Search...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 vulnerabilities (USN-787-1)

2009-06-12T00:00:00

ID UBUNTU_USN-787-1.NASL
Type nessus
Reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2009-06-12T00:00:00

Description

Matthew Palmer discovered an underflow flaw in apr-util as included in Apache. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-0023)

Sander de Boer discovered that mod_proxy_ajp would reuse connections when a client closed a connection without sending a request body. A remote attacker could exploit this to obtain sensitive response data. This issue only affected Ubuntu 9.04. (CVE-2009-1191)

Jonathan Peatfield discovered that Apache did not process Includes options correctly. With certain configurations of Options and AllowOverride, a local attacker could use an .htaccess file to override intended restrictions and execute arbitrary code via a Server-Side-Include file. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1195)

It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-1955)

C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when formatting certain strings. For big-endian machines (powerpc, hppa and sparc in Ubuntu), a remote attacker could cause a denial of service or information disclosure leak. All other architectures for Ubuntu are not considered to be at risk. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-1956).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-787-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# &lt;http://www.ubuntu.com/usn/&gt;. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(39371);
  script_version("1.21");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1955", "CVE-2009-1956");
  script_bugtraq_id(34663, 35115, 35221, 35251, 35253);
  script_xref(name:"USN", value:"787-1");

  script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 vulnerabilities (USN-787-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Matthew Palmer discovered an underflow flaw in apr-util as included in
Apache. An attacker could cause a denial of service via application
crash in Apache using a crafted SVNMasterURI directive, .htaccess
file, or when using mod_apreq2. This issue only affected Ubuntu 6.06
LTS. (CVE-2009-0023)

Sander de Boer discovered that mod_proxy_ajp would reuse connections
when a client closed a connection without sending a request body. A
remote attacker could exploit this to obtain sensitive response data.
This issue only affected Ubuntu 9.04. (CVE-2009-1191)

Jonathan Peatfield discovered that Apache did not process Includes
options correctly. With certain configurations of Options and
AllowOverride, a local attacker could use an .htaccess file to
override intended restrictions and execute arbitrary code via a
Server-Side-Include file. This issue affected Ubuntu 8.04 LTS, 8.10
and 9.04. (CVE-2009-1195)

It was discovered that the XML parser did not properly handle entity
expansion. A remote attacker could cause a denial of service via
memory resource consumption by sending a crafted request to an Apache
server configured to use mod_dav or mod_dav_svn. This issue only
affected Ubuntu 6.06 LTS. (CVE-2009-1955)

C. Michael Pilato discovered an off-by-one buffer overflow in apr-util
when formatting certain strings. For big-endian machines (powerpc,
hppa and sparc in Ubuntu), a remote attacker could cause a denial of
service or information disclosure leak. All other architectures for
Ubuntu are not considered to be at risk. This issue only affected
Ubuntu 6.06 LTS. (CVE-2009-1956).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/787-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(16, 20, 119, 189, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-src");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"apache2", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-common", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-doc", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-perchild", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-prefork", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-worker", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-prefork-dev", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-threaded-dev", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-utils", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libapr0", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libapr0-dev", pkgver:"2.0.55-4ubuntu2.5")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-doc", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-event", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-perchild", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-prefork", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-worker", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-prefork-dev", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-src", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-threaded-dev", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-utils", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2.2-common", pkgver:"2.2.8-1ubuntu0.8")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-doc", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-mpm-event", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-mpm-prefork", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-mpm-worker", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-prefork-dev", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-src", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-suexec", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-suexec-custom", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-threaded-dev", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-utils", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2.2-common", pkgver:"2.2.9-7ubuntu3.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-doc", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-mpm-event", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-mpm-prefork", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-mpm-worker", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-prefork-dev", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-src", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-suexec", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-suexec-custom", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-threaded-dev", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-utils", pkgver:"2.2.11-2ubuntu2.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2.2-common", pkgver:"2.2.11-2ubuntu2.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-common / apache2-doc / apache2-mpm-event / etc");
}

JSON Vulners Source

Initial Source

{"id": "UBUNTU_USN-787-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 vulnerabilities (USN-787-1)", "description": "Matthew Palmer discovered an underflow flaw in apr-util as included in\nApache. An attacker could cause a denial of service via application\ncrash in Apache using a crafted SVNMasterURI directive, .htaccess\nfile, or when using mod_apreq2. This issue only affected Ubuntu 6.06\nLTS. (CVE-2009-0023)\n\nSander de Boer discovered that mod_proxy_ajp would reuse connections\nwhen a client closed a connection without sending a request body. A\nremote attacker could exploit this to obtain sensitive response data.\nThis issue only affected Ubuntu 9.04. (CVE-2009-1191)\n\nJonathan Peatfield discovered that Apache did not process Includes\noptions correctly. With certain configurations of Options and\nAllowOverride, a local attacker could use an .htaccess file to\noverride intended restrictions and execute arbitrary code via a\nServer-Side-Include file. This issue affected Ubuntu 8.04 LTS, 8.10\nand 9.04. (CVE-2009-1195)\n\nIt was discovered that the XML parser did not properly handle entity\nexpansion. A remote attacker could cause a denial of service via\nmemory resource consumption by sending a crafted request to an Apache\nserver configured to use mod_dav or mod_dav_svn. This issue only\naffected Ubuntu 6.06 LTS. (CVE-2009-1955)\n\nC. Michael Pilato discovered an off-by-one buffer overflow in apr-util\nwhen formatting certain strings. For big-endian machines (powerpc,\nhppa and sparc in Ubuntu), a remote attacker could cause a denial of\nservice or information disclosure leak. All other architectures for\nUbuntu are not considered to be at risk. This issue only affected\nUbuntu 6.06 LTS. (CVE-2009-1956).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2009-06-12T00:00:00", "modified": "2009-06-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/39371", "reporter": "Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/787-1/"], "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1195"], "type": "nessus", "lastseen": "2021-01-20T15:44:35", "edition": 26, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "ubuntu", "idList": ["USN-787-1", "USN-786-1"]}, {"type": "openvas", "idList": ["OPENVAS:880692", "OPENVAS:64571", "OPENVAS:1361412562310122475", "OPENVAS:136141256231064297", "OPENVAS:64201", "OPENVAS:136141256231065691", "OPENVAS:136141256231064571", "OPENVAS:64295", "OPENVAS:64214", "OPENVAS:136141256231064215"]}, {"type": "cve", "idList": ["CVE-2009-0023", "CVE-2009-1195", "CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1956"]}, {"type": "freebsd", "idList": ["EB9212F7-526B-11DE-BBF2-001B77D09812", "E15F2356-9139-11DE-8F42-001AA0166822"]}, {"type": "nessus", "idList": ["APACHE_2_2_12.NASL", "SUSE_11_1_LIBAPR-UTIL1-090608.NASL", "SL_20090616_HTTPD_ON_SL3_X.NASL", "GENTOO_GLSA-200907-03.NASL", "FEDORA_2009-5969.NASL", "SL_20090616_APR_UTIL_ON_SL4_X.NASL", "FEDORA_2009-6261.NASL", "FREEBSD_PKG_E15F2356913911DE8F42001AA0166822.NASL", "ORACLELINUX_ELSA-2009-1107.NASL", "SLACKWARE_SSA_2009-214-01.NASL"]}, {"type": "slackware", "idList": ["SSA-2009-214-01", "SSA-2009-167-02"]}, {"type": "gentoo", "idList": ["GLSA-200907-03", "GLSA-200907-04"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9954"]}, {"type": "fedora", "idList": ["FEDORA:1FE6510F8EB", "FEDORA:342A510F8B2", "FEDORA:D191010F8F0", "FEDORA:8669910F899"]}, {"type": "redhat", "idList": ["RHSA-2009:1108", "RHSA-2009:1107"]}, {"type": "centos", "idList": ["CESA-2009:1107", "CESA-2009:1108"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1107", "ELSA-2009-1108"]}], "modified": "2021-01-20T15:44:35", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-01-20T15:44:35", "rev": 2}, "vulnersScore": 7.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-787-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39371);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1191\", \"CVE-2009-1195\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_bugtraq_id(34663, 35115, 35221, 35251, 35253);\n script_xref(name:\"USN\", value:\"787-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 vulnerabilities (USN-787-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthew Palmer discovered an underflow flaw in apr-util as included in\nApache. An attacker could cause a denial of service via application\ncrash in Apache using a crafted SVNMasterURI directive, .htaccess\nfile, or when using mod_apreq2. This issue only affected Ubuntu 6.06\nLTS. (CVE-2009-0023)\n\nSander de Boer discovered that mod_proxy_ajp would reuse connections\nwhen a client closed a connection without sending a request body. A\nremote attacker could exploit this to obtain sensitive response data.\nThis issue only affected Ubuntu 9.04. (CVE-2009-1191)\n\nJonathan Peatfield discovered that Apache did not process Includes\noptions correctly. With certain configurations of Options and\nAllowOverride, a local attacker could use an .htaccess file to\noverride intended restrictions and execute arbitrary code via a\nServer-Side-Include file. This issue affected Ubuntu 8.04 LTS, 8.10\nand 9.04. (CVE-2009-1195)\n\nIt was discovered that the XML parser did not properly handle entity\nexpansion. A remote attacker could cause a denial of service via\nmemory resource consumption by sending a crafted request to an Apache\nserver configured to use mod_dav or mod_dav_svn. This issue only\naffected Ubuntu 6.06 LTS. (CVE-2009-1955)\n\nC. Michael Pilato discovered an off-by-one buffer overflow in apr-util\nwhen formatting certain strings. For big-endian machines (powerpc,\nhppa and sparc in Ubuntu), a remote attacker could cause a denial of\nservice or information disclosure leak. All other architectures for\nUbuntu are not considered to be at risk. This issue only affected\nUbuntu 6.06 LTS. (CVE-2009-1956).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/787-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(16, 20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-common\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-doc\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-utils\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapr0\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapr0-dev\", pkgver:\"2.0.55-4ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-doc\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-src\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-utils\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2.2-common\", pkgver:\"2.2.8-1ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-doc\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-src\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-suexec\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-suexec-custom\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-utils\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2.2-common\", pkgver:\"2.2.9-7ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-doc\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-src\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-suexec\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-suexec-custom\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-utils\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2.2-common\", pkgver:\"2.2.11-2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-common / apache2-doc / apache2-mpm-event / etc\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "39371", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-src", "p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild", "p-cpe:/a:canonical:ubuntu_linux:libapr0", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:libapr0-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:apache2.2-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "cpe:/o:canonical:ubuntu_linux:8.10", "p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:apache2-doc", "p-cpe:/a:canonical:ubuntu_linux:apache2-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "scheme": null}

