Lucene search

HistoryApr 27, 2024 - 12:00 a.m.

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

2024-04-2700:00:00

www.tenable.com

rhel 6

rhel 7

httpd24

curl

cve-2016-5419

cve-2016-5420

cve-2016-5421

cve-2016-7141

cve-2016-7167

cve-2016-8615

cve-2016-8616

cve-2016-8617

cve-2016-8618

cve-2016-8619

cve-2016-8620

cve-2016-8621

cve-2016-8622

cve-2016-8623

cve-2016-8624

cve-2016-8625

cve-2016-9586

cve-2017-7407

cve-2017-8816

cve-2017-8817

cve-2017-15710

cve-2017-15715

cve-2017-1000100

cve-2017-1000101

cve-2017-1000254

cve-2017-1000257

cve-2018-1283

cve-2018-1301

cve-2018-1303

cve-2018-1312

cve-2018-1333

cve-2018-11763

cve-2018-14618

cve-2018-1000007

cve-2018-1000120

cve-2018-1000121

cve-2018-1000122

cve-2018-1000301

nessus

vulnerability scanner

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.962 High

EPSS

Percentile

99.5%

JSON

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory.

curl: TLS session resumption client cert bypass (CVE-2016-5419)
curl: Re-using connection with wrong client cert (CVE-2016-5420)
curl: Use of connection struct after free (CVE-2016-5421)
curl: Incorrect reuse of client certificates (CVE-2016-7141)
curl: escape and unescape integer overflows (CVE-2016-7167)
curl: Cookie injection for other servers (CVE-2016-8615)
curl: Case insensitive password comparison (CVE-2016-8616)
curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)
curl: Double-free in curl_maprintf (CVE-2016-8618)
curl: Double-free in krb5 code (CVE-2016-8619)
curl: Glob parser write/read out of bounds (CVE-2016-8620)
curl: curl_getdate out-of-bounds read (CVE-2016-8621)
curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)
curl: Use-after-free via shared cookies (CVE-2016-8623)
curl: Invalid URL parsing with ‘#’ (CVE-2016-8624)
curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)
curl: printf floating point buffer overflow (CVE-2016-9586)
curl: --write-out out of bounds read (CVE-2017-7407)
curl: NTLM buffer overflow via integer overflow (CVE-2017-8816)
curl: FTP wildcard out of bounds read (CVE-2017-8817)
httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)
curl: TFTP sends more than buffer size (CVE-2017-1000100)
curl: URL globbing out of bounds read (CVE-2017-1000101)
curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)
curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)
httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)
httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301)
httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303)
httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)
httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763)
curl: NTLM password overflow via integer overflow (CVE-2018-14618)
curl: HTTP authentication leak in redirects (CVE-2018-1000007)
curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)
curl: LDAP NULL pointer dereference (CVE-2018-1000121)
curl: RTSP RTP buffer over-read (CVE-2018-1000122)
curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service (CVE-2018-1000301)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:3558. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(194113);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");

  script_cve_id(
    "CVE-2016-5419",
    "CVE-2016-5420",
    "CVE-2016-5421",
    "CVE-2016-7141",
    "CVE-2016-7167",
    "CVE-2016-8615",
    "CVE-2016-8616",
    "CVE-2016-8617",
    "CVE-2016-8618",
    "CVE-2016-8619",
    "CVE-2016-8620",
    "CVE-2016-8621",
    "CVE-2016-8622",
    "CVE-2016-8623",
    "CVE-2016-8624",
    "CVE-2016-8625",
    "CVE-2016-9586",
    "CVE-2017-7407",
    "CVE-2017-8816",
    "CVE-2017-8817",
    "CVE-2017-15710",
    "CVE-2017-15715",
    "CVE-2017-1000100",
    "CVE-2017-1000101",
    "CVE-2017-1000254",
    "CVE-2017-1000257",
    "CVE-2018-1283",
    "CVE-2018-1301",
    "CVE-2018-1303",
    "CVE-2018-1312",
    "CVE-2018-1333",
    "CVE-2018-11763",
    "CVE-2018-14618",
    "CVE-2018-1000007",
    "CVE-2018-1000120",
    "CVE-2018-1000121",
    "CVE-2018-1000122",
    "CVE-2018-1000301"
  );
  script_xref(name:"RHSA", value:"2018:3558");

  script_name(english:"RHEL 6 / 7 : httpd24 (RHSA-2018:3558)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2018:3558 advisory.

