",\n \"CVE-2016-0736\",\n \"CVE-2016-2161\",\n \"CVE-2016-5387\",\n \"CVE-2016-8743\",\n \"CVE-2017-15710\",\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9788\",\n \"CVE-2017-9798\",\n \"CVE-2018-1303\",\n \"CVE-2018-1312\",\n \"CVE-2019-0217\"\n );\n script_bugtraq_id(\n 66303,\n 66550,\n 68678,\n 68740,\n 68742,\n 68745,\n 68863,\n 69248,\n 71656,\n 75963,\n 75965\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the httpd packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The log_cookie function in mod_log_config.c in the\n mod_log_config module in the Apache HTTP Server before\n 2.4.8 allows remote attackers to cause a denial of\n service (segmentation fault and daemon crash) via a\n crafted cookie that is not properly handled during\n truncation.(CVE-2014-0098)\n\n - A race condition flaw, leading to heap-based buffer\n overflows, was found in the mod_status httpd module. A\n remote attacker able to access a status page served by\n mod_status on a server using a threaded\n Multi-Processing Module (MPM) could send a specially\n crafted request that would cause the httpd child\n process to crash or, possibly, allow the attacker to\n execute arbitrary code with the privileges of the\n 'apache' user.(CVE-2014-0226)\n\n - It was discovered that the HTTP parser in httpd\n incorrectly allowed certain characters not permitted by\n the HTTP protocol specification to appear unencoded in\n HTTP request headers. If httpd was used in conjunction\n with a proxy or backend server that interpreted those\n characters differently, a remote attacker could\n possibly use this flaw to inject data into HTTP\n responses, resulting in proxy cache\n poisoning.(CVE-2016-8743)\n\n - A NULL pointer dereference flaw was found in the way\n the mod_cache httpd module handled Content-Type\n headers. A malicious HTTP server could cause the httpd\n child process to crash when the Apache HTTP server was\n configured to proxy to a server with caching\n enabled.(CVE-2014-3581)\n\n - Multiple flaws were found in the way httpd parsed HTTP\n requests and responses using chunked transfer encoding.\n A remote attacker could use these flaws to create a\n specially crafted request, which httpd would decode\n differently from an HTTP proxy software in front of it,\n possibly leading to HTTP request smuggling\n attacks.(CVE-2015-3183)\n\n - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and\n 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with\n AuthLDAPCharsetConfig, uses the Accept-Language header\n value to lookup the right charset encoding when\n verifying the user's credentials. If the header value\n is not present in the charset conversion table, a\n fallback mechanism is used to truncate it to a two\n characters value to allow a quick retry (for example,\n 'en-US' is truncated to 'en'). A header value of less\n than two characters forces an out of bound write of one\n NUL byte to a memory location that is not part of the\n string. In the worst case, quite unlikely, the process\n would crash which could be used as a Denial of Service\n attack. In the more likely case, this memory is already\n reserved for future use and the issue has no effect at\n all.(CVE-2017-15710)\n\n - A NULL pointer dereference flaw was found in the\n httpd's mod_ssl module. A remote attacker could use\n this flaw to cause an httpd child process to crash if\n another module used by httpd called a certain API\n function during the processing of an HTTPS\n request.(CVE-2017-3169)\n\n - It was discovered that httpd used the value of the\n Proxy header from HTTP requests to initialize the\n HTTP_PROXY environment variable for CGI scripts, which\n in turn was incorrectly used by certain HTTP client\n implementations to configure the proxy for outgoing\n HTTP requests. A remote attacker could possibly use\n this flaw to redirect HTTP requests performed by a CGI\n script to an attacker-controlled proxy via a malicious\n HTTP request.(CVE-2016-5387)\n\n - A buffer over-read flaw was found in the httpd's\n mod_mime module. A user permitted to modify httpd's\n MIME configuration could use this flaw to cause httpd\n child process to crash.(CVE-2017-7679)\n\n - A specially crafted HTTP request header could have\n crashed the Apache HTTP Server prior to version 2.4.30\n due to an out of bound read while preparing data to be\n cached in shared memory. It could be used as a Denial\n of Service attack against users of mod_cache_socache.\n The vulnerability is considered as low risk since\n mod_cache_socache is not widely used, mod_cache_disk is\n not concerned by this vulnerability.(CVE-2018-1303)\n\n - It was discovered that the httpd's mod_auth_digest\n module did not properly initialize memory before using\n it when processing certain headers related to digest\n authentication. A remote attacker could possibly use\n this flaw to disclose potentially sensitive information\n or cause httpd child process to crash by sending\n specially crafted requests to a server.(CVE-2017-9788)\n\n - A flaw was found in the way httpd handled HTTP Trailer\n headers when processing requests using chunked\n encoding. A malicious client could use Trailer headers\n to set additional HTTP headers after header processing\n was performed by other modules. This could, for\n example, lead to a bypass of header restrictions\n defined with mod_headers.(CVE-2013-5704)\n\n - A buffer over-read flaw was found in the httpd's\n ap_find_token() function. A remote attacker could use\n this flaw to cause httpd child process to crash via a\n specially crafted HTTP request.(CVE-2017-7668)\n\n - A race condition was found in mod_auth_digest when the\n web server was running in a threaded MPM configuration.\n It could allow a user with valid credentials to\n authenticate using another username, bypassing\n configured access control restrictions.(CVE-2019-0217)\n\n - A NULL pointer dereference flaw was found in the\n mod_cache httpd module. A malicious HTTP server could\n cause the httpd child process to crash when the Apache\n HTTP Server was used as a forward proxy with caching.\n (CVE-2013-4352)\n\n - he dav_xml_get_cdata function in main/util.c in the\n mod_dav module in the Apache HTTP Server before 2.4.8\n does not properly remove whitespace characters from\n CDATA sections, which allows remote attackers to cause\n a denial of service (daemon crash) via a crafted DAV\n WRITE request. (CVE-2013-6438)\n\n - A denial of service flaw was found in the mod_proxy\n httpd module. A remote attacker could send a specially\n crafted request to a server configured as a reverse\n proxy using a threaded Multi-Processing Modules (MPM)\n that would cause the httpd child process to crash.\n (CVE-2014-0117)\n\n - A denial of service flaw was found in the way httpd's\n mod_deflate module handled request body decompression\n (configured via the 'DEFLATE' input filter). A remote\n attacker able to send a request whose body would be\n decompressed could use this flaw to consume an\n excessive amount of system memory and CPU on the target\n system.(CVE-2014-0118)\n\n - A denial of service flaw was found in the way httpd's\n mod_cgid module executed CGI scripts that did not read\n data from the standard input. A remote attacker could\n submit a specially crafted request that would cause the\n httpd child process to hang\n indefinitely.(CVE-2014-0231)\n\n - It was discovered that in httpd 2.4, the internal API\n function ap_some_auth_required() could incorrectly\n indicate that a request was authenticated even when no\n authentication was used. An httpd module using this API\n function could consequently allow access that should\n have been denied. (CVE-2015-3185)\n\n - It was discovered that the mod_session_crypto module of\n httpd did not use any mechanisms to verify integrity of\n the encrypted session data stored in the user's\n browser. A remote attacker could use this flaw to\n decrypt and modify session data using a padding oracle\n attack. (CVE-2016-0736)\n\n - It was discovered that the mod_auth_digest module of\n httpd did not properly check for memory allocation\n failures. A remote attacker could use this flaw to\n cause httpd child processes to repeatedly crash if the\n server used HTTP digest authentication.(CVE-2016-2161)\n\n - It was discovered that the use of httpd's\n ap_get_basic_auth_pw() API function outside of the\n authentication phase could lead to authentication\n bypass. A remote attacker could possibly use this flaw\n to bypass required authentication if the API was used\n incorrectly by one of the modules used by\n httpd.(CVE-2017-3167)\n\n - A use-after-free flaw was found in the way httpd\n handled invalid and previously unregistered HTTP\n methods specified in the Limit directive used in an\n .htaccess file. A remote attacker could possibly use\n this flaw to disclose portions of the server memory, or\n cause httpd child process to crash. (CVE-2017-9798)\n\n - In Apache httpd 2.2.0 to 2.4.29, when generating an\n HTTP Digest authentication challenge, the nonce sent to\n prevent reply attacks was not correctly generated using\n a pseudo-random seed. In a cluster of servers using a\n common Digest authentication configuration, HTTP\n requests could be replayed across servers by an\n attacker without detection. (CVE-2018-1312)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1419\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b195f8e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected httpd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"httpd-2.4.6-80.1.h6\",\n \"httpd-tools-2.4.6-80.1.h6\",\n \"mod_ssl-2.4.6-80.1.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-16T14:48:32", "description": "The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the January 2018 CPU advisory.