{"ubuntu": [{"lastseen": "2020-10-14T23:43:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1195"], "description": "Matthew Palmer discovered an underflow flaw in apr-util as included in \nApache. An attacker could cause a denial of service via application crash \nin Apache using a crafted SVNMasterURI directive, .htaccess file, or when \nusing mod_apreq2. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-0023)\n\nSander de Boer discovered that mod_proxy_ajp would reuse connections when \na client closed a connection without sending a request body. A remote \nattacker could exploit this to obtain sensitive response data. This issue \nonly affected Ubuntu 9.04. (CVE-2009-1191)\n\nJonathan Peatfield discovered that Apache did not process Includes options \ncorrectly. With certain configurations of Options and AllowOverride, a \nlocal attacker could use an .htaccess file to override intended \nrestrictions and execute arbitrary code via a Server-Side-Include file. \nThis issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1195)\n\nIt was discovered that the XML parser did not properly handle entity \nexpansion. A remote attacker could cause a denial of service via memory \nresource consumption by sending a crafted request to an Apache server \nconfigured to use mod_dav or mod_dav_svn. This issue only affected Ubuntu \n6.06 LTS. (CVE-2009-1955)\n\nC. Michael Pilato discovered an off-by-one buffer overflow in apr-util when \nformatting certain strings. For big-endian machines (powerpc, hppa and \nsparc in Ubuntu), a remote attacker could cause a denial of service or \ninformation disclosure leak. All other architectures for Ubuntu are not \nconsidered to be at risk. This issue only affected Ubuntu 6.06 LTS. \n(CVE-2009-1956)", "edition": 6, "modified": "2009-06-11T00:00:00", "published": "2009-06-11T00:00:00", "id": "USN-787-1", "href": "https://ubuntu.com/security/notices/USN-787-1", "title": "Apache vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-10-14T23:29:31", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "Matthew Palmer discovered an underflow flaw in apr-util. An attacker could \ncause a denial of service via application crash in Apache using a crafted \nSVNMasterURI directive, .htaccess file, or when using mod_apreq2. \nApplications using libapreq2 are also affected. (CVE-2009-0023)\n\nIt was discovered that the XML parser did not properly handle entity \nexpansion. A remote attacker could cause a denial of service via memory \nresource consumption by sending a crafted request to an Apache server \nconfigured to use mod_dav or mod_dav_svn. (CVE-2009-1955)\n\nC. Michael Pilato discovered an off-by-one buffer overflow in apr-util when \nformatting certain strings. For big-endian machines (powerpc, hppa and \nsparc in Ubuntu), a remote attacker could cause a denial of service or \ninformation disclosure leak. All other architectures for Ubuntu are \nnot considered to be at risk. (CVE-2009-1956)", "edition": 6, "modified": "2009-06-10T00:00:00", "published": "2009-06-10T00:00:00", "id": "USN-786-1", "href": "https://ubuntu.com/security/notices/USN-786-1", "title": "apr-util vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "openvas": [{"lastseen": "2017-12-04T11:29:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1195"], "description": "The remote host is missing an update to apache2\nannounced via advisory USN-787-1.", "modified": "2017-12-01T00:00:00", "published": "2009-06-15T00:00:00", "id": "OPENVAS:64201", "href": "http://plugins.openvas.org/nasl.php?oid=64201", "type": "openvas", "title": "Ubuntu USN-787-1 (apache2)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_787_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_787_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-787-1 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.5\n apache2-mpm-perchild 2.0.55-4ubuntu2.5\n apache2-mpm-prefork 2.0.55-4ubuntu2.5\n apache2-mpm-worker 2.0.55-4ubuntu2.5\n libapr0 2.0.55-4ubuntu2.5\n\nUbuntu 8.04 LTS:\n apache2-mpm-event 2.2.8-1ubuntu0.8\n apache2-mpm-perchild 2.2.8-1ubuntu0.8\n apache2-mpm-prefork 2.2.8-1ubuntu0.8\n apache2-mpm-worker 2.2.8-1ubuntu0.8\n apache2.2-common 2.2.8-1ubuntu0.8\n\nUbuntu 8.10:\n apache2-mpm-event 2.2.9-7ubuntu3.1\n apache2-mpm-prefork 2.2.9-7ubuntu3.1\n apache2-mpm-worker 2.2.9-7ubuntu3.1\n apache2.2-common 2.2.9-7ubuntu3.1\n\nUbuntu 9.04:\n apache2-mpm-event 2.2.11-2ubuntu2.1\n apache2-mpm-prefork 2.2.11-2ubuntu2.1\n apache2-mpm-worker 2.2.11-2ubuntu2.1\n apache2.2-common 2.2.11-2ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-787-1\";\n\ntag_insight = \"Matthew Palmer discovered an underflow flaw in apr-util as included in\nApache. An attacker could cause a denial of service via application crash\nin Apache using a crafted SVNMasterURI directive, .htaccess file, or when\nusing mod_apreq2. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-0023)\n\nSander de Boer discovered that mod_proxy_ajp would reuse connections when\na client closed a connection without sending a request body. A remote\nattacker could exploit this to obtain sensitive response data. This issue\nonly affected Ubuntu 9.04. (CVE-2009-1191)\n\nJonathan Peatfield discovered that Apache did not process Includes options\ncorrectly. With certain configurations of Options and AllowOverride, a\nlocal attacker could use an .htaccess file to override intended\nrestrictions and execute arbitrary code via a Server-Side-Include file.\nThis issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1195)\n\nIt was discovered that the XML parser did not properly handle entity\nexpansion. A remote attacker could cause a denial of service via memory\nresource consumption by sending a crafted request to an Apache server\nconfigured to use mod_dav or mod_dav_svn. This issue only affected Ubuntu\n6.06 LTS. (CVE-2009-1955)\n\nC. Michael Pilato discovered an off-by-one buffer overflow in apr-util when\nformatting certain strings. For big-endian machines (powerpc, hppa and\nsparc in Ubuntu), a remote attacker could cause a denial of service or\ninformation disclosure leak. All other architectures for Ubuntu are not\nconsidered to be at risk. This issue only affected Ubuntu 6.06 LTS.\n(CVE-2009-1956)\";\ntag_summary = \"The remote host is missing an update to apache2\nannounced via advisory USN-787-1.\";\n\n \n\n\nif(description)\n{\n script_id(64201);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-15 19:20:43 +0200 (Mon, 15 Jun 2009)\");\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1191\", \"CVE-2009-1195\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Ubuntu USN-787-1 (apache2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-787-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.5\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-7ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.11-2ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-214-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:64571", "href": "http://plugins.openvas.org/nasl.php?oid=64571", "type": "openvas", "title": "Slackware Advisory SSA:2009-214-01 httpd ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_214_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-214-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-214-01\";\n \nif(description)\n{\n script_id(64571);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-1891\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1191\", \"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-214-01 httpd \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-214-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231064571", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064571", "type": "openvas", "title": "Slackware Advisory SSA:2009-214-01 httpd", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_214_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64571\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-1891\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1191\", \"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-214-01 httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-214-01\");\n\n script_tag(name:\"insight\", value:\"New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-214-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-27T10:56:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1107.\n\napr-util is a utility library used with the Apache Portable Runtime (APR).\nIt aims to provide a free library of C data structures and routines. This\nlibrary contains additional utility interfaces for APR; including support\nfor XML, LDAP, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially-crafted\nstring as input for the formatted output conversion routine, which could,\non big-endian platforms, potentially lead to the disclosure of sensitive\ninformation or a denial of service (application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\nIBM S/390 and PowerPC. It does not affect users using the apr-util package\non little-endian platforms, due to their different organization of byte\nordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially-crafted\nXML document that would cause excessive memory consumption when processed\nby the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created compiled\nforms of particular search patterns. An attacker could formulate a\nspecially-crafted search keyword, that would overwrite arbitrary heap\nmemory locations when processed by the pattern preparation engine.\n(CVE-2009-0023)\n\nAll apr-util users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the Apache\nPortable Runtime library, such as httpd, must be restarted for this update\nto take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:64214", "href": "http://plugins.openvas.org/nasl.php?oid=64214", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1107", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1107.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1107 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1107.\n\napr-util is a utility library used with the Apache Portable Runtime (APR).\nIt aims to provide a free library of C data structures and routines. This\nlibrary contains additional utility interfaces for APR; including support\nfor XML, LDAP, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially-crafted\nstring as input for the formatted output conversion routine, which could,\non big-endian platforms, potentially lead to the disclosure of sensitive\ninformation or a denial of service (application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\nIBM S/390 and PowerPC. It does not affect users using the apr-util package\non little-endian platforms, due to their different organization of byte\nordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially-crafted\nXML document that would cause excessive memory consumption when processed\nby the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created compiled\nforms of particular search patterns. An attacker could formulate a\nspecially-crafted search keyword, that would overwrite arbitrary heap\nmemory locations when processed by the pattern preparation engine.\n(CVE-2009-0023)\n\nAll apr-util users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the Apache\nPortable Runtime library, such as httpd, must be restarted for this update\nto take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64214);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1107\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1107.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apr-util\", rpm:\"apr-util~0.9.4~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-debuginfo\", rpm:\"apr-util-debuginfo~0.9.4~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-devel\", rpm:\"apr-util-devel~0.9.4~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util\", rpm:\"apr-util~1.2.7~7.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-debuginfo\", rpm:\"apr-util-debuginfo~1.2.7~7.