  - curl: TLS session resumption client cert bypass (CVE-2016-5419)

  - curl: Re-using connection with wrong client cert (CVE-2016-5420)

  - curl: Use of connection struct after free (CVE-2016-5421)

  - curl: Incorrect reuse of client certificates (CVE-2016-7141)

  - curl: escape and unescape integer overflows (CVE-2016-7167)

  - curl: Cookie injection for other servers (CVE-2016-8615)

  - curl: Case insensitive password comparison (CVE-2016-8616)

  - curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)

  - curl: Double-free in curl_maprintf (CVE-2016-8618)

  - curl: Double-free in krb5 code (CVE-2016-8619)

  - curl: Glob parser write/read out of bounds (CVE-2016-8620)

  - curl: curl_getdate out-of-bounds read (CVE-2016-8621)

  - curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)

  - curl: Use-after-free via shared cookies (CVE-2016-8623)

  - curl: Invalid URL parsing with '#' (CVE-2016-8624)

  - curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)

  - curl: printf floating point buffer overflow (CVE-2016-9586)

  - curl: --write-out out of bounds read (CVE-2017-7407)

  - curl: NTLM buffer overflow via integer overflow (CVE-2017-8816)

  - curl: FTP wildcard out of bounds read (CVE-2017-8817)

  - httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)

  - httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)

  - curl: TFTP sends more than buffer size (CVE-2017-1000100)

  - curl: URL globbing out of bounds read (CVE-2017-1000101)

  - curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)

  - curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)

  - httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI
    applications (CVE-2018-1283)

  - httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301)

  - httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303)

  - httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)

  - httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)

  - httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763)

  - curl: NTLM password overflow via integer overflow (CVE-2018-14618)

  - curl: HTTP authentication leak in redirects (CVE-2018-1000007)

  - curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)

  - curl: LDAP NULL pointer dereference (CVE-2018-1000121)

  - curl: RTSP RTP buffer over-read (CVE-2018-1000122)

  - curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service
    (CVE-2018-1000301)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  # https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.2_release_notes/chap-rhscl#sect-RHSCL-Changes-httpd
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?67615582");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1362183");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1362190");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1362199");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1373229");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1375906");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388370");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388371");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388377");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388378");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388379");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388382");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388385");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388386");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388388");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388390");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1388392");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1406712");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1439190");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1478309");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1478310");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1495541");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1503705");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515757");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515760");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518737");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1537125");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1540167");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1552628");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1552631");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1553398");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1558450");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560395");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560399");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560599");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560614");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560634");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560643");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1575536");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1605048");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1622707");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1628389");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1633260");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1633399");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1634830");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1640722");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1646937");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1648928");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_3558.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?719eab2b");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3558");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14618");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 99, 120, 122, 125, 190, 200, 287, 295, 305, 400, 416, 476, 787);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/11/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-libcurl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-libcurl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-libnghttp2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-libnghttp2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_md");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_proxy_html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_session");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:httpd24-nghttp2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['6','7'])) audit(AUDIT_OS_NOT, 'Red Hat 6.x / 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/6/6Server/x86_64/rhscl/1/debug',
      'content/dist/rhel/server/6/6Server/x86_64/rhscl/1/os',
      'content/dist/rhel/server/6/6Server/x86_64/rhscl/1/source/SRPMS',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/rhscl/1/debug',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/rhscl/1/os',
      'content/dist/rhel/workstation/6/6Workstation/x86_64/rhscl/1/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'httpd24-curl-7.61.1-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-httpd-2.4.34-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-httpd-devel-2.4.34-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-httpd-manual-2.4.34-7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-httpd-tools-2.4.34-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-libcurl-7.61.1-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-libcurl-devel-7.61.1-1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-libnghttp2-1.7.1-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-libnghttp2-devel-1.7.1-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-mod_ldap-2.4.34-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-mod_proxy_html-2.4.34-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'httpd24-mod_session-2.4.34-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-mod_ssl-2.4.34-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'httpd24-nghttp2-1.7.1-7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',
      'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',
      'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',
      'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',
      'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',
      'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'httpd24-curl-7.61.1-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-httpd-2.4.34-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-httpd-devel-2.4.34-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-httpd-manual-2.4.34-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-httpd-tools-2.4.34-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-libcurl-7.61.1-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-libcurl-devel-7.61.1-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-libnghttp2-1.7.1-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-libnghttp2-devel-1.7.1-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-mod_ldap-2.4.34-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-mod_md-2.4.34-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-mod_proxy_html-2.4.34-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'httpd24-mod_session-2.4.34-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'httpd24-mod_ssl-2.4.34-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'httpd24-nghttp2-1.7.1-7.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'httpd24-curl / httpd24-httpd / httpd24-httpd-devel / etc');
}

VendorProductVersionCPE
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linuxhttpd24-curlp-cpe:/a:redhat:enterprise_linux:httpd24-curl
redhatenterprise_linuxhttpd24-httpdp-cpe:/a:redhat:enterprise_linux:httpd24-httpd
redhatenterprise_linuxhttpd24-httpd-develp-cpe:/a:redhat:enterprise_linux:httpd24-httpd-devel
redhatenterprise_linuxhttpd24-httpd-manualp-cpe:/a:redhat:enterprise_linux:httpd24-httpd-manual
redhatenterprise_linuxhttpd24-httpd-toolsp-cpe:/a:redhat:enterprise_linux:httpd24-httpd-tools
redhatenterprise_linuxhttpd24-libcurlp-cpe:/a:redhat:enterprise_linux:httpd24-libcurl
redhatenterprise_linuxhttpd24-libcurl-develp-cpe:/a:redhat:enterprise_linux:httpd24-libcurl-devel
redhatenterprise_linuxhttpd24-libnghttp2p-cpe:/a:redhat:enterprise_linux:httpd24-libnghttp2