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 9.9, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.3}, "published": "2018-01-24T00:00:00", "type": "nessus", "title": "Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-1182", "CVE-2016-2107", "CVE-2016-2179", "CVE-2017-10068", "CVE-2017-10262", "CVE-2017-10273", "CVE-2017-10352", "CVE-2017-12617", "CVE-2017-3732", "CVE-2017-5461", "CVE-2017-5645", "CVE-2017-9798", "CVE-2018-2561", "CVE-2018-2564", "CVE-2018-2584", "CVE-2018-2596", "CVE-2018-2601", "CVE-2018-2625", "CVE-2018-2711", "CVE-2018-2713", "CVE-2018-2715", "CVE-2018-2760"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:http_server"], "id": "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "href": "https://www.tenable.com/plugins/nessus/106299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106299);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-7501\",\n \"CVE-2015-7940\",\n \"CVE-2016-0635\",\n \"CVE-2016-1182\",\n \"CVE-2016-2107\",\n \"CVE-2016-2179\",\n \"CVE-2017-3732\",\n \"CVE-2017-5461\",\n \"CVE-2017-5645\",\n \"CVE-2017-9798\",\n \"CVE-2017-10068\",\n \"CVE-2017-10262\",\n \"CVE-2017-10273\",\n \"CVE-2017-10352\",\n \"CVE-2017-12617\",\n \"CVE-2018-2561\",\n \"CVE-2018-2564\",\n \"CVE-2018-2584\",\n \"CVE-2018-2596\",\n \"CVE-2018-2601\",\n \"CVE-2018-2625\",\n \"CVE-2018-2711\",\n \"CVE-2018-2713\",\n \"CVE-2018-2715\",\n \"CVE-2018-2760\"\n );\n script_bugtraq_id(\n 78215,\n 79091,\n 89760,\n 91067,\n 91869,\n 92987,\n 95814,\n 97702,\n 98050,\n 100872,\n 100954,\n 102442,\n 102535,\n 102539,\n 102541,\n 102545,\n 102550,\n 102553,\n 102558,\n 102562,\n 102565,\n 102567,\n 102569,\n 102573,\n 103826\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle HTTP Server installed on the remote host is\naffected by multiple vulnerabilities as noted in the January 2018\nCPU advisory.\");\n # https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixFMW\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6072c657\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76507bf8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2018 Oracle Critical\nPatch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7501\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:http_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_http_server_installed.nbin\");\n script_require_keys(\"Oracle/OHS/Installed\");\n\n exit(0);\n}\n\ninclude('oracle_http_server_patch_func.inc');\n\nget_kb_item_or_exit('Oracle/OHS/Installed');\ninstall_list = get_kb_list_or_exit('Oracle/OHS/*/EffectiveVersion');\n\ninstall = branch(install_list, key:TRUE, value:TRUE);\n\npatches = make_array();\npatches['11.1.1.7'] = make_array('fix_ver', '11.1.1.7.180116', 'patch', '27197885');\npatches['11.1.1.9'] = make_array('fix_ver', '11.1.1.9.180116', 'patch', '27301611');\npatches['12.1.3.0'] = make_array('fix_ver', '12.1.3.0.190130', 'patch', '27244723');\npatches['12.2.1.2'] = make_array('fix_ver', '12.2.1.2.171220', 'patch', '27198002');\npatches['12.2.1.3'] = make_array('fix_ver', '12.2.1.3.171117', 'patch', '27149535');\n\noracle_http_server_check_vuln(\n install : install,\n min_patches : patches,\n severity : SECURITY_HOLE\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-17T14:23:17", "description": "According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 9.9, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.3}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-1182", "CVE-2016-2107", "CVE-2016-2179", "CVE-2017-10068", "CVE-2017-10262", "CVE-2017-10273", "CVE-2017-10352", "CVE-2017-12617", "CVE-2017-3732", "CVE-2017-5645", "CVE-2017-9798", "CVE-2018-2561", "CVE-2018-2564", "CVE-2018-2584", "CVE-2018-2594", "CVE-2018-2595", "CVE-2018-2596", "CVE-2018-2601", "CVE-2018-2610", "CVE-2018-2625", "CVE-2018-2711", "CVE-2018-2713", "CVE-2018-2715", "CVE-2018-2733"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:iplanet_web_server", "cpe:/a:mozilla:network_security_services"], "id": "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "href": "https://www.tenable.com/plugins/nessus/106349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106349);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2015-7501\",\n \"CVE-2015-7940\",\n \"CVE-2016-0635\",\n \"CVE-2016-1182\",\n \"CVE-2016-2107\",\n \"CVE-2016-2179\",\n \"CVE-2017-3732\",\n \"CVE-2017-5645\",\n \"CVE-2017-9798\",\n \"CVE-2017-10068\",\n \"CVE-2017-10262\",\n \"CVE-2017-10273\",\n \"CVE-2017-10352\",\n \"CVE-2017-12617\",\n \"CVE-2018-2561\",\n \"CVE-2018-2564\",\n \"CVE-2018-2584\",\n \"CVE-2018-2594\",\n \"CVE-2018-2595\",\n \"CVE-2018-2596\",\n \"CVE-2018-2601\",\n \"CVE-2018-2610\",\n \"CVE-2018-2625\",\n \"CVE-2018-2711\",\n \"CVE-2018-2713\",\n \"CVE-2018-2715\",\n \"CVE-2018-2733\"\n );\n script_bugtraq_id(\n 78215,\n 79091,\n 89760,\n 91067,\n 91869,\n 92987,\n 95814,\n 97702,\n 98050,\n 100872,\n 100954,\n 102442,\n 102535,\n 102539,\n 102541,\n 102545,\n 102550,\n 102553,\n 102558,\n 102562,\n 102565,\n 102567,\n 102569,\n 102573,\n 102634,\n 102637,\n 102641,\n 102643\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/15\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0240\");\n\n script_name(english:\"Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by an unspecified vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Oracle iPlanet Web Server\n(formerly known as Sun Java System Web Server) running on the remote\nhost is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore,\naffected by an unspecified vulnerability in the Network Security\nServices (NSS) library with unknown impact.\");\n # http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae82f1b1\");\n # https://support.oracle.com/epmos/faces/SearchDocDisplay?_adf.ctrl-state=14v5w3zyq8_4&_afrLoop=466151680153736#babhdcfj\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fccabced\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Oracle iPlanet Web Server version 7.0.27 or later as\nreferenced in the January 2018 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7501\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Apache Tomcat for Windows HTTP PUT Method File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Tomcat RCE via JSP Upload Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:iplanet_web_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:network_security_services\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_iplanet_web_server_detect.nbin\");\n script_require_keys(\"installed_sw/Oracle iPlanet Web Server\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\ninclude(\"http.inc\");\n\napp_name = \"Oracle iPlanet Web Server\";\nport = get_http_port(default:8989);\n\ninstall = get_single_install(app_name:app_name, port:port, exit_if_unknown_ver:TRUE);\nversion = install['version'];\n\nfix = \"7.0.27\";\nmin = \"7.0\";\n\n\n\n# Affected 7.0.x < 7.0.27\nif (\n ver_compare(ver:version, fix:min, strict:FALSE) >= 0 &&\n ver_compare(ver:version, fix:fix, strict:FALSE) == -1\n)\n{\n report = report_items_str(\n report_items:make_array(\n \"Installed version\", version,\n \"Fixed version\", fix\n ),\n ordered_fields:make_list(\"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T23:19:50", "description": "The remote host is running a version of macOS that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Apache\n - curl\n - Directory Utility\n - IOAcceleratorFamily\n - IOKit\n - Intel Graphics Driver\n - Kernel\n - Mail\n - Mail Drafts\n - OpenSSL\n - Screen Sharing Server\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-10T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-13826", "CVE-2017-13833", "CVE-2017-13844", "CVE-2017-13847", "CVE-2017-13848", "CVE-2017-13855", "CVE-2017-13858", "CVE-2017-13860", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13871", "CVE-2017-13872", "CVE-2017-13875", "CVE-2017-13876", "CVE-2017-13878", "CVE-2017-13883", "CVE-2017-3735", "CVE-2017-5754", "CVE-2017-7154", "CVE-2017-7155", "CVE-2017-7158", "CVE-2017-7159", "CVE-2017-7162", "CVE-2017-7163", "CVE-2017-9798"], "modified": "2019-04-10T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "700513.PRM", "href": "https://www.tenable.com/plugins/nnm/700513", "sourceData": "Binary data 700513.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-30T14:47:27", "description": "The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache\n - curl\n - Directory Utility\n - IOAcceleratorFamily\n - IOKit\n - Intel Graphics Driver\n - Kernel\n - Mail\n - Mail Drafts\n - OpenSSL\n - Screen Sharing Server\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-07T00:00:00", "type": "nessus", "title": "macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000254", "CVE-2017-13847", "CVE-2017-13848", "CVE-2017-13855", "CVE-2017-13858", "CVE-2017-13860", "CVE-2017-13862", "CVE-2017-13865", "CVE-2017-13867", "CVE-2017-13868", "CVE-2017-13869", "CVE-2017-13871", "CVE-2017-13872", "CVE-2017-13875", "CVE-2017-13876", "CVE-2017-13878", "CVE-2017-13883", "CVE-2017-13886", "CVE-2017-13887", "CVE-2017-13892", "CVE-2017-13904", "CVE-2017-13905", "CVE-2017-13911", "CVE-2017-15422", "CVE-2017-3735", "CVE-2017-5754", "CVE-2017-7151", "CVE-2017-7154", "CVE-2017-7155", "CVE-2017-7158", "CVE-2017-7159", "CVE-2017-7162", "CVE-2017-7163", "CVE-2017-7171", "CVE-2017-7172", "CVE-2017-7173", "CVE-2017-9798"], "modified": "2019-06-19T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_10_13_2.NASL", "href": "https://www.tenable.com/plugins/nessus/105080", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105080);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-1000254\",\n \"CVE-2017-13847\",\n \"CVE-2017-13848\",\n \"CVE-2017-13855\",\n \"CVE-2017-13858\",\n \"CVE-2017-13860\",\n \"CVE-2017-13862\",\n \"CVE-2017-13865\",\n \"CVE-2017-13867\",\n \"CVE-2017-13868\",\n \"CVE-2017-13869\",\n \"CVE-2017-13871\",\n \"CVE-2017-13872\",\n \"CVE-2017-13875\",\n \"CVE-2017-13876\",\n \"CVE-2017-13878\",\n \"CVE-2017-13883\",\n \"CVE-2017-13886\",\n \"CVE-2017-13887\",\n \"CVE-2017-13892\",\n \"CVE-2017-13904\",\n \"CVE-2017-13905\",\n \"CVE-2017-13911\",\n \"CVE-2017-15422\",\n \"CVE-2017-3735\",\n \"CVE-2017-5754\",\n \"CVE-2017-7151\",\n \"CVE-2017-7154\",\n \"CVE-2017-7155\",\n \"CVE-2017-7158\",\n \"CVE-2017-7159\",\n \"CVE-2017-7162\",\n \"CVE-2017-7163\",\n \"CVE-2017-7171\",\n \"CVE-2017-7172\",\n \"CVE-2017-7173\",\n \"CVE-2017-9798\"\n );\n script_bugtraq_id(\n 100515,\n 100872,\n 101115,\n 101981,\n 102097,\n 102098,\n 102099,\n 102100,\n 102378,\n 103134,\n 103135\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n\n script_name(english:\"macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.13.x\nprior to 10.13.2. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - apache\n - curl\n - Directory Utility\n - IOAcceleratorFamily\n - IOKit\n - Intel Graphics Driver\n - Kernel\n - Mail\n - Mail Drafts\n - OpenSSL\n - Screen Sharing Server\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208394\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7172\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X Root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13.2\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:'10.13.2', strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:37:38", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-19T14:54:11", "type": "redhat", "title": "(RHSA-2017:2972) Moderate: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171", "CVE-2017-9798"], "modified": "2018-06-07T14:23:07", "id": "RHSA-2017:2972", "href": "https://access.redhat.com/errata/RHSA-2017:2972", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-10-21T04:46:47", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting this issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-11T15:17:48", "type": "redhat", "title": "(RHSA-2017:2882) Moderate: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-04-11T23:32:53", "id": "RHSA-2017:2882", "href": "https://access.redhat.com/errata/RHSA-2017:2882", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:37:14", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nThe following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.27). (BZ#1461819)\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting this issue.\n\nBug Fix(es):\n\n* The httpd package installation script tried to create both the \"apache\" user and group in a single \"useradd\" command. Consequently, when the \"apache\" group had already been created on the system, the command failed, and the \"apache\" user was not created. To fix this bug, the \"apache\" group is now created by a separate command, and the \"apache\" user is correctly created during httpd installation even when the \"apache\" group exists. (BZ#1486843)\n\n* When installing the httpd24 Software Collection using the \"yum\" command, if the \"apache\" group already existed on the system with GID other than 48, the \"apache\" user was not created. This update fixes the bug. (BZ#1487164)\n\n* With this update, it is possible to run the mod_rewrite external mapping program as a non-root user. (BZ#1486832)\n\n* On a Red Hat Enterprise Linux 6 system, when the httpd service was stopped twice in a row by running the \"service httpd stop\" command, a misleading message was returned: \"Stopping httpd: [FAILED]\". This bug has been fixed. (BZ#1418395)\n\n* When the \"service httpd24-httpd graceful\" command was used on Red Hat Enterprise Linux 7 while the httpd24-httpd service was not running, the daemon was started without being tracked by systemd. As a consequence, the daemon ran in an incorrect SELinux domain. This bug has been fixed, and the httpd daemon runs in the correct SELinux domain in the described scenario. (BZ#1440858)\n\nEnhancement(s):\n\n* With this update, the mod_ssl module supports the ALPN protocol on Red Hat Enterprise Linux 7.4 and later versions. (BZ#1327548)\n\nFor further details, see the Red Hat Software Collections 3.0 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-24T08:16:35", "type": "redhat", "title": "(RHSA-2017:3018) Moderate: httpd24 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-06-12T21:28:16", "id": "RHSA-2017:3018", "href": "https://access.redhat.com/errata/RHSA-2017:3018", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T18:40:27", "description": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThis release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-11-16T19:09:55", "type": "redhat", "title": "(RHSA-2017:3240) Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2018-06-06T22:39:06", "id": "RHSA-2017:3240", "href": "https://access.redhat.com/errata/RHSA-2017:3240", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-21T04:42:45", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2. The updates are documented in the Release Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues\n\nSecurity Fix(es):\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)\n\n* The jboss-ews-application-servers zip README contains incomplete description of fixed CVEs (BZ#1497953)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-11-02T19:03:45", "type": "redhat", "title": "(RHSA-2017:3114) Important: Red Hat JBoss Web Server security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2017-12615", "CVE-2017-12617", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2017-11-02T19:04:09", "id": "RHSA-2017:3114", "href": "https://access.redhat.com/errata/RHSA-2017:3114", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:44:14", "description": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-12-15T22:22:53", "type": "redhat", "title": "(RHSA-2017:3477) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update ", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2017-12-15T22:24:19", "id": "RHSA-2017:3477", "href": "https://access.redhat.com/errata/RHSA-2017:3477", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:47:14", "description": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes (including fixes from previous Service Pack 1 and 2), which are documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-12-15T22:22:15", "type": "redhat", "title": "(RHSA-2017:3475) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update ", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2017-12-15T22:22:27", "id": "RHSA-2017:3475", "href": "https://access.redhat.com/errata/RHSA-2017:3475", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:44:55", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-13T16:38:45", "type": "redhat", "title": "(RHSA-2017:3195) Important: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2017-11-13T16:53:54", "id": "RHSA-2017:3195", "href": "https://access.redhat.com/errata/RHSA-2017:3195", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:36:03", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References.\n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nUsers of Red Hat JBoss Web Server 2 should upgrade to these updated packages, which resolve several security issues.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-11-02T19:03:10", "type": "redhat", "title": "(RHSA-2017:3113) Important: Red Hat JBoss Web Server security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2183", "CVE-2017-12615", "CVE-2017-12617", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2018-06-06T22:42:48", "id": "RHSA-2017:3113", "href": "https://access.redhat.com/errata/RHSA-2017:3113", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:45:03", "description": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-12-15T22:22:30", "type": "redhat", "title": "(RHSA-2017:3476) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update ", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12613", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7679", "CVE-2017-9798"], "modified": "2017-12-15T22:23:56", "id": "RHSA-2017:3476", "href": "https://access.redhat.com/errata/RHSA-2017:3476", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:46:02", "description": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release provides an update to httpd and OpenSSL. The updates are documented in the Release Notes document linked to in the References.\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThis release of JBoss Enterprise Application Platform 6.4.18 Natives serves as an update to the JBoss Enterprise Application Platform 6.4.16 Natives and includes bug fixes which are documented in the Release Notes document linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 Natives are advised to upgrade to these updated packages.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno B\u00f6ck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Ga\u00ebtan Leurent (Inria) as the original reporters of CVE-2016-2183.\n\nBug Fix(es):\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1508880)\n\n* mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1508884)\n\n* Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1508885)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2017-11-16T19:09:33", "type": "redhat", "title": "(RHSA-2017:3239) Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3560", "CVE-2009-3720", "CVE-2012-0876", "CVE-2016-2183", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2018-01-10T09:17:37", "id": "RHSA-2017:3239", "href": "https://access.redhat.com/errata/RHSA-2017:3239", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-10-21T04:42:51", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-13T16:37:21", "type": "redhat", "title": "(RHSA-2017:3193) Important: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2017-11-13T16:40:11", "id": "RHSA-2017:3193", "href": "https://access.redhat.com/errata/RHSA-2017:3193", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:43:04", "description": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)\n\n* It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668)\n\n* A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-11-13T16:37:59", "type": "redhat", "title": "(RHSA-2017:3194) Important: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9798"], "modified": "2017-11-13T16:40:39", "id": "RHSA-2017:3194", "href": "https://access.redhat.com/errata/RHSA-2017:3194", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:24", "description": "Check the version of httpd", "cvss3": {}, "published": "2017-10-21T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2017:2972 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798", "CVE-2017-12171"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2972_httpd_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for httpd CESA-2017:2972 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882791\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-21 09:24:25 +0200 (Sat, 21 Oct 2017)\");\n script_cve_id(\"CVE-2017-12171\", \"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for httpd CESA-2017:2972 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of httpd\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP\nServer, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\n * A regression was found in the Red Hat Enterprise Linux 6.9 version of\nhttpd, causing comments in the 'Allow' and 'Deny' configuration lines to be\nparsed incorrectly. A web administrator could unintentionally allow any\nclient to access a restricted HTTP resource. (CVE-2017-12171)\n\nRed Hat would like to thank Hanno Bock for reporting CVE-2017-9798 and\nKAWAHARA Masashi for reporting CVE-2017-12171.