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-docs\", rpm:\"apr-util-docs~1.2.7~7.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-devel\", rpm:\"apr-util-devel~1.2.7~7.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libapr-util1\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-11T00:00:00", "id": "OPENVAS:65691", "href": "http://plugins.openvas.org/nasl.php?oid=65691", "type": "openvas", "title": "SLES11: Security update for libapr-util1", "sourceData": "#\n#VID 251e677d425d0b40e5a4c63e49b53955\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libapr-util1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libapr-util1\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=509825\");\n script_id(65691);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-1955\", \"CVE-2009-1956\", \"CVE-2009-0023\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"SLES11: Security update for libapr-util1\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.3.4~12.19.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "Check for the Version of apr-util", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880775", "href": "http://plugins.openvas.org/nasl.php?oid=880775", "type": "openvas", "title": "CentOS Update for apr-util CESA-2009:1107 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for apr-util CESA-2009:1107 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"apr-util is a utility library used with the Apache Portable Runtime (APR).\n It aims to provide a free library of C data structures and routines. This\n library contains additional utility interfaces for APR; including support\n for XML, LDAP, database interfaces, URI parsing, and more.\n\n An off-by-one overflow flaw was found in the way apr-util processed a\n variable list of arguments. An attacker could provide a specially-crafted\n string as input for the formatted output conversion routine, which could,\n on big-endian platforms, potentially lead to the disclosure of sensitive\n information or a denial of service (application crash). (CVE-2009-1956)\n \n Note: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\n IBM S/390 and PowerPC. It does not affect users using the apr-util package\n on little-endian platforms, due to their different organization of byte\n ordering used to represent particular data.\n \n A denial of service flaw was found in the apr-util Extensible Markup\n Language (XML) parser. A remote attacker could create a specially-crafted\n XML document that would cause excessive memory consumption when processed\n by the XML decoding engine. (CVE-2009-1955)\n \n A heap-based underwrite flaw was found in the way apr-util created compiled\n forms of particular search patterns. An attacker could formulate a\n specially-crafted search keyword, that would overwrite arbitrary heap\n memory locations when processed by the pattern preparation engine.\n (CVE-2009-0023)\n \n All apr-util users should upgrade to these updated packages, which contain\n backported patches to correct these issues. Applications using the Apache\n Portable Runtime library, such as httpd, must be restarted for this update\n to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"apr-util on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-June/015983.html\");\n script_id(880775);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1107\");\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_name(\"CentOS Update for apr-util CESA-2009:1107 centos5 i386\");\n\n script_summary(\"Check for the Version of apr-util\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apr-util\", rpm:\"apr-util~1.2.7~7.el5_3.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apr-util-devel\", rpm:\"apr-util-devel~1.2.7~7.el5_3.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apr-util-docs\", rpm:\"apr-util-docs~1.2.7~7.el5_3.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1107.\n\napr-util is a utility library used with the Apache Portable Runtime (APR).\nIt aims to provide a free library of C data structures and routines. This\nlibrary contains additional utility interfaces for APR; including support\nfor XML, LDAP, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially-crafted\nstring as input for the formatted output conversion routine, which could,\non big-endian platforms, potentially lead to the disclosure of sensitive\ninformation or a denial of service (application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\nIBM S/390 and PowerPC. It does not affect users using the apr-util package\non little-endian platforms, due to their different organization of byte\nordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially-crafted\nXML document that would cause excessive memory consumption when processed\nby the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created compiled\nforms of particular search patterns. An attacker could formulate a\nspecially-crafted search keyword, that would overwrite arbitrary heap\nmemory locations when processed by the pattern preparation engine.\n(CVE-2009-0023)\n\nAll apr-util users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the Apache\nPortable Runtime library, such as httpd, must be restarted for this update\nto take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-06-23T00:00:00", "id": "OPENVAS:136141256231064214", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064214", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1107", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1107.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1107 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1107.\n\napr-util is a utility library used with the Apache Portable Runtime (APR).\nIt aims to provide a free library of C data structures and routines. This\nlibrary contains additional utility interfaces for APR; including support\nfor XML, LDAP, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially-crafted\nstring as input for the formatted output conversion routine, which could,\non big-endian platforms, potentially lead to the disclosure of sensitive\ninformation or a denial of service (application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\nIBM S/390 and PowerPC. It does not affect users using the apr-util package\non little-endian platforms, due to their different organization of byte\nordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially-crafted\nXML document that would cause excessive memory consumption when processed\nby the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created compiled\nforms of particular search patterns. An attacker could formulate a\nspecially-crafted search keyword, that would overwrite arbitrary heap\nmemory locations when processed by the pattern preparation engine.\n(CVE-2009-0023)\n\nAll apr-util users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the Apache\nPortable Runtime library, such as httpd, must be restarted for this update\nto take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64214\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-23 15:49:15 +0200 (Tue, 23 Jun 2009)\");\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1107\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1107.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apr-util\", rpm:\"apr-util~0.9.4~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-debuginfo\", rpm:\"apr-util-debuginfo~0.9.4~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-devel\", rpm:\"apr-util-devel~0.9.4~22.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util\", rpm:\"apr-util~1.2.7~7.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-debuginfo\", rpm:\"apr-util-debuginfo~1.2.7~7.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-docs\", rpm:\"apr-util-docs~1.2.7~7.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-devel\", rpm:\"apr-util-devel~1.2.7~7.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-03.", "modified": "2017-07-07T00:00:00", "published": "2009-07-06T00:00:00", "id": "OPENVAS:64366", "href": "http://plugins.openvas.org/nasl.php?oid=64366", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-03 (apr-util)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in the Apache Portable Runtime Utility Library\n might enable remote attackers to cause a Denial of Service or disclose\n sensitive information.\";\ntag_solution = \"All Apache Portable Runtime Utility Library users should upgrade to the\n latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/apr-util-1.3.7'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=268643\nhttp://bugs.gentoo.org/show_bug.cgi?id=272260\nhttp://bugs.gentoo.org/show_bug.cgi?id=274193\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-03.\";\n\n \n \n\nif(description)\n{\n script_id(64366);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-06 20:36:15 +0200 (Mon, 06 Jul 2009)\");\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200907-03 (apr-util)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/apr-util\", unaffected: make_list(\"ge 1.3.7\"), vulnerable: make_list(\"lt 1.3.7\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880692", "type": "openvas", "title": "CentOS Update for httpd CESA-2009:1108 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2009:1108 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-June/015973.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880692\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1108\");\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_name(\"CentOS Update for httpd CESA-2009:1108 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 3\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular Web server. The httpd package shipped\n with Red Hat Enterprise Linux 3 contains an embedded copy of the Apache\n Portable Runtime (APR) utility library, a free library of C data structures\n and routines, which includes interfaces to support XML parsing, LDAP\n connections, database interfaces, URI parsing, and more.\n\n An off-by-one overflow flaw was found in the way apr-util processed a\n variable list of arguments. An attacker could provide a specially-crafted\n string as input for the formatted output conversion routine, which could,\n on big-endian platforms, potentially lead to the disclosure of sensitive\n information or a denial of service (application crash). (CVE-2009-1956)\n\n Note: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\n IBM S/390 and PowerPC. It does not affect users using the httpd package on\n little-endian platforms, due to their different organization of byte\n ordering used to represent particular data.\n\n A denial of service flaw was found in the apr-util Extensible Markup\n Language (XML) parser. A remote attacker could create a specially-crafted\n XML document that would cause excessive memory consumption when processed\n by the XML decoding engine. (CVE-2009-1955)\n\n A heap-based underwrite flaw was found in the way apr-util created compiled\n forms of particular search patterns. An attacker could formulate a\n specially-crafted search keyword, that would overwrite arbitrary heap\n memory locations when processed by the pattern preparation engine.\n (CVE-2009-0023)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.46~73.ent.centos\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.46~73.ent.centos\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.46~73.ent.centos\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-25T10:56:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "The remote host is missing an update to apr-util\nannounced via advisory FEDORA-2009-5969.", "modified": "2017-07-10T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:64298", "href": "http://plugins.openvas.org/nasl.php?oid=64298", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-5969 (apr-util)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_5969.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-5969 (apr-util)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to upstream version 1.3.7, see:\nhttp://svn.apache.org/repos/asf/apr/apr-util/tags/1.3.7/CHANGES\nSecurity fixes:\n- CVE-2009-0023 Fix underflow in apr_strmatch_precompile.