Vendor	Product	Version	CPE
redhat	enterprise_linux	6	cpe:/o:redhat:enterprise_linux:6
redhat	enterprise_linux	7	cpe:/o:redhat:enterprise_linux:7
redhat	enterprise_linux	httpd24-curl	p-cpe:/a:redhat:enterprise_linux:httpd24-curl
redhat	enterprise_linux	httpd24-httpd	p-cpe:/a:redhat:enterprise_linux:httpd24-httpd
redhat	enterprise_linux	httpd24-httpd-devel	p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-devel
redhat	enterprise_linux	httpd24-httpd-manual	p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-manual
redhat	enterprise_linux	httpd24-httpd-tools	p-cpe:/a:redhat:enterprise_linux:httpd24-httpd-tools
redhat	enterprise_linux	httpd24-libcurl	p-cpe:/a:redhat:enterprise_linux:httpd24-libcurl
redhat	enterprise_linux	httpd24-libcurl-devel	p-cpe:/a:redhat:enterprise_linux:httpd24-libcurl-devel
redhat	enterprise_linux	httpd24-libnghttp2	p-cpe:/a:redhat:enterprise_linux:httpd24-libnghttp2

Rows per page:

1-10 of 171

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7167

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11763

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618

www.nessus.org/u?67615582

www.nessus.org/u?719eab2b

access.redhat.com/errata/RHSA-2018:3558

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1362183

bugzilla.redhat.com/show_bug.cgi?id=1362190

bugzilla.redhat.com/show_bug.cgi?id=1362199

bugzilla.redhat.com/show_bug.cgi?id=1373229

bugzilla.redhat.com/show_bug.cgi?id=1375906

bugzilla.redhat.com/show_bug.cgi?id=1388370

bugzilla.redhat.com/show_bug.cgi?id=1388371

bugzilla.redhat.com/show_bug.cgi?id=1388377

bugzilla.redhat.com/show_bug.cgi?id=1388378

bugzilla.redhat.com/show_bug.cgi?id=1388379

bugzilla.redhat.com/show_bug.cgi?id=1388382

bugzilla.redhat.com/show_bug.cgi?id=1388385

bugzilla.redhat.com/show_bug.cgi?id=1388386

bugzilla.redhat.com/show_bug.cgi?id=1388388

bugzilla.redhat.com/show_bug.cgi?id=1388390

bugzilla.redhat.com/show_bug.cgi?id=1388392

bugzilla.redhat.com/show_bug.cgi?id=1406712

bugzilla.redhat.com/show_bug.cgi?id=1439190

bugzilla.redhat.com/show_bug.cgi?id=1478309

bugzilla.redhat.com/show_bug.cgi?id=1478310

bugzilla.redhat.com/show_bug.cgi?id=1495541

bugzilla.redhat.com/show_bug.cgi?id=1503705

bugzilla.redhat.com/show_bug.cgi?id=1515757

bugzilla.redhat.com/show_bug.cgi?id=1515760

bugzilla.redhat.com/show_bug.cgi?id=1518737

bugzilla.redhat.com/show_bug.cgi?id=1537125

bugzilla.redhat.com/show_bug.cgi?id=1540167

bugzilla.redhat.com/show_bug.cgi?id=1552628

bugzilla.redhat.com/show_bug.cgi?id=1552631

bugzilla.redhat.com/show_bug.cgi?id=1553398

bugzilla.redhat.com/show_bug.cgi?id=1558450

bugzilla.redhat.com/show_bug.cgi?id=1560395

bugzilla.redhat.com/show_bug.cgi?id=1560399

bugzilla.redhat.com/show_bug.cgi?id=1560599

bugzilla.redhat.com/show_bug.cgi?id=1560614

bugzilla.redhat.com/show_bug.cgi?id=1560634

bugzilla.redhat.com/show_bug.cgi?id=1560643

bugzilla.redhat.com/show_bug.cgi?id=1575536

bugzilla.redhat.com/show_bug.cgi?id=1605048

bugzilla.redhat.com/show_bug.cgi?id=1622707

bugzilla.redhat.com/show_bug.cgi?id=1628389

bugzilla.redhat.com/show_bug.cgi?id=1633260

bugzilla.redhat.com/show_bug.cgi?id=1633399

bugzilla.redhat.com/show_bug.cgi?id=1634830

bugzilla.redhat.com/show_bug.cgi?id=1640722

bugzilla.redhat.com/show_bug.cgi?id=1646937

bugzilla.redhat.com/show_bug.cgi?id=1648928

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.962 High

EPSS

Percentile

99.5%

JSON

Related for REDHAT-RHSA-2018-3558.NASL