\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2972\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022601.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~60.el6.centos.6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~60.el6.centos.6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~60.el6.centos.6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~60.el6.centos.6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~60.el6.centos.6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-20T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2017:2972-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798", "CVE-2017-12171"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310812045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812045", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2972-01_httpd.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for httpd RHSA-2017:2972-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812045\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-20 08:40:37 +0200 (Fri, 20 Oct 2017)\");\n script_cve_id(\"CVE-2017-12171\", \"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for httpd RHSA-2017:2972-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP\nServer, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\n * A regression was found in the Red Hat Enterprise Linux 6.9 version of\nhttpd, causing comments in the 'Allow' and 'Deny' configuration lines to be\nparsed incorrectly. A web administrator could unintentionally allow any\nclient to access a restricted HTTP resource. (CVE-2017-12171)\n\nRed Hat would like to thank Hanno Bck for reporting CVE-2017-9798 and\nKAWAHARA Masashi for reporting CVE-2017-12171.\");\n script_tag(name:\"affected\", value:\"httpd on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2972-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00028.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.15~60.el6_9.6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.15~60.el6_9.6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.15~60.el6_9.6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.15~60.el6_9.6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.15~60.el6_9.6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.15~60.el6_9.6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:32", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3980-1 (apache2 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703980", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703980", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3980.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3980-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703980\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-9798\");\n script_name(\"Debian Security Advisory DSA 3980-1 (apache2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 00:00:00 +0200 (Wed, 20 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3980.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"apache2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.\n\nWe recommend that you upgrade your apache2 packages.\");\n script_tag(name:\"summary\", value:\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-data\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dev\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-ssl-dev\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-pristine\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.4.25-3+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-data\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-dev\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-suexec-pristine\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-macro\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-proxy-html\", ver:\"2.4.10-10+deb8u11\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-28T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2017-a52f252521", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873446", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873446", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_a52f252521_httpd_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for httpd FEDORA-2017-a52f252521\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873446\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-28 09:14:48 +0200 (Thu, 28 Sep 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2017-a52f252521\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-a52f252521\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4JEOCEFPTVRSQESLYQKPEEKR3XN7LBV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.27~3.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:09:29", "description": "Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for apache2 (DLA-1102-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891102", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891102\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-9798\");\n script_name(\"Debian LTS: Security Advisory for apache2 (DLA-1102-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00019.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"apache2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n2.2.22-13+deb7u12.\n\nWe recommend that you upgrade your apache2 packages.\");\n\n script_tag(name:\"summary\", value:\"Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.22-13+deb7u12\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:26", "description": "Check the version of httpd", "cvss3": {}, "published": "2017-10-12T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2017:2882 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882784", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882784", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2882_httpd_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for httpd CESA-2017:2882 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882784\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:25:42 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for httpd CESA-2017:2882 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of httpd\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache\nHTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bock for reporting this issue.\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2882\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022565.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ldap\", rpm:\"mod_ldap~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_proxy_html\", rpm:\"mod_proxy_html~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~67.el7.centos.5\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-12T00:00:00", "type": "openvas", "title": "RedHat Update for httpd RHSA-2017:2882-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310812035", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812035", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2882-01_httpd.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for httpd RHSA-2017:2882-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812035\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:24:50 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for httpd RHSA-2017:2882-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The httpd packages provide the Apache HTTP\nServer, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. A remote attacker could possibly use this flaw to\ndisclose portions of the server memory, or cause httpd child process to\ncrash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno Bck for reporting this issue.\");\n script_tag(name:\"affected\", value:\"httpd on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2882-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_session\", rpm:\"mod_session~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~67.el7_4.5\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:33:30", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1253)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171253", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1253\");\n script_version(\"2020-01-23T11:01:28+0000\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1253)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1253\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1253\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2017-1253 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~45.0.1.4.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:34:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1252)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171252", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1252\");\n script_version(\"2020-01-23T11:01:27+0000\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1252)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1252\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1252\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2017-1252 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~45.0.1.4.h8\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-08T18:58:25", "description": "Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2020-05-06T00:00:00", "id": "OPENVAS:1361412562310112048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112048", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112048\");\n script_version(\"2020-05-06T12:58:00+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 12:58:00 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 12:53:35 +0200 (Wed, 20 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n script_name(\"Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2017/09/18/2\");\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/100872\");\n script_xref(name:\"URL\", value:\"https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/\");\n script_xref(name:\"URL\", value:\"https://www.apache.org/dist/httpd/CHANGES_2.4.28\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf\n has certain misconfigurations, aka Optionsbleed.