\n- CVE-2009-1955 Fix a denial of service attack against the\n apr_xml_* interface using the billion laughs entity expansion technique.\n- CVE-2009-1956 Fix off by one overflow in apr_brigade_vprintf.\n Note: CVE-2009-1956 is only an issue on big-endian architectures.\n\nChangeLog:\n\n* Mon Jun 8 2009 Bojan Smojver - 1.3.7-1\n- bump up to 1.3.7\n- CVE-2009-0023\n- billion laughs fix of apr_xml_* interface\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update apr-util' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-5969\";\ntag_summary = \"The remote host is missing an update to apr-util\nannounced via advisory FEDORA-2009-5969.\";\n\n\n\nif(description)\n{\n script_id(64298);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-5969 (apr-util)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=504555\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=504390\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=503928\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apr-util\", rpm:\"apr-util~1.3.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-devel\", rpm:\"apr-util-devel~1.3.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-freetds\", rpm:\"apr-util-freetds~1.3.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-ldap\", rpm:\"apr-util-ldap~1.3.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-mysql\", rpm:\"apr-util-mysql~1.3.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-odbc\", rpm:\"apr-util-odbc~1.3.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-pgsql\", rpm:\"apr-util-pgsql~1.3.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-sqlite\", rpm:\"apr-util-sqlite~1.3.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apr-util-debuginfo\", rpm:\"apr-util-debuginfo~1.3.7~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-10-03T11:54:12", "description": "mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.", "edition": 5, "cvss3": {}, "published": "2009-04-23T17:30:00", "title": "CVE-2009-1191", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1191"], "modified": "2017-09-29T01:34:00", "cpe": ["cpe:/a:apache:apache_http_server:2.2.11"], "id": "CVE-2009-1191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1191", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:apache_http_server:2.2.11:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:19", "description": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", "edition": 8, "cvss3": {}, "published": "2009-06-08T01:00:00", "title": "CVE-2009-1955", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1955"], "modified": "2020-10-13T16:56:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:fedoraproject:fedora:9", "cpe:/o:suse:linux_enterprise_server:9", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/a:oracle:http_server:-", "cpe:/o:fedoraproject:fedora:11"], "id": "CVE-2009-1955", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1955", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:http_server:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:19", "description": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", "edition": 7, "cvss3": {}, "published": "2009-06-08T01:00:00", "title": "CVE-2009-1956", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1956"], "modified": "2017-09-29T01:34:00", "cpe": ["cpe:/a:apache:apr-util:1.0", "cpe:/a:apache:apr-util:1.3.1", "cpe:/a:apache:apr-util:0.9.3", "cpe:/a:apache:apr-util:1.2.8", "cpe:/a:apache:apr-util:1.2.2", "cpe:/a:apache:apr-util:1.2.7", "cpe:/a:apache:apr-util:1.3.2", "cpe:/a:apache:apr-util:1.2.1", "cpe:/a:apache:apr-util:1.1.2", "cpe:/a:apache:apr-util:0.9.1", "cpe:/a:apache:apr-util:1.0.1", "cpe:/a:apache:apr-util:1.0.2", "cpe:/a:apache:apr-util:0.9.5", "cpe:/a:apache:apr-util:0.9.4", "cpe:/a:apache:apr-util:1.3.0", "cpe:/a:apache:apr-util:1.2.6", "cpe:/a:apache:apr-util:1.3.4", "cpe:/a:apache:apr-util:0.9.2", "cpe:/a:apache:apr-util:1.1.1", "cpe:/a:apache:apr-util:1.3.3", "cpe:/a:apache:apr-util:1.1.0"], "id": "CVE-2009-1956", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1956", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:18", "description": "The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.", "edition": 7, "cvss3": {}, "published": "2009-05-28T20:30:00", "title": "CVE-2009-1195", "type": "cve", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1195"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:apache:http_server:2.2", "cpe:/a:apache:http_server:2.2.11", "cpe:/a:apache:http_server:2.2.1", "cpe:/a:apache:http_server:2.2.9", "cpe:/a:apache:http_server:-", "cpe:/a:apache:http_server:2.2.4", "cpe:/a:apache:http_server:2.2.10", "cpe:/a:apache:http_server:2.2.6", "cpe:/a:apache:http_server:2.2.7", "cpe:/a:apache:http_server:2.2.0", "cpe:/a:apache:http_server:2.2.2", "cpe:/a:apache:http_server:2.2.3", "cpe:/a:apache:http_server:2.2.8"], "id": "CVE-2009-1195", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1195", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.3:*:windows:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.2:*:windows:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:15", "description": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", "edition": 7, "cvss3": {}, "published": "2009-06-08T01:00:00", "title": "CVE-2009-0023", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0023"], "modified": "2018-10-11T20:58:00", "cpe": ["cpe:/a:apache:apr-util:1.0", "cpe:/a:apache:apr-util:1.3.1", "cpe:/a:apache:apr-util:0.9.3", "cpe:/a:apache:apr-util:1.2.8", "cpe:/a:apache:apr-util:1.2.2", "cpe:/a:apache:apr-util:1.2.7", "cpe:/a:apache:apr-util:1.3.2", "cpe:/a:apache:apr-util:1.2.1", "cpe:/a:apache:apr-util:1.1.2", "cpe:/a:apache:apr-util:0.9.1", "cpe:/a:apache:apr-util:1.0.1", "cpe:/a:apache:apr-util:1.0.2", "cpe:/a:apache:apr-util:0.9.5", "cpe:/a:apache:apr-util:0.9.4", "cpe:/a:apache:apr-util:1.3.0", "cpe:/a:apache:apr-util:1.2.6", "cpe:/a:apache:apr-util:1.3.4", "cpe:/a:apache:apr-util:0.9.2", "cpe:/a:apache:apr-util:1.1.1", "cpe:/a:apache:apr-util:1.3.3", "cpe:/a:apache:apr-util:1.1.0"], "id": "CVE-2009-0023", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0023", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2020-10-15T01:09:36", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "description": "\nApache ChangeLog reports:\n\nCVE-2009-1891: Fix a potential Denial-of-Service attack against mod_deflate or other modules.\nCVE-2009-1195: Prevent the \"Includes\" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it.\nCVE-2009-1890: Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration.\nCVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body.\nCVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules (was already fixed in 2.2.11_5).\n\n", "edition": 5, "modified": "2009-07-28T00:00:00", "published": "2009-07-28T00:00:00", "id": "E15F2356-9139-11DE-8F42-001AA0166822", "href": "https://vuxml.freebsd.org/freebsd/e15f2356-9139-11de-8f42-001aa0166822.html", "title": "apache22 -- several vulnerabilities", "type": "freebsd", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-10-15T01:09:38", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "\nSecunia reports:\n\nSome vulnerabilities have been reported in APR-util, which\n\t can be exploited by malicious users and malicious people to\n\t cause a DoS (Denial of Service).\nA vulnerability is caused due to an error in the processing\n\t of XML files and can be exploited to exhaust all available\n\t memory via a specially crafted XML file containing a\n\t predefined entity inside an entity definition.\nA vulnerability is caused due to an error within the\n\t \"apr_strmatch_precompile()\" function in\n\t strmatch/apr_strmatch.c, which can be exploited to crash an\n\t application using the library.\n\nRedHat reports:\n\nA single NULL byte buffer overflow flaw was found in\n\t apr-util's apr_brigade_vprintf() function.\n\n", "edition": 5, "modified": "2009-06-05T00:00:00", "published": "2009-06-05T00:00:00", "id": "EB9212F7-526B-11DE-BBF2-001B77D09812", "href": "https://vuxml.freebsd.org/freebsd/eb9212f7-526b-11de-bbf2-001b77d09812.html", "title": "apr -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:50:48", "description": "Apache ChangeLog reports :\n\nCVE-2009-1891: Fix a potential Denial-of-Service attack against\nmod_deflate or other modules.\n\nCVE-2009-1195: Prevent the 'Includes' Option from being enabled in an\n.htaccess file if the AllowOverride restrictions do not permit it.\n\nCVE-2009-1890: Fix a potential Denial-of-Service attack against\nmod_proxy in a reverse proxy configuration.\n\nCVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous\nrequest which failed to send a request body.\n\nCVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the\nAPR-util library has been updated, fixing three different security\nissues which may affect particular configurations and third-party\nmodules (was already fixed in 2.2.11_5).", "edition": 27, "published": "2009-08-25T00:00:00", "title": "FreeBSD : apache22 -- several vulnerabilities (e15f2356-9139-11de-8f42-001aa0166822)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2009-08-25T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:apache"], "id": "FREEBSD_PKG_E15F2356913911DE8F42001AA0166822.NASL", "href": "https://www.tenable.com/plugins/nessus/40760", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40760);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1191\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n\n script_name(english:\"FreeBSD : apache22 -- several vulnerabilities (e15f2356-9139-11de-8f42-001aa0166822)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache ChangeLog reports :\n\nCVE-2009-1891: Fix a potential Denial-of-Service attack against\nmod_deflate or other modules.\n\nCVE-2009-1195: Prevent the 'Includes' Option from being enabled in an\n.htaccess file if the AllowOverride restrictions do not permit it.\n\nCVE-2009-1890: Fix a potential Denial-of-Service attack against\nmod_proxy in a reverse proxy configuration.\n\nCVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous\nrequest which failed to send a request body.\n\nCVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the\nAPR-util library has been updated, fixing three different security\nissues which may affect particular configurations and third-party\nmodules (was already fixed in 2.2.11_5).\"\n );\n # https://vuxml.freebsd.org/freebsd/e15f2356-9139-11de-8f42-001aa0166822.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae6079a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache>2.2.0<2.2.12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-09-14T13:15:25", "description": "According to its banner, the version of Apache 2.2.x. running on the\nremote host is prior to 2.2.12. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A heap-based buffer underwrite flaw exists in the\n function 'apr_strmatch_precompile()' in the bundled copy\n of the APR-util library, which could be triggered when\n parsing configuration data to crash the daemon.\n (CVE-2009-0023)\n\n - A flaw in the mod_proxy_ajp module in version 2.2.11\n only may allow a remote attacker to obtain sensitive\n response data intended for a client that sent an\n earlier POST request with no request body.