Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2523-1.NASL
HistoryMar 11, 2015 - 12:00 a.m.

Ubuntu 14.04 LTS : Apache HTTP Server vulnerabilities (USN-2523-1)

2015-03-1100:00:00
Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

Martin Holst Swende discovered that the mod_headers module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. (CVE-2013-5704)

Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2014-3581)

Teguh P. Alko discovered that the mod_proxy_fcgi module incorrectly handled long response headers. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.10. (CVE-2014-3583)

It was discovered that the mod_lua module incorrectly handled different arguments within different contexts. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.10. (CVE-2014-8109)

Guido Vranken discovered that the mod_lua module incorrectly handled a specially crafted websocket PING in certain circumstances. A remote attacker could possibly use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.10. (CVE-2015-0228).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2523-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81755);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");

  script_cve_id(
    "CVE-2013-5704",
    "CVE-2014-3581",
    "CVE-2014-3583",
    "CVE-2014-8109",
    "CVE-2015-0228"
  );
  script_bugtraq_id(66550, 71656, 71657);
  script_xref(name:"USN", value:"2523-1");

  script_name(english:"Ubuntu 14.04 LTS : Apache HTTP Server vulnerabilities (USN-2523-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"Martin Holst Swende discovered that the mod_headers module allowed
HTTP trailers to replace HTTP headers during request processing. A
remote attacker could possibly use this issue to bypass RequestHeaders
directives. (CVE-2013-5704)

Mark Montague discovered that the mod_cache module incorrectly handled
empty HTTP Content-Type headers. A remote attacker could use this
issue to cause the server to stop responding, leading to a denial of
service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2014-3581)

Teguh P. Alko discovered that the mod_proxy_fcgi module incorrectly
handled long response headers. A remote attacker could use this issue
to cause the server to stop responding, leading to a denial of
service. This issue only affected Ubuntu 14.10. (CVE-2014-3583)

It was discovered that the mod_lua module incorrectly handled
different arguments within different contexts. A remote attacker could
possibly use this issue to bypass intended access restrictions. This
issue only affected Ubuntu 14.10. (CVE-2014-8109)

Guido Vranken discovered that the mod_lua module incorrectly handled a
specially crafted websocket PING in certain circumstances. A remote
attacker could possibly use this issue to cause the server to stop
responding, leading to a denial of service. This issue only affected
Ubuntu 14.10. (CVE-2015-0228).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2523-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5704");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2014-8109");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-macro");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-html");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'apache2', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-mpm-event', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-mpm-itk', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-mpm-prefork', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-mpm-worker', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-suexec', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'apache2.2-bin', 'pkgver': '2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'libapache2-mod-macro', 'pkgver': '1:2.4.7-1ubuntu4.4'},
    {'osver': '14.04', 'pkgname': 'libapache2-mod-proxy-html', 'pkgver': '1:2.4.7-1ubuntu4.4'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dev / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxapache2.2-binp-cpe:/a:canonical:ubuntu_linux:apache2.2-bin
canonicalubuntu_linuxlibapache2-mod-macrop-cpe:/a:canonical:ubuntu_linux:libapache2-mod-macro
canonicalubuntu_linuxlibapache2-mod-proxy-htmlp-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-html
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linuxapache2p-cpe:/a:canonical:ubuntu_linux:apache2
canonicalubuntu_linuxapache2-binp-cpe:/a:canonical:ubuntu_linux:apache2-bin
canonicalubuntu_linuxapache2-datap-cpe:/a:canonical:ubuntu_linux:apache2-data
canonicalubuntu_linuxapache2-devp-cpe:/a:canonical:ubuntu_linux:apache2-dev
canonicalubuntu_linuxapache2-mpm-eventp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event
canonicalubuntu_linuxapache2-mpm-itkp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk
Rows per page:
1-10 of 161

