Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-731-1.NASL
HistoryApr 23, 2009 - 12:00 a.m.

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : apache2 vulnerabilities (USN-731-1)

2009-04-2300:00:00
Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
JSON

It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2007-6203)

It was discovered that Apache was vulnerable to a cross-site request forgery (CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420)

It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. (CVE-2008-1678)

It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168)

It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. (CVE-2008-2364)

It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2008-2939).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-731-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(36589);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2007-6203", "CVE-2007-6420", "CVE-2008-1678", "CVE-2008-2168", "CVE-2008-2364", "CVE-2008-2939");
  script_bugtraq_id(26663, 27236, 29653, 30560, 31692);
  script_xref(name:"USN", value:"731-1");

  script_name(english:"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : apache2 vulnerabilities (USN-731-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that Apache did not sanitize the method specifier
header from an HTTP request when it is returned in an error message,
which could result in browsers becoming vulnerable to cross-site
scripting attacks when processing the output. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such
as passwords), within the same domain. This issue only affected Ubuntu
6.06 LTS and 7.10. (CVE-2007-6203)

It was discovered that Apache was vulnerable to a cross-site request
forgery (CSRF) in the mod_proxy_balancer balancer manager. If an
Apache administrator were tricked into clicking a link on a specially
crafted web page, an attacker could trigger commands that could modify
the balancer manager configuration. This issue only affected Ubuntu
7.10 and 8.04 LTS. (CVE-2007-6420)

It was discovered that Apache had a memory leak when using mod_ssl
with compression. A remote attacker could exploit this to exhaust
server memory, leading to a denial of service. This issue only
affected Ubuntu 7.10. (CVE-2008-1678)

It was discovered that in certain conditions, Apache did not specify a
default character set when returning certain error messages containing
UTF-7 encoded data, which could result in browsers becoming vulnerable
to cross-site scripting attacks when processing the output. This issue
only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168)

It was discovered that when configured as a proxy server, Apache did
not limit the number of forwarded interim responses. A malicious
remote server could send a large number of interim responses and cause
a denial of service via memory exhaustion. (CVE-2008-2364)

It was discovered that mod_proxy_ftp did not sanitize wildcard
pathnames when they are returned in directory listings, which could
result in browsers becoming vulnerable to cross-site scripting attacks
when processing the output. (CVE-2008-2939).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/731-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(79, 352, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-src");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|7\.10|8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.10 / 8.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"apache2", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-common", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-doc", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-perchild", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-prefork", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-worker", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-prefork-dev", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-threaded-dev", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-utils", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libapr0", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libapr0-dev", pkgver:"2.0.55-4ubuntu2.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2-doc", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2-mpm-event", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2-mpm-perchild", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2-mpm-prefork", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2-mpm-worker", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2-prefork-dev", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2-src", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2-threaded-dev", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2-utils", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"apache2.2-common", pkgver:"2.2.4-3ubuntu0.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2", pkgver:"2.2.8-1ubuntu0.4")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-doc", pkgver:"2.2.8-1ubuntu0.4")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-event", pkgver:"2.2.8-1ubuntu0.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-perchild", pkgver:"2.2.8-1ubuntu0.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-prefork", pkgver:"2.2.8-1ubuntu0.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-worker", pkgver:"2.2.8-1ubuntu0.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-prefork-dev", pkgver:"2.2.8-1ubuntu0.4")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-src", pkgver:"2.2.8-1ubuntu0.4")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-threaded-dev", pkgver:"2.2.8-1ubuntu0.4")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-utils", pkgver:"2.2.8-1ubuntu0.4")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2.2-common", pkgver:"2.2.8-1ubuntu0.5")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-common / apache2-doc / apache2-mpm-event / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxapache2p-cpe:/a:canonical:ubuntu_linux:apache2
canonicalubuntu_linuxapache2-commonp-cpe:/a:canonical:ubuntu_linux:apache2-common
canonicalubuntu_linuxapache2-docp-cpe:/a:canonical:ubuntu_linux:apache2-doc
canonicalubuntu_linuxapache2-mpm-eventp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event
canonicalubuntu_linuxapache2-mpm-perchildp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild
canonicalubuntu_linuxapache2-mpm-preforkp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork
canonicalubuntu_linuxapache2-mpm-workerp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker
canonicalubuntu_linuxapache2-prefork-devp-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev
canonicalubuntu_linuxapache2-srcp-cpe:/a:canonical:ubuntu_linux:apache2-src
canonicalubuntu_linuxapache2-threaded-devp-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev
Rows per page:
1-10 of 171