\n (CVE-2009-1191)\n\n - The server does not limit the use of directives in a\n .htaccess file as expected based on directives such\n as 'AllowOverride' and 'Options' in the configuration\n file, which could enable a local user to bypass\n security restrictions. (CVE-2009-1195)\n\n - Failure to properly handle an amount of streamed data\n that exceeds the Content-Length value allows a remote\n attacker to force a proxy process to consume CPU time\n indefinitely when mod_proxy is used in a reverse proxy\n configuration. (CVE-2009-1890)\n\n - Failure of mod_deflate to stop compressing a file when\n the associated network connection is closed may allow a\n remote attacker to consume large amounts of CPU if\n there is a large (>10 MB) file available that has\n mod_deflate enabled. (CVE-2009-1891)\n\n - Using a specially crafted XML document with a large\n number of nested entities, a remote attacker may be\n able to consume an excessive amount of memory due to\n a flaw in the bundled expat XML parser used by the\n mod_dav and mod_dav_svn modules. (CVE-2009-1955)\n\n - There is an off-by-one overflow in the function\n 'apr_brigade_vprintf()' in the bundled copy of the\n APR-util library in the way it handles a variable list\n of arguments, which could be leveraged on big-endian\n platforms to perform information disclosure or denial\n of service attacks. (CVE-2009-1956)\n\nNote that Nessus has relied solely on the version in the Server\nresponse header and did not try to check for the issues themselves or\neven whether the affected modules are in use.", "edition": 22, "cvss3": {"score": 8.2, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2009-08-02T00:00:00", "title": "Apache 2.2.x < 2.2.12 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2009-08-02T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_2_12.NASL", "href": "https://www.tenable.com/plugins/nessus/40467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(40467);\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_version(\"1.28\");\n\n script_cve_id(\n \"CVE-2009-0023\",\n \"CVE-2009-1191\",\n \"CVE-2009-1195\",\n \"CVE-2009-1890\",\n \"CVE-2009-1891\",\n \"CVE-2009-1955\",\n \"CVE-2009-1956\"\n );\n script_bugtraq_id(34663, 35115, 35221, 35251, 35253, 35565, 35623);\n\n script_name(english:\"Apache 2.2.x < 2.2.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server may be affected by several issues.\"\n );\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache 2.2.x. running on the\nremote host is prior to 2.2.12. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A heap-based buffer underwrite flaw exists in the\n function 'apr_strmatch_precompile()' in the bundled copy\n of the APR-util library, which could be triggered when\n parsing configuration data to crash the daemon.\n (CVE-2009-0023)\n\n - A flaw in the mod_proxy_ajp module in version 2.2.11\n only may allow a remote attacker to obtain sensitive\n response data intended for a client that sent an\n earlier POST request with no request body.\n (CVE-2009-1191)\n\n - The server does not limit the use of directives in a\n .htaccess file as expected based on directives such\n as 'AllowOverride' and 'Options' in the configuration\n file, which could enable a local user to bypass\n security restrictions. (CVE-2009-1195)\n\n - Failure to properly handle an amount of streamed data\n that exceeds the Content-Length value allows a remote\n attacker to force a proxy process to consume CPU time\n indefinitely when mod_proxy is used in a reverse proxy\n configuration. (CVE-2009-1890)\n\n - Failure of mod_deflate to stop compressing a file when\n the associated network connection is closed may allow a\n remote attacker to consume large amounts of CPU if\n there is a large (>10 MB) file available that has\n mod_deflate enabled. (CVE-2009-1891)\n\n - Using a specially crafted XML document with a large\n number of nested entities, a remote attacker may be\n able to consume an excessive amount of memory due to\n a flaw in the bundled expat XML parser used by the\n mod_dav and mod_dav_svn modules. (CVE-2009-1955)\n\n - There is an off-by-one overflow in the function\n 'apr_brigade_vprintf()' in the bundled copy of the\n APR-util library in the way it handles a variable list\n of arguments, which could be leveraged on big-endian\n platforms to perform information disclosure or denial\n of service attacks. (CVE-2009-1956)\n\nNote that Nessus has relied solely on the version in the Server\nresponse header and did not try to check for the issues themselves or\neven whether the affected modules are in use.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://httpd.apache.org/security/vulnerabilities_22.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.2.12 or later. Alternatively, ensure that\nthe affected modules / directives are not in use.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-1955\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 119, 189, 399);\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/02\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2020 Tenable Network Security, Inc.\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was \n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor\n# was used\nif (version =~ '^2(\\\\.2)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^2\\\\.2' && ver_compare(ver:version, fix:'2.2.12') == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version + \n '\\n Fixed version : 2.2.12\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T09:10:30", "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.", "edition": 23, "published": "2009-08-03T00:00:00", "title": "Slackware 12.0 / 12.1 / 12.2 / current : httpd (SSA:2009-214-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2009-08-03T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.2", "p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2009-214-01.NASL", "href": "https://www.tenable.com/plugins/nessus/40459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-214-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40459);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1191\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_bugtraq_id(34663, 35115, 35221, 35251, 35253, 35565, 35623);\n script_xref(name:\"SSA\", value:\"2009-214-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / current : httpd (SSA:2009-214-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566124\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75f95a82\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:46:21", "description": "This update of libapr-util1 fixes a memory consumption bug in the XML\nparser that can cause a remote denial-of-service vulnerability in\napplications using APR (WebDAV for example) (CVE-2009-1955).\nAdditionally a one byte buffer overflow in function\napr_brigade_vprintf() (CVE-2009-1956) and buffer underflow in function\napr_strmatch_precompile() (CVE-2009-0023) was fixed too. Depending on\nthe application using this function it can lead to remote denial of\nservice or information leakage.", "edition": 24, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : libapr-util1 (ZYPP Patch Number 6289)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_LIBAPR-UTIL1-6289.NASL", "href": "https://www.tenable.com/plugins/nessus/41543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41543);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n\n script_name(english:\"SuSE 10 Security Update : libapr-util1 (ZYPP Patch Number 6289)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libapr-util1 fixes a memory consumption bug in the XML\nparser that can cause a remote denial-of-service vulnerability in\napplications using APR (WebDAV for example) (CVE-2009-1955).\nAdditionally a one byte buffer overflow in function\napr_brigade_vprintf() (CVE-2009-1956) and buffer underflow in function\napr_strmatch_precompile() (CVE-2009-0023) was fixed too. Depending on\nthe application using this function it can lead to remote denial of\nservice or information leakage.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1955.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1956.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6289.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libapr-util1-1.2.2-13.7\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libapr-util1-devel-1.2.2-13.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libapr-util1-1.2.2-13.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"libapr-util1-devel-1.2.2-13.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T14:04:45", "description": "This update of libapr-util1 fixes a memory consumption bug in the XML\nparser that can cause a remote denial-of-service vulnerability in\napplications using APR (WebDAV for example) (CVE-2009-1955).\nAdditionally a one byte buffer overflow in function\napr_brigade_vprintf() (CVE-2009-1956) and buffer underflow in function\napr_strmatch_precompile() (CVE-2009-0023) was fixed too. Depending on\nthe application using this function it can lead to remote denial of\nservice or information leakage.", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : libapr-util1 (libapr-util1-968)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "modified": "2009-07-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libapr-util1", "p-cpe:/a:novell:opensuse:libapr-util1-dbd-pgsql", "p-cpe:/a:novell:opensuse:libapr-util1-dbd-mysql", "p-cpe:/a:novell:opensuse:libapr-util1-devel", "p-cpe:/a:novell:opensuse:libapr-util1-dbd-sqlite3"], "id": "SUSE_11_1_LIBAPR-UTIL1-090608.NASL", "href": "https://www.tenable.com/plugins/nessus/40256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libapr-util1-968.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40256);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n\n script_name(english:\"openSUSE Security Update : libapr-util1 (libapr-util1-968)\");\n script_summary(english:\"Check for the libapr-util1-968 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libapr-util1 fixes a memory consumption bug in the XML\nparser that can cause a remote denial-of-service vulnerability in\napplications using APR (WebDAV for example) (CVE-2009-1955).\nAdditionally a one byte buffer overflow in function\napr_brigade_vprintf() (CVE-2009-1956) and buffer underflow in function\napr_strmatch_precompile() (CVE-2009-0023) was fixed too. Depending on\nthe application using this function it can lead to remote denial of\nservice or information leakage.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=509825\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libapr-util1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapr-util1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapr-util1-dbd-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapr-util1-dbd-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapr-util1-dbd-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libapr-util1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libapr-util1-1.3.4-13.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libapr-util1-dbd-mysql-1.3.4-13.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libapr-util1-dbd-pgsql-1.3.4-13.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libapr-util1-dbd-sqlite3-1.3.4-13.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libapr-util1-devel-1.3.4-13.