Related

openvas 35
ubuntu 1
securityvulns 9
nessus 60
fedora 5
amazon 3
slackware 2
freebsd 3
f5 6
hackerone 4
oraclelinux 4
redhat 10
centos 2
osv 1
debian 1
mageia 3
prion 5
cve 5
httpd 6
debiancve 5
ubuntucve 5
seebug 1
veracode 4
ibm 6
gentoo 3
archlinux 1
kaspersky 1
oracle 4
openvas
openvas
Ubuntu: Security Advisory (USN-2523-1)
2015-03-11 00:00:00
Slackware: Security Advisory (SSA:2015-111-03)
2022-04-21 00:00:00
Fedora Update for httpd FEDORA-2014-17195
2015-03-16 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2015-03-10 00:00:00
securityvulns
securityvulns
[USN-2523-1] Apache HTTP Server vulnerabilities
2015-03-15 00:00:00
Apache multiple security vulnerabilities
2015-04-16 00:00:00
[slackware-security] httpd &#40;SSA:2015-198-01&#41;
2015-07-20 00:00:00
nessus
nessus
Amazon Linux AMI : httpd24 (ALAS-2015-483)
2015-02-13 00:00:00
FreeBSD : apache24 -- several vulnerabilities (5804b9d4-a959-11e4-9363-20cf30e32f6d)
2015-02-02 00:00:00
Apache 2.4.x < 2.4.12 Multiple Vulnerabilities
2019-01-09 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: httpd-2.4.10-15.fc21
2015-03-16 01:41:46
[SECURITY] Fedora 20 Update: httpd-2.4.10-2.fc20
2015-02-28 10:22:55
[SECURITY] Fedora 21 Update: httpd-2.4.12-1.fc21
2015-06-02 15:17:51
amazon
amazon
Low: httpd24
2015-02-12 10:57:00
Low: httpd
2014-09-17 21:48:00
Medium: httpd24
2015-08-17 12:27:00
slackware
slackware
[slackware-security] httpd
2015-04-22 01:20:26
[slackware-security] httpd
2015-07-17 20:25:06
freebsd
freebsd
apache24 -- several vulnerabilities
2015-01-29 00:00:00
apache22 -- several vulnerabilities
2014-07-19 00:00:00
apache24 -- multiple vulnerabilities
2015-02-04 00:00:00
f5
f5
SOL16847 - Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583
2015-07-02 00:00:00
Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583
2015-07-03 00:14:00
SOL16863 - Apache vulnerability CVE-2013-5704
2015-07-07 00:00:00
hackerone
hackerone
Open-Xchange: Outdated Apache Server in www.dovecot.fi is vulnerable to various attack.
2016-05-18 16:33:46
Internet Bug Bounty: mod_proxy_fcgi buffer overflow
2014-09-17 00:00:00
Internet Bug Bounty: mod_lua: Crash in websockets PING handling
2015-01-28 00:00:00
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2015-03-11 00:00:00
httpd24-httpd security and bug fix update
2016-02-04 00:00:00
httpd security, bug fix, and enhancement update
2015-07-28 00:00:00
redhat
redhat
(RHSA-2015:0325) Low: httpd security, bug fix, and enhancement update
2015-03-05 00:00:00
(RHSA-2014:1972) Low: httpd24-httpd security and bug fix update
2014-12-09 00:00:00
(RHSA-2015:2660) Moderate: Red Hat JBoss Web Server 3.0.2 security update
2015-12-16 18:09:36
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2015-03-17 13:28:17
httpd, mod_ssl security update
2015-07-26 14:13:10
osv
osv
apache2 - security update
2014-10-16 00:00:00
debian
debian
[SECURITY] [DLA 71-1] apache2 security update
2014-10-16 10:10:48
mageia
mageia
Updated apache packages fix security vulnerabilities
2014-12-13 23:16:05
Updated apache packages fix CVE-2014-8109
2015-01-07 19:32:10
Updated apache packages fix CVE-2015-0228
2015-03-06 21:08:57
prion
prion
Authorization
2014-12-29 23:59:00
Design/Logic Flaw
2014-12-15 18:59:00
Design/Logic Flaw
2014-04-15 10:55:00
cve
cve
CVE-2014-8109
2014-12-29 23:59:00
CVE-2014-3583
2014-12-15 18:59:00
CVE-2013-5704
2014-04-15 10:55:00
httpd
httpd
Apache Httpd < 2.4.12 : mod_lua multiple "Require" directive handling is broken
2014-11-09 00:00:00
Apache Httpd < 2.2.29 : HTTP Trailers processing bypass
2013-09-06 00:00:00
Apache Httpd < 2.4.12 : HTTP Trailers processing bypass
2013-09-06 00:00:00
debiancve
debiancve
CVE-2014-8109
2014-12-29 23:59:00
CVE-2013-5704
2014-04-15 10:55:00
CVE-2014-3583
2014-12-15 18:59:00
ubuntucve
ubuntucve
CVE-2014-8109
2014-12-29 00:00:00
CVE-2013-5704
2014-04-15 00:00:00
CVE-2014-3583
2014-12-15 00:00:00
seebug
seebug
ModSecurity 'mod_headers'模块安全限制绕过漏洞
2014-04-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:05:52
Authorization Bypass
2019-01-15 09:03:16
Denial Of Service (DoS)
2019-01-15 09:07:16
ibm
ibm
Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console (CVE-2013-5704, CVE-2015-3183)
2021-09-23 01:31:39
Security Bulletin: Multiple vulnerabilities fixed in IBM HTTP Server (APAR PI22070)
2018-06-15 07:00:11
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35
2022-09-08 00:26:26
gentoo
gentoo
Apache: Multiple vulnerabilities
2015-04-11 00:00:00
Apache: Multiple vulnerabilities
2016-10-06 00:00:00
Apache: Multiple vulnerabilities
2017-01-15 00:00:00
archlinux
archlinux
apache: multiple issues
2015-07-17 00:00:00
kaspersky
kaspersky
KLA10640 Multiple vulnerabilities in Apache HTTP Server
2015-07-21 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00
JSON
Related for UBUNTU_USN-2523-1.NASL
openvas35ubuntu1securityvulns9nessus60fedora5amazon3slackware2freebsd3f56hackerone4oraclelinux4redhat10centos2osv1debian1mageia3prion5cve5httpd6debiancve5ubuntucve5seebug1veracode4ibm6gentoo3archlinux1kaspersky1oracle4