Related

ubuntu 1
openvas 72
redhat 3
securityvulns 7
gentoo 2
nessus 43
freebsd 2
altlinux 10
oraclelinux 2
centos 2
fedora 2
checkpoint_advisories 5
prion 7
cve 7
ubuntucve 7
debiancve 7
veracode 4
seebug 5
httpd 5
cert 1
packetstorm 1
f5 2
kaspersky 1
suse 1
ubuntu
ubuntu
Apache vulnerabilities
2009-03-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-731-1)
2009-03-13 00:00:00
Gentoo Security Advisory GLSA 200807-06 (apache)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200807-06 (apache)
2008-09-24 00:00:00
redhat
redhat
(RHSA-2008:0966) Moderate: Red Hat Application Stack v2.2 security and enhancement update
2008-12-04 00:00:00
(RHSA-2008:0967) Moderate: httpd security and bug fix update
2008-11-11 00:00:00
(RHSA-2009:1075) Moderate: httpd security update
2009-05-27 00:00:00
securityvulns
securityvulns
[ GLSA 200807-06 ] Apache: Denial of Service
2008-07-12 00:00:00
Apache multiple DoS conditions
2008-07-12 00:00:00
[ MDVSA-2009:124 ] apache
2009-06-01 00:00:00
gentoo
gentoo
Apache: Denial of service
2008-07-09 00:00:00
Apache: Multiple vulnerabilities
2008-03-11 00:00:00
nessus
nessus
openSUSE 10 Security Update : apache2 (apache2-5648)
2008-11-05 00:00:00
openSUSE Security Update : apache2 (apache2-222)
2009-07-21 00:00:00
GLSA-200807-06 : Apache: Denial of Service
2008-07-10 00:00:00
freebsd
freebsd
apache -- multiple vulnerabilities
2008-06-14 00:00:00
apache -- Cross-site scripting vulnerability
2008-07-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.9-alt1
2008-07-08 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.9-alt1
2008-07-08 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.9-alt1
2008-07-08 00:00:00
oraclelinux
oraclelinux
httpd security and bug fix update
2008-11-11 00:00:00
httpd security update
2009-05-27 00:00:00
centos
centos
httpd, mod_ssl security update
2008-11-11 20:45:50
httpd, mod_ssl security update
2009-05-28 17:08:08
fedora
fedora
[SECURITY] Fedora 9 Update: httpd-2.2.9-1.fc9
2008-08-07 23:48:09
[SECURITY] Fedora 8 Update: httpd-2.2.9-1.fc8
2008-08-07 23:57:20
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Apache HTTP Server 413 Error Page Cross-Site Scripting Vulnerability
2007-12-04 00:00:00
Update protection against Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross Site Scripting
2008-09-19 00:00:00
Update Protection against Apache mod_proxy_ftp XSS Vulnerability
2008-09-19 00:00:00
prion
prion
Cross site scripting
2008-05-13 21:20:00
Cross site scripting
2008-08-06 18:41:00
Design/Logic Flaw
2008-06-13 18:41:00
cve
cve
CVE-2008-2168
2008-05-13 21:20:00
CVE-2008-2939
2008-08-06 18:41:00
CVE-2007-6420
2008-01-12 00:46:00
ubuntucve
ubuntucve
CVE-2008-2168
2008-05-13 00:00:00
CVE-2008-2939
2008-08-06 00:00:00
CVE-2007-6420
2008-01-12 00:00:00
debiancve
debiancve
CVE-2008-2168
2008-05-13 21:20:00
CVE-2008-2939
2008-08-06 18:41:00
CVE-2007-6420
2008-01-12 00:46:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:29:44
Denial Of Service (DoS)
2020-04-10 00:29:44
Cross-Site Request Forgery (CSRF)
2020-04-10 00:29:43
seebug
seebug
Apache mod_proxy_ftp模块通配符字符跨站脚本漏洞
2008-08-08 00:00:00
IBM HTTP Server mod_proxy_ftp 跨站脚本漏洞
2009-02-16 00:00:00
Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
2010-05-12 00:00:00
httpd
httpd
Apache Httpd < 2.0.64 : mod_proxy_ftp globbing XSS
2008-07-28 00:00:00
Apache Httpd < 2.2.9 : mod_proxy_balancer CSRF
2007-10-12 00:00:00
Apache Httpd < 2.2.10 : mod_proxy_ftp globbing XSS
2008-07-28 00:00:00
cert
cert
Apache mod_proxy_ftp XSS vulnerability
2008-08-08 00:00:00
packetstorm
packetstorm
ProtonMail.ch Header Injection / CSRF
2014-05-30 00:00:00
f5
f5
SOL15405 - OpenSSL 0.9.8l vulnerability CVE-2009-4355
2014-07-10 00:00:00
K15405 : OpenSSL 0.9.8l vulnerability CVE-2009-4355
2014-07-10 00:00:00
kaspersky
kaspersky
KLA10066 Multiple vulnerabilities in Apache httpd
2010-10-19 00:00:00
suse
suse
cross site scripting in apache2,apache
2008-04-04 16:29:16
JSON
Related for UBUNTU_USN-731-1.NASL
ubuntu1openvas72redhat3securityvulns7gentoo2nessus43freebsd2altlinux10oraclelinux2centos2fedora2checkpoint_advisories5prion7cve7ubuntucve7debiancve7veracode4seebug5httpd5cert1packetstorm1f52kaspersky1suse1