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapr-util1\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:25:46", "description": "Updated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server. The httpd package\nshipped with Red Hat Enterprise Linux 3 contains an embedded copy of\nthe Apache Portable Runtime (APR) utility library, a free library of C\ndata structures and routines, which includes interfaces to support XML\nparsing, LDAP connections, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially\ncrafted string as input for the formatted output conversion routine,\nwhich could, on big-endian platforms, potentially lead to the\ndisclosure of sensitive information or a denial of service\n(application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such\nas the IBM S/390 and PowerPC. It does not affect users using the httpd\npackage on little-endian platforms, due to their different\norganization of byte ordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially\ncrafted XML document that would cause excessive memory consumption\nwhen processed by the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created\ncompiled forms of particular search patterns. An attacker could\nformulate a specially crafted search keyword, that would overwrite\narbitrary heap memory locations when processed by the pattern\npreparation engine. (CVE-2009-0023)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.", "edition": 28, "published": "2009-06-18T00:00:00", "title": "CentOS 3 : httpd (CESA-2009:1108)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "modified": "2009-06-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:mod_ssl", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2009-1108.NASL", "href": "https://www.tenable.com/plugins/nessus/39438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1108 and \n# CentOS Errata and Security Advisory 2009:1108 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39438);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_bugtraq_id(35221, 35251, 35253);\n script_xref(name:\"RHSA\", value:\"2009:1108\");\n\n script_name(english:\"CentOS 3 : httpd (CESA-2009:1108)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server. The httpd package\nshipped with Red Hat Enterprise Linux 3 contains an embedded copy of\nthe Apache Portable Runtime (APR) utility library, a free library of C\ndata structures and routines, which includes interfaces to support XML\nparsing, LDAP connections, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially\ncrafted string as input for the formatted output conversion routine,\nwhich could, on big-endian platforms, potentially lead to the\ndisclosure of sensitive information or a denial of service\n(application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such\nas the IBM S/390 and PowerPC. It does not affect users using the httpd\npackage on little-endian platforms, due to their different\norganization of byte ordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially\ncrafted XML document that would cause excessive memory consumption\nwhen processed by the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created\ncompiled forms of particular search patterns. An attacker could\nformulate a specially crafted search keyword, that would overwrite\narbitrary heap memory locations when processed by the pattern\npreparation engine. (CVE-2009-0023)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-June/015973.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ff9033ec\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-June/015974.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a06ed44\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"httpd-2.0.46-73.ent.centos\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-73.ent.centos\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-73.ent.centos\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-73.ent.centos\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-73.ent.centos\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-73.ent.centos\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:25:45", "description": "Updated apr-util packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\napr-util is a utility library used with the Apache Portable Runtime\n(APR). It aims to provide a free library of C data structures and\nroutines. This library contains additional utility interfaces for APR;\nincluding support for XML, LDAP, database interfaces, URI parsing, and\nmore.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially\ncrafted string as input for the formatted output conversion routine,\nwhich could, on big-endian platforms, potentially lead to the\ndisclosure of sensitive information or a denial of service\n(application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such\nas the IBM S/390 and PowerPC. It does not affect users using the\napr-util package on little-endian platforms, due to their different\norganization of byte ordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially\ncrafted XML document that would cause excessive memory consumption\nwhen processed by the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created\ncompiled forms of particular search patterns. An attacker could\nformulate a specially crafted search keyword, that would overwrite\narbitrary heap memory locations when processed by the pattern\npreparation engine. (CVE-2009-0023)\n\nAll apr-util users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Applications using\nthe Apache Portable Runtime library, such as httpd, must be restarted\nfor this update to take effect.", "edition": 28, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : apr-util (CESA-2009:1107)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:apr-util-docs", "p-cpe:/a:centos:centos:apr-util-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:apr-util"], "id": "CENTOS_RHSA-2009-1107.NASL", "href": "https://www.tenable.com/plugins/nessus/43758", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1107 and \n# CentOS Errata and Security Advisory 2009:1107 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43758);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_bugtraq_id(35221, 35251, 35253);\n script_xref(name:\"RHSA\", value:\"2009:1107\");\n\n script_name(english:\"CentOS 5 : apr-util (CESA-2009:1107)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated apr-util packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\napr-util is a utility library used with the Apache Portable Runtime\n(APR). It aims to provide a free library of C data structures and\nroutines. This library contains additional utility interfaces for APR;\nincluding support for XML, LDAP, database interfaces, URI parsing, and\nmore.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially\ncrafted string as input for the formatted output conversion routine,\nwhich could, on big-endian platforms, potentially lead to the\ndisclosure of sensitive information or a denial of service\n(application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such\nas the IBM S/390 and PowerPC. It does not affect users using the\napr-util package on little-endian platforms, due to their different\norganization of byte ordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially\ncrafted XML document that would cause excessive memory consumption\nwhen processed by the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created\ncompiled forms of particular search patterns. An attacker could\nformulate a specially crafted search keyword, that would overwrite\narbitrary heap memory locations when processed by the pattern\npreparation engine. (CVE-2009-0023)\n\nAll apr-util users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. Applications using\nthe Apache Portable Runtime library, such as httpd, must be restarted\nfor this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-June/015983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e5d16e8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-June/015984.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16fbbf59\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apr-util packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:apr-util\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:apr-util-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:apr-util-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"apr-util-1.2.7-7.el5_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"apr-util-devel-1.2.7-7.el5_3.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"apr-util-docs-1.2.7-7.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apr-util / apr-util-devel / apr-util-docs\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:44:20", "description": "An off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially\ncrafted string as input for the formatted output conversion routine,\nwhich could, on big-endian platforms, potentially lead to the\ndisclosure of sensitive information or a denial of service\n(application crash). (CVE-2009-1956)\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially\ncrafted XML document that would cause excessive memory consumption\nwhen processed by the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created\ncompiled forms of particular search patterns. An attacker could\nformulate a specially crafted search keyword, that would overwrite\narbitrary heap memory locations when processed by the pattern\npreparation engine. (CVE-2009-0023)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : httpd on SL3.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090616_HTTPD_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60598);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially\ncrafted string as input for the formatted output conversion routine,\nwhich could, on big-endian platforms, potentially lead to the\ndisclosure of sensitive information or a denial of service\n(application crash). (CVE-2009-1956)\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially\ncrafted XML document that would cause excessive memory consumption\nwhen processed by the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created\ncompiled forms of particular search patterns. An attacker could\nformulate a specially crafted search keyword, that would overwrite\narbitrary heap memory locations when processed by the pattern\npreparation engine. (CVE-2009-0023)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0906&L=scientific-linux-errata&T=0&P=942\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?34a0249e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd, httpd-devel and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"httpd-2.0.46-73.sl3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"httpd-devel-2.0.46-73.sl3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"mod_ssl-2.0.46-73.sl3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-20T15:44:35", "description": "Matthew Palmer discovered an underflow flaw in apr-util. An attacker\ncould cause a denial of service via application crash in Apache using\na crafted SVNMasterURI directive, .htaccess file, or when using\nmod_apreq2. Applications using libapreq2 are also affected.\n(CVE-2009-0023)\n\nIt was discovered that the XML parser did not properly handle entity\nexpansion. A remote attacker could cause a denial of service via\nmemory resource consumption by sending a crafted request to an Apache\nserver configured to use mod_dav or mod_dav_svn. (CVE-2009-1955)\n\nC. Michael Pilato discovered an off-by-one buffer overflow in apr-util\nwhen formatting certain strings. For big-endian machines (powerpc,\nhppa and sparc in Ubuntu), a remote attacker could cause a denial of\nservice or information disclosure leak. All other architectures for\nUbuntu are not considered to be at risk. (CVE-2009-1956).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2009-06-11T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : apr-util vulnerabilities (USN-786-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "modified": "2009-06-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libaprutil1-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libaprutil1", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libaprutil1-dbg"], "id": "UBUNTU_USN-786-1.NASL", "href": "https://www.tenable.com/plugins/nessus/39363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-786-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39363);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_bugtraq_id(35221, 35251, 35253);\n script_xref(name:\"USN\", value:\"786-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : apr-util vulnerabilities (USN-786-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthew Palmer discovered an underflow flaw in apr-util. An attacker\ncould cause a denial of service via application crash in Apache using\na crafted SVNMasterURI directive, .htaccess file, or when using\nmod_apreq2. Applications using libapreq2 are also affected.