Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.UBUNTU_USN-160-1.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Ubuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1)

2006-01-1500:00:00
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
www.tenable.com
11
JSON

Marc Stern discovered a buffer overflow in the SSL module’s certificate revocation list (CRL) handler. If Apache is configured to use a malicious CRL, this could possibly lead to a server crash or arbitrary code execution with the privileges of the Apache web server.
(CAN-2005-1268)

Watchfire discovered that Apache insufficiently verified the ‘Transfer-Encoding’ and ‘Content-Length’ headers when acting as an HTTP proxy. By sending a specially crafted HTTP request, a remote attacker who is authorized to use the proxy could exploit this to bypass web application firewalls, poison the HTTP proxy cache, and conduct cross-site scripting attacks against other proxy users.
(CAN-2005-2088).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-160-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20565);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2005-1268", "CVE-2005-2088");
  script_bugtraq_id(14106, 14366);
  script_xref(name:"USN", value:"160-1");

  script_name(english:"Ubuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Marc Stern discovered a buffer overflow in the SSL module's
certificate revocation list (CRL) handler. If Apache is configured to
use a malicious CRL, this could possibly lead to a server crash or
arbitrary code execution with the privileges of the Apache web server.
(CAN-2005-1268)

Watchfire discovered that Apache insufficiently verified the
'Transfer-Encoding' and 'Content-Length' headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.
(CAN-2005-2088).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/08/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"4.10", pkgname:"apache2", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-common", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-doc", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-mpm-perchild", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-mpm-prefork", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-mpm-threadpool", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-mpm-worker", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-prefork-dev", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache2-threaded-dev", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libapr0", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libapr0-dev", pkgver:"2.0.50-12ubuntu4.3")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-common", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-doc", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-mpm-perchild", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-mpm-prefork", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-mpm-threadpool", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-mpm-worker", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-prefork-dev", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-threaded-dev", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache2-utils", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libapr0", pkgver:"2.0.53-5ubuntu5.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libapr0-dev", pkgver:"2.0.53-5ubuntu5.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-common / apache2-doc / apache2-mpm-perchild / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxapache2p-cpe:/a:canonical:ubuntu_linux:apache2
canonicalubuntu_linuxapache2-commonp-cpe:/a:canonical:ubuntu_linux:apache2-common
canonicalubuntu_linuxapache2-docp-cpe:/a:canonical:ubuntu_linux:apache2-doc
canonicalubuntu_linuxapache2-mpm-perchildp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild
canonicalubuntu_linuxapache2-mpm-preforkp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork
canonicalubuntu_linuxapache2-mpm-threadpoolp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-threadpool
canonicalubuntu_linuxapache2-mpm-workerp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker
canonicalubuntu_linuxapache2-prefork-devp-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev
canonicalubuntu_linuxapache2-threaded-devp-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev
canonicalubuntu_linuxapache2-utilsp-cpe:/a:canonical:ubuntu_linux:apache2-utils
Rows per page:
1-10 of 141

Related

nessus 26
suse 1
centos 1
ubuntu 1
openvas 32
redhat 1
osv 2
debian 4
freebsd 2
ubuntucve 2
cve 2
debiancve 2
httpd 2
nessus
nessus
Fedora Core 3 : httpd-2.0.53-3.2 (2005-638)
2005-08-03 00:00:00
CentOS 3 / 4 : httpd (CESA-2005:582)
2006-07-03 00:00:00
Fedora Core 4 : httpd-2.0.54-10.1 (2005-639)
2005-08-03 00:00:00
suse
suse
authentication bypass in apache,apache2
2005-08-16 08:42:40
centos
centos
httpd, mod_ssl security update
2005-07-25 10:13:58
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-08-04 00:00:00
openvas
openvas
SLES9: Security update for Apache 2 oes/CORE
2009-10-10 00:00:00
SLES9: Security update for Apache 2 oes/CORE
2009-10-10 00:00:00
Debian Security Advisory DSA 805-1 (apache2)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2005:582) httpd security update
2005-07-25 00:00:00
osv
osv
apache2 - several
2005-09-08 00:00:00
apache - programming error
2005-09-08 00:00:00
debian
debian
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling
2005-09-08 06:00:50
freebsd
freebsd
apache -- http request smuggling
2005-07-25 00:00:00
apache -- Certificate Revocation List (CRL) off-by-one vulnerability
2005-07-12 00:00:00
ubuntucve
ubuntucve
CVE-2005-1268
2005-08-05 00:00:00
CVE-2005-2088
2005-07-05 00:00:00
cve
cve
CVE-2005-2088
2005-07-05 04:00:00
CVE-2005-1268
2005-08-05 04:00:00
debiancve
debiancve
CVE-2005-1268
2005-08-05 04:00:00
CVE-2005-2088
2005-07-05 04:00:00
httpd
httpd
Apache Httpd < 2.0.55 : HTTP Request Spoofing
2005-10-14 00:00:00
Apache Httpd < 2.0.55 : Malicious CRL off-by-one
2005-10-14 00:00:00
JSON
Related for UBUNTU_USN-160-1.NASL
nessus26suse1centos1ubuntu1openvas32redhat1osv2debian4freebsd2ubuntucve2cve2debiancve2httpd2