\");\n\n script_tag(name:\"vuldetect\", value:\"This script checks for a corrupted Allow header that is being\n constructed in response to HTTP OPTIONS requests.\");\n\n script_tag(name:\"insight\", value:\"Optionsbleed is a use after free error in Apache HTTP server that\n causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak\n pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change\n after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.\n\n The bug appears if a webmaster tries to use the 'Limit' directive with an invalid HTTP method.\n\n Example .htaccess:\n\n <Limit abcxyz>\n </Limit>\");\n\n script_tag(name:\"impact\", value:\"The successful exploitation allows the attacker to read chunks of the\n host's memory.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server 2.2.x versions up to 2.2.34 and 2.4.x below 2.4.28.\");\n\n script_tag(name:\"solution\", value:\"Update to Apache HTTP Server 2.4.28. For Apache HTTP Server running\n version 2.2.34 apply the patch linked in the references.\n\n As a workaround the usage of .htaccess should be disabled competely via the 'AllowOverride None'\n directive within the webservers configuration. Furthermore all <Limit> statements within the\n webserver configuration needs to be verified for invalid HTTP methods.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nget_app_location(cpe:CPE, port:port, nofork:TRUE); # To have a reference to the Detection-NVT\n\nuseragent = http_get_user_agent();\nhost = http_host_name(port:port);\n\n#TODO: Once this vulnerability got older we might want to consider to limit the amounts of directories to check here\nforeach dir(make_list_unique(\"/\", http_cgi_dirs(port:port)))\n{\n\n if(dir == \"/\") dir = \"\";\n url = dir + \"/\";\n\n req = 'OPTIONS ' + url + ' HTTP/1.1\\r\\n' +\n 'Host: ' + host + '\\r\\n' +\n 'User-Agent: ' + useragent + '\\r\\n' +\n 'Connection: Close\\r\\n\\r\\n';\n\n for(i = 0; i <= 100; i++)\n {\n res = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);\n if(res =~ \"^HTTP/1\\.[01] 405\" ) break; # We don't need to continue in this inner loop if the OPTIONS method is disabled.\n if(allow = egrep(string:res, pattern:\"^Allow: .*\" ))\n {\n # Examples:\n # Allow: POST,OPTIONS,,HEAD,:09:44 GMT\n # Allow: ,GET,HEAD,POST,OPTIONS\n # Allow: HEAD,,HEAD,POST,,HEAD,TRACE\n # Allow: POST,OPTIONS,GET,HEAD,,HEAD,write.c>\n if(vuln = eregmatch(pattern:\"(\\,{2,}|\\,\\W+\\,|^\\w+\\:[\\s]{0,}\\,|\\d)\", string:allow))\n {\n report = \"The remote service might leak data/memory via the 'Allow' header.\";\n report += '\\n\\nRequest:\\n' + req + '\\nResponse:\\n' + res;\n security_message(port:port, data:report);\n exit(0);\n }\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for apache2 USN-3425-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843313", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843313", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3425_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for apache2 USN-3425-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843313\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-20 11:45:15 +0200 (Wed, 20 Sep 2017)\");\n script_cve_id(\"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for apache2 USN-3425-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Hanno Bck discovered that the Apache HTTP\n Server incorrectly handled Limit directives in .htaccess files. In certain\n configurations, a remote attacker could possibly use this issue to read\n arbitrary server memory, including sensitive information. This issue is known as\n Optionsbleed.\");\n script_tag(name:\"affected\", value:\"apache2 on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3425-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3425-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.7-1ubuntu4.18\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.25-3ubuntu2.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.18-2ubuntu3.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:51", "description": "Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user", "cvss3": {}, "published": "2017-10-11T00:00:00", "type": "openvas", "title": "Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798"], "modified": "2018-10-19T00:00:00", "id": "OPENVAS:1361412562310108252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108252", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_optionsbleed_version.nasl 11983 2018-10-19 10:04:45Z mmartin $\n#\n# Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108252\");\n script_version(\"$Revision: 11983 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-19 12:04:45 +0200 (Fri, 19 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-11 10:53:35 +0200 (Wed, 11 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2017-9798\");\n script_bugtraq_id(100872);\n script_name(\"Apache HTTP Server OPTIONS Memory Leak Vulnerability (Optionsbleed)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2017/09/18/2\");\n script_xref(name:\"URL\", value:\"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/100872\");\n script_xref(name:\"URL\", value:\"https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/\");\n script_xref(name:\"URL\", value:\"https://www.apache.org/dist/httpd/CHANGES_2.4.28\");\n\n script_tag(name:\"summary\", value:\"Apache HTTP server allows remote attackers to read secret data\n from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf\n has certain misconfigurations, aka Optionsbleed.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Optionsbleed is a use after free error in Apache HTTP server that\n causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak\n pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change\n after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.\n\n The bug appears if a webmaster tries to use the 'Limit' directive with an invalid HTTP method.\n\n Example .htaccess:\n\n <Limit abcxyz>\n </Limit>\");\n\n script_tag(name:\"impact\", value:\"The successful exploitation allows the attacker to read chunks of the\n host's memory.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server 2.2.x versions up to 2.2.34 and 2.4.x below 2.4.28.\");\n\n script_tag(name:\"solution\", value:\"Update to Apache HTTP Server 2.4.28. For Apache HTTP Server running\n version 2.2.34 apply the patch linked in the references.\n\n As a workaround the usage of .htaccess should be disabled competely via the 'AllowOverride None'\n directive within the webservers configuration. Furthermore all <Limit> statements within the\n webserver configuration needs to be verified for invalid HTTP methods.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_less_equal( version:vers, test_version:\"2.2.34\" ) ) {\n vuln = TRUE;\n fix = \"Apply the referenced patch or upgrade to 2.4.28\";\n}\n\nif( vers =~ \"^2\\.4\\.\" ) {\n if( version_is_less( version:vers, test_version:\"2.4.28\" ) ) {\n vuln = TRUE;\n fix = \"2.4.28\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:37:27", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1389)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798", "CVE-2017-3167", "CVE-2018-17199", "CVE-2017-9788", "CVE-2017-7668", "CVE-2017-3169", "CVE-2017-7679"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191389", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191389", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1389\");\n script_version(\"2020-01-23T11:41:27+0000\");\n script_cve_id(\"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\", \"CVE-2018-17199\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:41:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:41:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1389)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1389\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1389\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2019-1389 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.(CVE-2018-17199)\n\nIt was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd.(CVE-2017-3167)\n\nA NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request.(CVE-2017-3169)\n\nA buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request.(CVE-2017-7668)\n\nA buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash.(CVE-2017-7679)\n\nIt was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.(CVE-2017-9788)\n\nA use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.(CVE-2017-9798)\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~80.1.h4\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~80.1.h4\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~80.1.h4\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-13T00:00:00", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2018-e6d9251471", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798", "CVE-2018-1301", "CVE-2018-1312", "CVE-2017-15710", "CVE-2017-15715", "CVE-2018-1303", "CVE-2018-1283"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874436", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e6d9251471_httpd_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for httpd FEDORA-2018-e6d9251471\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874436\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-13 05:47:20 +0200 (Sun, 13 May 2018)\");\n script_cve_id(\"CVE-2018-1303\", \"CVE-2018-1301\", \"CVE-2018-1312\", \"CVE-2017-15715\",\n \"CVE-2017-15710\", \"CVE-2018-1283\", \"CVE-2017-9798\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for httpd FEDORA-2018-e6d9251471\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"httpd on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e6d9251471\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YAANMOCNKDAROWX2LFUGFMRSDIRUENO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.33~4.