Lucene search
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2018 Tenable Network Security, Inc.UBUNTU_USN-160-2.NASLHistoryJan 15, 2006 - 12:00 a.m.
Ubuntu 4.10 / 5.04 : apache vulnerability (USN-160-2)
2006-01-1500:00:00
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2018 Tenable Network Security, Inc.
www.tenable.com
9
USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CAN-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the ‘universe’ component of the archive).
For reference, this is the relevant part of the original advisory :
Watchfire discovered that Apache insufficiently verified the ‘Transfer-Encoding’ and ‘Content-Length’ headers when acting as an HTTP proxy. By sending a specially crafted HTTP request, a remote attacker who is authorized to use the proxy could exploit this to bypass web application firewalls, poison the HTTP proxy cache, and conduct cross-site scripting attacks against other proxy users.
(CAN-2005-2088).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-160-2. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20566);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2005-2088");
script_xref(name:"USN", value:"160-2");
script_name(english:"Ubuntu 4.10 / 5.04 : apache vulnerability (USN-160-2)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old
Apache 1 server was also vulnerable to one of the vulnerabilities
(CAN-2005-2088). Please note that Apache 1 is not officially supported
in Ubuntu (it is in the 'universe' component of the archive).
For reference, this is the relevant part of the original advisory :
Watchfire discovered that Apache insufficiently verified the
'Transfer-Encoding' and 'Content-Length' headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.
(CAN-2005-2088).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache-perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache-ssl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache-mod-perl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
script_set_attribute(attribute:"patch_publication_date", value:"2005/09/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/06");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2018 Tenable Network Security, Inc.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"4.10", pkgname:"apache", pkgver:"1.3.31-6ubuntu0.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache-common", pkgver:"1.3.31-6ubuntu0.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache-dbg", pkgver:"1.3.31-6ubuntu0.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache-dev", pkgver:"1.3.31-6ubuntu0.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache-doc", pkgver:"1.3.31-6ubuntu0.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache-perl", pkgver:"1.3.31-6ubuntu0.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache-ssl", pkgver:"1.3.31-6ubuntu0.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"apache-utils", pkgver:"1.3.31-6ubuntu0.8")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"libapache-mod-perl", pkgver:"1.29.0.2.0-6ubuntu0.8")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache", pkgver:"1.3.33-4ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache-common", pkgver:"1.3.33-4ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache-dbg", pkgver:"1.3.33-4ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache-dev", pkgver:"1.3.33-4ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache-doc", pkgver:"1.3.33-4ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache-perl", pkgver:"1.3.33-4ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache-ssl", pkgver:"1.3.33-4ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"apache-utils", pkgver:"1.3.33-4ubuntu1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libapache-mod-perl", pkgver:"1.29.0.3-4ubuntu1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache / apache-common / apache-dbg / apache-dev / apache-doc / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | apache | p-cpe:/a:canonical:ubuntu_linux:apache |
| canonical | ubuntu_linux | apache-common | p-cpe:/a:canonical:ubuntu_linux:apache-common |
| canonical | ubuntu_linux | apache-dbg | p-cpe:/a:canonical:ubuntu_linux:apache-dbg |
| canonical | ubuntu_linux | apache-dev | p-cpe:/a:canonical:ubuntu_linux:apache-dev |
| canonical | ubuntu_linux | apache-doc | p-cpe:/a:canonical:ubuntu_linux:apache-doc |
| canonical | ubuntu_linux | apache-perl | p-cpe:/a:canonical:ubuntu_linux:apache-perl |
| canonical | ubuntu_linux | apache-ssl | p-cpe:/a:canonical:ubuntu_linux:apache-ssl |
| canonical | ubuntu_linux | apache-utils | p-cpe:/a:canonical:ubuntu_linux:apache-utils |
| canonical | ubuntu_linux | libapache-mod-perl | p-cpe:/a:canonical:ubuntu_linux:libapache-mod-perl |
| canonical | ubuntu_linux | 4.10 | cpe:/o:canonical:ubuntu_linux:4.10 |
Related
nessus
nessus
Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : apache (SSA:2005-310-04)
2005-11-07 00:00:00
HP-UX PHSS_34169 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
2006-03-21 00:00:00
Mandrake Linux Security Advisory : apache (MDKSA-2005:130)
2005-10-05 00:00:00
openvas
openvas
Debian Security Advisory DSA 803-1 (apache)
2008-01-17 00:00:00
FreeBSD Ports: apache
2008-09-04 00:00:00
SLES9: Security update for apache and mod_ssl
2009-10-10 00:00:00
osv
osv
apache - programming error
2005-09-08 00:00:00
apache2 - several
2005-09-08 00:00:00
ubuntucve
ubuntucve
CVE-2005-2088
2005-07-05 00:00:00
cve
cve
CVE-2005-2088
2005-07-05 04:00:00
freebsd
freebsd
apache -- http request smuggling
2005-07-25 00:00:00
debian
debian
[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling
2005-09-08 00:00:00
[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling
2005-09-08 06:00:50
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 00:00:00
httpd
httpd
Apache Httpd < 2.0.55 : HTTP Request Spoofing
2005-10-14 00:00:00
cvelist
cvelist
CVE-2005-2088
2005-06-30 04:00:00
debiancve
debiancve
CVE-2005-2088
2005-07-05 04:00:00
suse
suse
authentication bypass in apache,apache2
2005-08-16 08:42:40
redhat
redhat
(RHSA-2005:582) httpd security update
2005-07-25 00:00:00
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-08-04 00:00:00
centos
centos
httpd, mod_ssl security update
2005-07-25 10:13:58
Related for UBUNTU_USN-160-2.NASL