\n(CVE-2009-0023)\n\nIt was discovered that the XML parser did not properly handle entity\nexpansion. A remote attacker could cause a denial of service via\nmemory resource consumption by sending a crafted request to an Apache\nserver configured to use mod_dav or mod_dav_svn. (CVE-2009-1955)\n\nC. Michael Pilato discovered an off-by-one buffer overflow in apr-util\nwhen formatting certain strings. For big-endian machines (powerpc,\nhppa and sparc in Ubuntu), a remote attacker could cause a denial of\nservice or information disclosure leak. All other architectures for\nUbuntu are not considered to be at risk. (CVE-2009-1956).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/786-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libaprutil1, libaprutil1-dbg and / or\nlibaprutil1-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libaprutil1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libaprutil1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libaprutil1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libaprutil1\", pkgver:\"1.2.12+dfsg-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libaprutil1-dbg\", pkgver:\"1.2.12+dfsg-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libaprutil1-dev\", pkgver:\"1.2.12+dfsg-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libaprutil1\", pkgver:\"1.2.12+dfsg-7ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libaprutil1-dbg\", pkgver:\"1.2.12+dfsg-7ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libaprutil1-dev\", pkgver:\"1.2.12+dfsg-7ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libaprutil1\", pkgver:\"1.2.12+dfsg-8ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libaprutil1-dbg\", pkgver:\"1.2.12+dfsg-8ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libaprutil1-dev\", pkgver:\"1.2.12+dfsg-8ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libaprutil1 / libaprutil1-dbg / libaprutil1-dev\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:06:48", "description": "Updated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server. The httpd package\nshipped with Red Hat Enterprise Linux 3 contains an embedded copy of\nthe Apache Portable Runtime (APR) utility library, a free library of C\ndata structures and routines, which includes interfaces to support XML\nparsing, LDAP connections, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially\ncrafted string as input for the formatted output conversion routine,\nwhich could, on big-endian platforms, potentially lead to the\ndisclosure of sensitive information or a denial of service\n(application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such\nas the IBM S/390 and PowerPC. It does not affect users using the httpd\npackage on little-endian platforms, due to their different\norganization of byte ordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially\ncrafted XML document that would cause excessive memory consumption\nwhen processed by the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created\ncompiled forms of particular search patterns. An attacker could\nformulate a specially crafted search keyword, that would overwrite\narbitrary heap memory locations when processed by the pattern\npreparation engine. (CVE-2009-0023)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.", "edition": 28, "published": "2009-06-17T00:00:00", "title": "RHEL 3 : httpd (RHSA-2009:1108)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "modified": "2009-06-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2009-1108.NASL", "href": "https://www.tenable.com/plugins/nessus/39432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1108. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39432);\n script_version(\"1.33\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_bugtraq_id(35221, 35251, 35253);\n script_xref(name:\"RHSA\", value:\"2009:1108\");\n\n script_name(english:\"RHEL 3 : httpd (RHSA-2009:1108)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server. The httpd package\nshipped with Red Hat Enterprise Linux 3 contains an embedded copy of\nthe Apache Portable Runtime (APR) utility library, a free library of C\ndata structures and routines, which includes interfaces to support XML\nparsing, LDAP connections, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially\ncrafted string as input for the formatted output conversion routine,\nwhich could, on big-endian platforms, potentially lead to the\ndisclosure of sensitive information or a denial of service\n(application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such\nas the IBM S/390 and PowerPC. It does not affect users using the httpd\npackage on little-endian platforms, due to their different\norganization of byte ordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially\ncrafted XML document that would cause excessive memory consumption\nwhen processed by the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created\ncompiled forms of particular search patterns. An attacker could\nformulate a specially crafted search keyword, that would overwrite\narbitrary heap memory locations when processed by the pattern\npreparation engine. (CVE-2009-0023)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1108\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd, httpd-devel and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1108\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-73.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-73.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-73.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:37:13", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/httpd-2.2.12-i486-1_slack12.2.tgz: Upgraded.\n This update fixes some security issues (from the CHANGES file):\n *) SECURITY: CVE-2009-1891 (cve.mitre.org)\n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects. PR 39605.\n [Joe Orton, Ruediger Pluem]\n *) SECURITY: CVE-2009-1195 (cve.mitre.org)\n Prevent the "Includes" Option from being enabled in an .htaccess\n file if the AllowOverride restrictions do not permit it.\n [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,\n Ruediger Pluem, Jeff Trawick]\n *) SECURITY: CVE-2009-1890 (cve.mitre.org)\n Fix a potential Denial-of-Service attack against mod_proxy in a\n reverse proxy configuration, where a remote attacker can force a\n proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]\n *) SECURITY: CVE-2009-1191 (cve.mitre.org)\n mod_proxy_ajp: Avoid delivering content from a previous request which\n failed to send a request body. PR 46949 [Ruediger Pluem]\n *) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)\n The bundled copy of the APR-util library has been updated, fixing three\n different security issues which may affect particular configurations\n and third-party modules.\n These last three CVEs were addressed in Slackware previously with an\n update to new system apr and apr-util packages.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.12-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.12-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.12-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.12-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.12-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n1ef7c8d65f8d7398abfcde3dd46aed7f httpd-2.2.12-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n349f4437fb4c2573a134c3485dda0265 httpd-2.2.12-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n253406ed8801276a635008d7749db55f httpd-2.2.12-i486-1_slack12.2.tgz\n\nSlackware -current package:\n4a2ffd0ef9184fed93f651b83f6eaf6a httpd-2.2.12-i486-1.txz\n\nSlackware64 -current package:\n560b607f09a934a46fc3112a2659b06b httpd-2.2.12-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg httpd-2.2.12-i486-1_slack12.2.tgz\n\nThen, restart the httpd server.", "modified": "2009-08-02T15:33:03", "published": "2009-08-02T15:33:03", "id": "SSA-2009-214-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566124", "type": "slackware", "title": "httpd", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-30T07:36:46", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1955", "CVE-2009-0023"], "description": "New apr-util (and apr) packages are available for Slackware 11.0, 12.0, 12.1,\n12.2, and -current to fix security issues. The issues are with apr-util, but\nolder Slackware releases will require a new version of the apr package as well.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/apr-1.3.5-i486-1_slack12.2.tgz: Upgraded.\npatches/packages/apr-util-1.3.7-i486-1_slack12.2.tgz: Upgraded.\n Fix underflow in apr_strmatch_precompile.\n Fix a denial of service attack against the apr_xml_* interface\n using the "billion laughs" entity expansion technique.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-1.3.5-i486-1_slack11.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-util-1.3.7-i486-1_slack11.0.tgz\n\nUpdated packages for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-1.3.5-i486-1_slack12.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.3.7-i486-1_slack12.0.tgz\n\nUpdated packages for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-1.3.5-i486-1_slack12.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.3.7-i486-1_slack12.1.tgz\n\nUpdated packages for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-1.3.5-i486-1_slack12.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.3.7-i486-1_slack12.2.tgz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-1.3.5-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.3.7-i486-1.txz\n\nUpdated packages for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-1.3.5-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.3.7-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 packages:\nac9c2bd1c832b3c0c6591e5093d22574 apr-1.3.5-i486-1_slack11.0.tgz\n11c43b25594f4f80d2e9a57d2c5e7529 apr-util-1.3.7-i486-1_slack11.0.tgz\n\nSlackware 12.0 packages:\n7530bd4fabcfb8bfead159317deb1d9d apr-1.3.5-i486-1_slack12.0.tgz\n920adee38b69d8ab622ae7e24f02b6f5 apr-util-1.3.7-i486-1_slack12.0.tgz\n\nSlackware 12.1 packages:\na37e104e2f1e7fe431fdfe8dd9f9419b apr-1.3.5-i486-1_slack12.1.tgz\n74c0246803ed50eab16ef77bf65a2d6a apr-util-1.3.7-i486-1_slack12.1.tgz\n\nSlackware 12.2 packages:\ne276ed3382240e432c10f36617713413 apr-1.3.5-i486-1_slack12.2.tgz\n49fa603e108d01ade6314b9a1c436ef1 apr-util-1.3.7-i486-1_slack12.2.tgz\n\nSlackware -current packages:\n606c7f33edb9de39b1fd79aa3b87fe0a apr-1.3.5-i486-1.txz\n453715fe39f01072d03a694ac3efd3f1 apr-util-1.3.7-i486-1.txz\n\nSlackware64 -current packages:\ne461c38f40409b9116ba961a54da158b apr-1.3.5-x86_64-1.txz\n4575a1349995790b06f7063fdd389f01 apr-util-1.3.7-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg apr-1.3.5-i486-1_slack12.2.tgz apr-util-1.3.7-i486-1_slack12.2.tgz\n\nThen restart any services that use apr-util.", "modified": "2009-06-16T17:40:37", "published": "2009-06-16T17:40:37", "id": "SSA-2009-167-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210", "type": "slackware", "title": "apr-util", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:19", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "### Background\n\nThe Apache Portable Runtime Utility Library (aka apr-util) provides an interface to functionality such as XML parsing, string matching and databases connections. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the APR Utility Library: \n\n * Matthew Palmer reported a heap-based buffer underflow while compiling search patterns in the apr_strmatch_precompile() function in strmatch/apr_strmatch.c (CVE-2009-0023).\n * kcope reported that the expat XML parser in xml/apr_xml.c does not limit the amount of XML entities expanded recursively (CVE-2009-1955).\n * C. Michael Pilato reported an off-by-one error in the apr_brigade_vprintf() function in buckets/apr_brigade.c (CVE-2009-1956).\n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to cause a Denial of Service (crash or memory exhaustion) via an Apache HTTP server running mod_dav or mod_dav_svn, or using several configuration files. Additionally, a remote attacker could disclose sensitive information or cause a Denial of Service by sending a specially crafted input. NOTE: Only big-endian architectures such as PPC and HPPA are affected by the latter flaw. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Apache Portable Runtime Utility Library users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/apr-util-1.3.7\"", "edition": 1, "modified": "2009-07-04T00:00:00", "published": "2009-07-04T00:00:00", "id": "GLSA-200907-03", "href": "https://security.gentoo.org/glsa/200907-03", "type": "gentoo", "title": "APR Utility Library: Multiple vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1191", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1195"], "edition": 1, "description": "### Background\n\nThe Apache HTTP server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Apache HTTP server: \n\n * Jonathan Peatfield reported that the \"Options=IncludesNoEXEC\" argument to the \"AllowOverride\" directive is not processed properly (CVE-2009-1195).\n * Sander de Boer discovered that the AJP proxy module (mod_proxy_ajp) does not correctly handle POST requests that do not contain a request body (CVE-2009-1191).\n * The vendor reported that the HTTP proxy module (mod_proxy_http), when being used as a reverse proxy, does not properly handle requests containing more data as stated in the \"Content-Length\" header (CVE-2009-1890).\n * Francois Guerraz discovered that mod_deflate does not abort the compression of large files even when the requesting connection is closed prematurely (CVE-2009-1891).\n\n### Impact\n\nA local attacker could circumvent restrictions put up by the server administrator and execute arbitrary commands with the privileges of the user running the Apache server. A remote attacker could send multiple requests to a server with the AJP proxy module, possibly resulting in the disclosure of a request intended for another client, or cause a Denial of Service by sending specially crafted requests to servers running mod_proxy_http or mod_deflate. \n\n### Workaround\n\nRemove \"include\", \"proxy_ajp\", \"proxy_http\" and \"deflate\" from APACHE2_MODULES in make.conf and rebuild Apache, or disable the aforementioned modules in the Apache configuration. \n\n### Resolution\n\nAll Apache users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.2.11-r2\"", "modified": "2009-07-12T00:00:00", "published": "2009-07-12T00:00:00", "id": "GLSA-200907-04", "href": "https://security.gentoo.org/glsa/200907-04", "type": "gentoo", "title": "Apache: Multiple vulnerabilities", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "Memory consuption on large number of Entity elements.", "edition": 1, "modified": "2009-06-05T00:00:00", "published": "2009-06-05T00:00:00", "id": "SECURITYVULNS:VULN:9954", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9954", "title": "Apache apr-util webDav DoS", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956"], "description": "The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. ", "modified": "2009-06-24T19:36:44", "published": "2009-06-24T19:36:44", "id": "FEDORA:1FE6510F8EB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: apr-util-1.3.7-1.fc11", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956"], "description": "The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. ", "modified": "2009-06-24T19:32:52", "published": "2009-06-24T19:32:52", "id": "FEDORA:D191010F8F0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: apr-util-1.2.12-7.fc9", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956"], "description": "The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. ", "modified": "2009-06-24T19:40:30", "published": "2009-06-24T19:40:30", "id": "FEDORA:342A510F8B2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: apr-util-1.3.7-1.fc10", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "redhat": [{"lastseen": "2020-10-14T22:25:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956"], "description": "apr-util is a utility library used with the Apache Portable Runtime (APR).\nIt aims to provide a free library of C data structures and routines. This\nlibrary contains additional utility interfaces for APR; including support\nfor XML, LDAP, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially-crafted\nstring as input for the formatted output conversion routine, which could,\non big-endian platforms, potentially lead to the disclosure of sensitive\ninformation or a denial of service (application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\nIBM S/390 and PowerPC. It does not affect users using the apr-util package\non little-endian platforms, due to their different organization of byte\nordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially-crafted\nXML document that would cause excessive memory consumption when processed\nby the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created compiled\nforms of particular search patterns. An attacker could formulate a\nspecially-crafted search keyword, that would overwrite arbitrary heap\nmemory locations when processed by the pattern preparation engine.\n(CVE-2009-0023)\n\nAll apr-util users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the Apache\nPortable Runtime library, such as httpd, must be restarted for this update\nto take effect.", "modified": "2017-09-08T12:11:03", "published": "2009-06-16T04:00:00", "id": "RHSA-2009:1107", "href": "https://access.redhat.com/errata/RHSA-2009:1107", "type": "redhat", "title": "(RHSA-2009:1107) Moderate: apr-util security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-10-14T22:25:05", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956"], "description": "The Apache HTTP Server is a popular Web server. The httpd package shipped\nwith Red Hat Enterprise Linux 3 contains an embedded copy of the Apache\nPortable Runtime (APR) utility library, a free library of C data structures\nand routines, which includes interfaces to support XML parsing, LDAP\nconnections, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially-crafted\nstring as input for the formatted output conversion routine, which could,\non big-endian platforms, potentially lead to the disclosure of sensitive\ninformation or a denial of service (application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\nIBM S/390 and PowerPC. It does not affect users using the httpd package on\nlittle-endian platforms, due to their different organization of byte\nordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially-crafted\nXML document that would cause excessive memory consumption when processed\nby the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created compiled\nforms of particular search patterns. An attacker could formulate a\nspecially-crafted search keyword, that would overwrite arbitrary heap\nmemory locations when processed by the pattern preparation engine.\n(CVE-2009-0023)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-06-16T04:00:00", "id": "RHSA-2009:1108", "href": "https://access.redhat.com/errata/RHSA-2009:1108", "type": "redhat", "title": "(RHSA-2009:1108) Moderate: httpd security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "centos": [{"lastseen": "2020-10-15T01:06:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1108\n\n\nThe Apache HTTP Server is a popular Web server. The httpd package shipped\nwith Red Hat Enterprise Linux 3 contains an embedded copy of the Apache\nPortable Runtime (APR) utility library, a free library of C data structures\nand routines, which includes interfaces to support XML parsing, LDAP\nconnections, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially-crafted\nstring as input for the formatted output conversion routine, which could,\non big-endian platforms, potentially lead to the disclosure of sensitive\ninformation or a denial of service (application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\nIBM S/390 and PowerPC. It does not affect users using the httpd package on\nlittle-endian platforms, due to their different organization of byte\nordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially-crafted\nXML document that would cause excessive memory consumption when processed\nby the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created compiled\nforms of particular search patterns. An attacker could formulate a\nspecially-crafted search keyword, that would overwrite arbitrary heap\nmemory locations when processed by the pattern preparation engine.\n(CVE-2009-0023)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-June/028011.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-June/028012.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1108.html", "edition": 5, "modified": "2009-06-17T14:03:14", "published": "2009-06-17T14:02:38", "href": "http://lists.centos.org/pipermail/centos-announce/2009-June/028011.html", "id": "CESA-2009:1108", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-10-15T01:09:39", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1107\n\n\napr-util is a utility library used with the Apache Portable Runtime (APR).\nIt aims to provide a free library of C data structures and routines. This\nlibrary contains additional utility interfaces for APR; including support\nfor XML, LDAP, database interfaces, URI parsing, and more.\n\nAn off-by-one overflow flaw was found in the way apr-util processed a\nvariable list of arguments. An attacker could provide a specially-crafted\nstring as input for the formatted output conversion routine, which could,\non big-endian platforms, potentially lead to the disclosure of sensitive\ninformation or a denial of service (application crash). (CVE-2009-1956)\n\nNote: The CVE-2009-1956 flaw only affects big-endian platforms, such as the\nIBM S/390 and PowerPC. It does not affect users using the apr-util package\non little-endian platforms, due to their different organization of byte\nordering used to represent particular data.\n\nA denial of service flaw was found in the apr-util Extensible Markup\nLanguage (XML) parser. A remote attacker could create a specially-crafted\nXML document that would cause excessive memory consumption when processed\nby the XML decoding engine. (CVE-2009-1955)\n\nA heap-based underwrite flaw was found in the way apr-util created compiled\nforms of particular search patterns. An attacker could formulate a\nspecially-crafted search keyword, that would overwrite arbitrary heap\nmemory locations when processed by the pattern preparation engine.\n(CVE-2009-0023)\n\nAll apr-util users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the Apache\nPortable Runtime library, such as httpd, must be restarted for this update\nto take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-June/028021.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-June/028022.html\n\n**Affected packages:**\napr-util\napr-util-devel\napr-util-docs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1107.html", "edition": 4, "modified": "2009-06-19T09:53:07", "published": "2009-06-19T09:53:07", "href": "http://lists.centos.org/pipermail/centos-announce/2009-June/028021.html", "id": "CESA-2009:1107", "title": "apr security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "[2.0.46-73.0.1.ent]\n- use oracle index page oracle_index.html\n- remove logos in powered_by.gif and powered_by_rh.png\n- add apr-configure.patch\n[2.0.46-73.ent]\n- forcibly disable SCTP support in APR\n[2.0.46-72.ent]\n- add security fixes for CVE-2009-0023, CVE-2009-1955, \n and CVE-2009-1956 (apr-util) (#504562)", "edition": 4, "modified": "2009-06-17T00:00:00", "published": "2009-06-17T00:00:00", "id": "ELSA-2009-1108", "href": "http://linux.oracle.com/errata/ELSA-2009-1108.html", "title": "httpd security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:32", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1955", "CVE-2009-0023", "CVE-2009-1956"], "description": "[1.2.7-7.el5_3.1]\n- add security fixes for CVE-2009-0023, CVE-2009-1955, \n and CVE-2009-1956 (#504560)", "edition": 4, "modified": "2009-06-16T00:00:00", "published": "2009-06-16T00:00:00", "id": "ELSA-2009-1107", "href": "http://linux.oracle.com/errata/ELSA-2009-1107.html", "title": "apr-util security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}