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T17:40:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for virtualbox (openSUSE-SU-2018:1057-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2836", "CVE-2017-9798", "CVE-2018-2860", "CVE-2018-2844", "CVE-2018-2842", "CVE-2018-2835", "CVE-2018-2845", "CVE-2017-3737", "CVE-2018-2837", "CVE-2018-0739", "CVE-2018-2831", "CVE-2018-2830", "CVE-2018-2843"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851734", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851734", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851734\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-25 08:40:14 +0200 (Wed, 25 Apr 2018)\");\n script_cve_id(\"CVE-2017-3737\", \"CVE-2017-9798\", \"CVE-2018-0739\", \"CVE-2018-2830\",\n \"CVE-2018-2831\", \"CVE-2018-2835\", \"CVE-2018-2836\", \"CVE-2018-2837\",\n \"CVE-2018-2842\", \"CVE-2018-2843\", \"CVE-2018-2844\", \"CVE-2018-2845\",\n \"CVE-2018-2860\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for virtualbox (openSUSE-SU-2018:1057-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'virtualbox'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for VirtualBox to version 5.1.36 fixes multiple issues:\n\n Security issues fixed:\n\n - CVE-2018-0739: Unauthorized remote attacker may have caused a hang or\n frequently repeatable crash (complete DOS)\n\n - CVE-2018-2830: Attacker with host login may have compromised Virtualbox\n or further system services after interaction with a third user\n\n - CVE-2018-2831: Attacker with host login may have compromised VirtualBox\n or further system services, allowing read access to some data\n\n - CVE-2018-2835: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2836: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2837: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2842: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2843: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2844: Attacker with host login may have gained control over\n VirtualBox and possibly further system services after interacting with a\n third user\n\n - CVE-2018-2845: Attacker with host login may have caused a hang or\n frequently repeatable crash (complete DOS), and perform unauthorized\n read and write operation to some VirtualBox accessible data\n\n - CVE-2018-2860: Privileged attacker may have gained control over\n VirtualBox and possibly further system services\n\n #AppendixOVIR\n\n This update also contains all upstream fixes and improvements in the\n stable 5.1.36 release.\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-389=1\");\n\n script_tag(name:\"affected\", value:\"virtualbox on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1057-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00069.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-36781\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-desktop-icons\", rpm:\"virtualbox-guest-desktop-icons~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-source\", rpm:\"virtualbox-guest-source~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~5.1.36_k4.4.126_48~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~5.1.36_k4.4.126_48~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~5.1.36_k4.4.126_48~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~5.1.36_k4.4.126_48~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-vnc\", rpm:\"virtualbox-vnc~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~5.1.36~50.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:40", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-12-07T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT208331)-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9798", "CVE-2017-13844", "CVE-2017-13869", "CVE-2017-3735", "CVE-2017-7172", "CVE-2017-13904", "CVE-2017-13855", "CVE-2017-7162", "CVE-2017-1000254", "CVE-2017-7159", "CVE-2017-15422", "CVE-2017-13868", "CVE-2017-13847", "CVE-2017-13833", "CVE-2017-13867", "CVE-2017-10002", "CVE-2017-7173", "CVE-2017-7154", "CVE-2017-13862"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310812401", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812401", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_HT208331_02.nasl 14295 2019-03-18 20:16:46Z cfischer $\n#\n# Apple MacOSX Security Updates(HT208331)-02\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812401\");\n script_version(\"$Revision: 14295 $\");\n script_cve_id(\"CVE-2017-13868\", \"CVE-2017-13869\", \"CVE-2017-3735\", \"CVE-2017-13855\",\n\t\t\"CVE-2017-13844\", \"CVE-2017-9798\", \"CVE-2017-13847\", \"CVE-2017-13833\",\n\t\t\"CVE-2017-10002\", \"CVE-2017-13867\", \"CVE-2017-13862\", \"CVE-2017-7172\",\n \"CVE-2017-1000254\", \"CVE-2017-15422\", \"CVE-2017-7159\", \"CVE-2017-7162\",\n \"CVE-2017-13904\", \"CVE-2017-7173\", \"CVE-2017-7154\");\n script_bugtraq_id(100515, 100872, 101946);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 21:16:46 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-07 10:51:36 +0530 (Thu, 07 Dec 2017)\");\n script_name(\"Apple MacOSX Security Updates(HT208331)-02\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Security update includes,\n\n - A validation issue was addressed with improved input sanitization.\n\n - An out-of-bounds read issue existed in X.509 IPAddressFamily parsing.\n\n - A type confusion issue was addressed with improved memory handling.\n\n - A memory corruption issue was addressed with improved memory handling.\n\n - Multiple issues were addressed by updating to version 2.4.28.\n\n - Multiple memory corruption issues were addressed through improved state management.\n\n - An out-of-bounds read was addressed with improved bounds checking.\n\n - An out-of-bounds read issue existed in the FTP PWD response parsing.\n\n - An integer overflow error.\n\n - An input validation issue existed in the kernel.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to read restricted memory, execute arbitrary code with system\n privileges.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions,\n 10.13.x through 10.13.1, 10.12.x through 10.12.6, 10.11.x through 10.11.6\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate security patch from\n the reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208331\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[1-3]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[1-3]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nbuildVer = get_kb_item(\"ssh/login/osx_build\");\n\nif(osVer =~ \"^10\\.11\")\n{\n if(version_in_range(version:osVer, test_version:\"10.11\", test_version2:\"10.11.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.11.6\")\n {\n if(osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G18013\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nif(osVer =~ \"^10\\.12\")\n{\n if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.12.6\")\n {\n if(osVer == \"10.12.6\" && version_is_less(version:buildVer, test_version:\"16G1114\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nelse if(osVer == \"10.13.1\"){\n fix = \"10.13.2\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:18", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3185", "CVE-2017-9798", "CVE-2016-2161", "CVE-2019-0217", "CVE-2014-0231", "CVE-2013-4352", "CVE-2017-3167", "CVE-2016-8743", "CVE-2013-5704", "CVE-2014-0098", "CVE-2013-6438", "CVE-2018-1312", "CVE-2015-3183", "CVE-2017-15710", "CVE-2017-9788", "CVE-2014-0118", "CVE-2018-1303", "CVE-2016-5387", "CVE-2014-3581", "CVE-2017-7668", "CVE-2017-3169", "CVE-2014-0117", "CVE-2016-0736", "CVE-2014-0226", "CVE-2017-7679"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191419", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191419", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1419\");\n script_version(\"2020-01-23T11:43:35+0000\");\n script_cve_id(\"CVE-2013-4352\", \"CVE-2013-5704\", \"CVE-2013-6438\", \"CVE-2014-0098\", \"CVE-2014-0117\", \"CVE-2014-0118\", \"CVE-2014-0226\", \"CVE-2014-0231\", \"CVE-2014-3581\", \"CVE-2015-3183\", \"CVE-2015-3185\", \"CVE-2016-0736\", \"CVE-2016-2161\", \"CVE-2016-5387\", \"CVE-2016-8743\", \"CVE-2017-15710\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9798\", \"CVE-2018-1303\", \"CVE-2018-1312\", \"CVE-2019-0217\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:43:35 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:43:35 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1419\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1419\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'httpd' package(s) announced via the EulerOS-SA-2019-1419 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.(CVE-2014-0098)\n\nA race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the 'apache' user.(CVE-2014-0226)\n\nIt was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning.(CVE-2016-8743)\n\nA NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled.(CVE-2014-3581)\n\nMultiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.(CVE-2015-3183)\n\nIn Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.(CVE-2017-15710)\n\nA NULL pointer derefere ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'httpd' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.4.6~80.1.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.4.6~80.1.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.4.6~80.1.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:42:13", "description": "**CentOS Errata and Security Advisory** CESA-2017:2972\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\n* A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-October/072076.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ssl\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:2972", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-20T21:13:38", "type": "centos", "title": "httpd, mod_ssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171", "CVE-2017-9798"], "modified": "2017-10-20T21:13:38", "id": "CESA-2017:2972", "href": "https://lists.centos.org/pipermail/centos-announce/2017-October/072076.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-01T04:42:12", "description": "**CentOS Errata and Security Advisory** CESA-2017:2882\n\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798)\n\nRed Hat would like to thank Hanno B\u00f6ck for reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-October/072040.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ldap\nmod_proxy_html\nmod_session\nmod_ssl\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:2882", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-11T20:46:20", "type": "centos", "title": "httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-10-11T20:46:20", "id": "CESA-2017:2882", "href": "https://lists.centos.org/pipermail/centos-announce/2017-October/072040.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2022-07-07T11:11:42", "description": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2017-10-19T10:49:36", "type": "redhatcve", "title": "CVE-2017-12171", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171"], "modified": "2022-07-07T08:52:17", "id": "RH:CVE-2017-12171", "href": "https://access.redhat.com/security/cve/cve-2017-12171", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-11T08:38:59", "description": "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash.\n#### Mitigation\n\nThis issue can be mitigated by configuring httpd to disallow the use of the "Limit" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the "AllowOverride" directive. Refer to Red Hat Bugzilla bug 1490344 for further details: \n<https://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18> \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-09T11:45:40", "type": "redhatcve", "title": "CVE-2017-9798", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2022-06-11T05:56:10", "id": "RH:CVE-2017-9798", "href": "https://access.redhat.com/security/cve/cve-2017-9798", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-02-13T02:04:36", "description": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2018-07-26T17:29:00", "type": "cve", "title": "CVE-2017-12171", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171"], "modified": "2023-02-12T23:27:00", "cpe": ["cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:apache:http_server:2.2.15-60", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux:6.9", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2017-12171", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12171", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.2.15-60:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:18:26", "description": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-18T15:29:00", "type": "cve", "title": "CVE-2017-9798", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2021-06-06T11:15:00", "cpe": ["cpe:/a:apache:http_server:2.4.18", "cpe:/a:apache:http_server:2.4.7", "cpe:/a:apache:http_server:2.4.17", "cpe:/a:apache:http_server:2.4.23", "cpe:/a:apache:http_server:2.4.3", "cpe:/a:apache:http_server:2.4.1", "cpe:/a:apache:http_server:2.4.10", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:apache:http_server:2.4.2", "cpe:/a:apache:http_server:2.4.26", "cpe:/a:apache:http_server:2.4.16", "cpe:/a:apache:http_server:2.4.12", "cpe:/a:apache:http_server:2.4.9", "cpe:/a:apache:http_server:2.4.0", "cpe:/a:apache:http_server:2.4.20", "cpe:/a:apache:http_server:2.4.6", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:apache:http_server:2.4.25", "cpe:/a:apache:http_server:2.2.34", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:apache:http_server:2.4.4", "cpe:/a:apache:http_server:2.4.27"], "id": "CVE-2017-9798", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9798", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*"]}], "amazon": [{"lastseen": "2023-02-08T17:15:44", "description": "**Issue Overview:**\n\nHash (#) character matches all IPs: \nA regression was found in httpd, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 mod_ssl-2.2.34-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-tools-2.2.34-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-devel-2.2.34-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-2.2.34-1.16.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.2.34-1.16.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 httpd-manual-2.2.34-1.16.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 httpd-2.2.34-1.16.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 httpd-devel-2.2.34-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-2.2.34-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod_ssl-2.2.34-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.2.34-1.16.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-tools-2.2.34-1.16.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2017-12171](<https://access.redhat.com/security/cve/CVE-2017-12171>)\n\nMitre: [CVE-2017-12171](<https://vulners.com/cve/CVE-2017-12171>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2017-11-02T20:21:00", "type": "amazon", "title": "Medium: httpd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171"], "modified": "2017-11-03T05:56:00", "id": "ALAS-2017-921", "href": "https://alas.aws.amazon.com/ALAS-2017-921.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-08T17:16:04", "description": "**Issue Overview:**\n\nApache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration.(CVE-2017-9798)\n\n \n**Affected Packages:** \n\n\nhttpd24, httpd\n\n \n**Issue Correction:** \nRun _yum update httpd24_ to update your system. \nRun _yum update httpd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 httpd-tools-2.2.34-1.15.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-devel-2.2.34-1.15.amzn1.i686 \n \u00a0\u00a0\u00a0 mod_ssl-2.2.34-1.15.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-2.2.34-1.15.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.2.34-1.15.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_proxy_html-2.4.27-3.73.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_session-2.4.27-3.73.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-devel-2.4.27-3.73.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-2.4.27-3.73.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-debuginfo-2.4.27-3.73.amzn1.i686 \n \u00a0\u00a0\u00a0 httpd24-tools-2.4.27-3.73.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_ssl-2.4.27-3.73.amzn1.i686 \n \u00a0\u00a0\u00a0 mod24_ldap-2.4.27-3.73.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 httpd-manual-2.2.34-1.15.amzn1.noarch \n \u00a0\u00a0\u00a0 httpd24-manual-2.4.27-3.73.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 httpd-2.2.34-1.15.amzn1.src \n \u00a0\u00a0\u00a0 httpd24-2.4.27-3.73.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 httpd-tools-2.2.34-1.15.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-devel-2.2.34-1.15.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-2.2.34-1.15.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod_ssl-2.2.34-1.15.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd-debuginfo-2.2.34-1.15.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_ldap-2.4.27-3.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-debuginfo-2.4.27-3.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-tools-2.4.27-3.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_proxy_html-2.4.27-3.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-devel-2.4.27-3.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 httpd24-2.4.27-3.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_ssl-2.4.27-3.73.amzn1.x86_64 \n \u00a0\u00a0\u00a0 mod24_session-2.4.27-3.73.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2017-9798](<https://access.redhat.com/security/cve/CVE-2017-9798>)\n\nMitre: [CVE-2017-9798](<https://vulners.com/cve/CVE-2017-9798>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-18T15:32:00", "type": "amazon", "title": "Important: httpd24, httpd", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-18T18:30:00", "id": "ALAS-2017-896", "href": "https://alas.aws.amazon.com/ALAS-2017-896.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "f5": [{"lastseen": "2020-04-06T22:40:21", "description": "\nF5 Product Development has assigned ID INSTALLER-3056 (Traffix) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None | None \nBIG-IP GTM | None | 11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None | None \nF5 WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.2 | Not vulnerable | None | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | [3.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L>) | Apache HTTPD \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 2.5}, "published": "2017-11-20T20:44:00", "type": "f5", "title": "Apache vulnerability CVE-2017-12171", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171"], "modified": "2018-09-13T20:23:00", "id": "F5:K68804133", "href": "https://support.f5.com/csp/article/K68804133", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-04-06T22:40:46", "description": "\nF5 Product Development has assigned ID 684033 (BIG-IP) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP AAM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable1 | None \nBIG-IP AFM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable1 | None \nBIG-IP Analytics | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP APM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP ASM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP DNS | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 | Not vulnerable1 | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable1 | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP Link Controller | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable1 | None \nBIG-IP PEM | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable1 | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable1 | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable1 | None \nBIG-IP WebSafe | None | 13.0.0 - 13.0.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable1 | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable1 | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None \n \n1The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations. Additionally, F5 iWorkflow does not run Apache HTTPD.\n\nNone\n\nConfiguring the BIG-IP system to protect vulnerable back-end Apache servers\n\nWhile the BIG-IP system is not vulnerable, the BIG-IP system will proxy exploits to vulnerable Apache servers behind the BIG-IP system. You can protect these servers by disallowing the **OPTIONS** method in all requests. To do so, you can apply any of the following methods to each BIG-IP virtual server:\n\n**Impact of action**: Requests using the **OPTIONS** method will be blocked.\n\n * You can use the **HTTP::method** iRules command to check for the **OPTIONS** method and then perform actions such as returning an HTTP 501 response code to the client. For more information, refer to the following iRules snippet: \n\nwhen HTTP_REQUEST { \n if { [HTTP::method] equals \"OPTIONS\" } { \n HTTP::respond 501 \n } else { \n # additional logic if needed. \n } \n}\n\n * The HTTP profile allows you to limit the permitted HTTP methods in the **Known Methods** setting (under the **Enforcement** section). You can configure the affected HTTP profile with the value **Reject** for the **Unknown Method** setting and delete the value **OPTIONS** from the **Known Methods** setting.\n * For the BIG-IP PSM system, by default, the HTTP Security profile does not allow the HTTP OPTIONS method. You can associate the default HTTP Security profile to the affected virtual servers.\n * For the BIG-IP ASM system, by default, the ASM security policy does not allow the HTTP OPTIONS method. You must ensure that the HTTP OPTIONS method is not configured in the **Allowed Methods** setting on the **Security** > **Application Security** > **Headers** > **Methods** page. The BIG-IP ASM system will log an Illegal Method violation when it detects HTTP methods that are not listed in the **Allowed Methods** setting. For more information, refer to [K12312: Overview of BIG-IP ASM Illegal Method violations](<https://support.f5.com/csp/article/K12312>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-19T08:44:00", "type": "f5", "title": "Apache HTTPD vulnerability CVE-2017-9798", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2018-08-20T21:19:00", "id": "F5:K70084351", "href": "https://support.f5.com/csp/article/K70084351", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2023-02-15T14:38:58", "description": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd\n2.2.15-60, causing comments in the \"Allow\" and \"Deny\" configuration lines\nto be parsed incorrectly. A web administrator could unintentionally allow\nany client to access a restricted HTTP resource.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1493056>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | caused by rhel 6.9 specific patch\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2018-07-26T00:00:00", "type": "ubuntucve", "title": "CVE-2017-12171", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171"], "modified": "2018-07-26T00:00:00", "id": "UB:CVE-2017-12171", "href": "https://ubuntu.com/security/CVE-2017-12171", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-08-04T13:57:14", "description": "Apache httpd allows remote attackers to read secret data from process\nmemory if the Limit directive can be set in a user's .htaccess file, or if\nhttpd.conf has certain misconfigurations, aka Optionsbleed. This affects\nthe Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The\nattacker sends an unauthenticated OPTIONS HTTP request when attempting to\nread secret data. This is a use-after-free issue and thus secret data is\nnot always sent, and the specific data depends on many factors including\nconfiguration. Exploitation with .htaccess can be blocked with a patch to\nthe ap_limit_section function in server/core.c.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-18T00:00:00", "type": "ubuntucve", "title": "CVE-2017-9798", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-18T00:00:00", "id": "UB:CVE-2017-9798", "href": "https://ubuntu.com/security/CVE-2017-9798", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-03-19T02:05:50", "description": "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2018-07-26T17:29:00", "type": "debiancve", "title": "CVE-2017-12171", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12171"], "modified": "2018-07-26T17:29:00", "id": "DEBIANCVE:CVE-2017-12171", "href": "https://security-tracker.debian.org/tracker/CVE-2017-12171", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-19T02:05:50", "description": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-18T15:29:00", "type": "debiancve", "title": "CVE-2017-9798", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-18T15:29:00", "id": "DEBIANCVE:CVE-2017-9798", "href": "https://security-tracker.debian.org/tracker/CVE-2017-9798", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-30T07:40:09", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: httpd-2.4.27-8.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-30T07:40:09", "id": "FEDORA:A9847604E850", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RXQ5ISMWMJET3OQAPZBIO632OATTXUB2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-22T18:54:37", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: httpd-2.4.27-3.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-22T18:54:37", "id": "FEDORA:092E9605F081", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R4JEOCEFPTVRSQESLYQKPEEKR3XN7LBV/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-12T18:27:28", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: httpd-2.4.33-4.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15710", "CVE-2017-15715", "CVE-2017-9798", "CVE-2018-1283", "CVE-2018-1301", "CVE-2018-1303", "CVE-2018-1312"], "modified": "2018-05-12T18:27:28", "id": "FEDORA:63AEC601CFBA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7YAANMOCNKDAROWX2LFUGFMRSDIRUENO/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:34:07", "description": "Arch Linux Security Advisory ASA-201709-15\n==========================================\n\nSeverity: High\nDate : 2017-09-18\nCVE-ID : CVE-2017-9798\nPackage : apache\nType : information disclosure\nRemote : Yes\nLink : https://security.archlinux.org/AVG-404\n\nSummary\n=======\n\nThe package apache before version 2.4.27-2 is vulnerable to information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 2.4.27-2.\n\n# pacman -Syu \"apache>=2.4.27-2\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn use after free vulnerability has been discovered in Apache HTTP\n2.4.27 that causes a corrupted Allow header to be constructed in\nresponse to HTTP OPTIONS requests. This can leak pieces of arbitrary\nmemory from the server process that may contain secrets. The memory\npieces change after multiple requests, so for a vulnerable host an\narbitrary number of memory chunks can be leaked.\nThe bug appears if a webmaster tries to use the \"Limit\" directive with\nan invalid HTTP method.\n\nImpact\n======\n\nA remote attacker is able to leak memory and potentially obtain\nsensitive information from the server process.\n\nReferences\n==========\n\nhttps://bz.apache.org/bugzilla/show_bug.cgi?id=61207\nhttps://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch\nhttp://www.openwall.com/lists/oss-security/2017/09/18/2\nhttps://github.com/hannob/optionsbleed\nhttps://security.archlinux.org/CVE-2017-9798", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-18T00:00:00", "type": "archlinux", "title": "[ASA-201709-15] apache: information disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-18T00:00:00", "id": "ASA-201709-15", "href": "https://security.archlinux.org/ASA-201709-15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2023-01-26T13:13:44", "description": "## Releases\n\n * Ubuntu 17.04 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * apache2 \\- Apache HTTP server\n\nHanno B\u00f6ck discovered that the Apache HTTP Server incorrectly handled \nLimit directives in .htaccess files. In certain configurations, a remote \nattacker could possibly use this issue to read arbitrary server memory, \nincluding sensitive information. This issue is known as Optionsbleed.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-19T00:00:00", "type": "ubuntu", "title": "Apache HTTP Server vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-09-19T00:00:00", "id": "USN-3425-1", "href": "https://ubuntu.com/security/notices/USN-3425-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T13:13:04", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * apache2 \\- Apache HTTP server\n\nUSN-3425-1 fixed a vulnerability in Apache HTTP Server. This update \nprovides the corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nHanno B\u00f6ck discovered that the Apache HTTP Server incorrectly handled \nLimit directives in .htaccess files. In certain configurations, a remote \nattacker could possibly use this issue to read arbitrary server memory, \nincluding sensitive information. This issue is known as Optionsbleed.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-10-24T00:00:00", "type": "ubuntu", "title": "Apache HTTP Server vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9798"], "modified": "2017-10-24T00:00:00", "id": "USN-3425-2", "href": "https://ubuntu.com/security/notices/USN-3425-2", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2023-02-08T16:13:45", "description": "New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/httpd-2.4.27-i586-2_slack14.2.txz: Rebuilt.\n This update patches a security issue (\"Optionsbleed\") with the OPTIONS http\n method which may leak arbitrary pieces of memory to a potential attacker.\n Thanks to Hanno Bo:ck.\n For more information, see:\n http://seclists.org/oss-sec/2017/q3/477\n https://vulners.com/cve/CVE-2017-9798\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.34-i486-2_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.34-x86_64-2_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.34-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.34-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.34-i486-2_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.34-x86_64-2_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.27-i486-2_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-

RHEL 6 : httpd (RHSA-2017:2972) (Optionsbleed)

Description

Related