| Reporter | Title | Published | Views | Family All 392 |
|---|---|---|---|---|
| Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities due to the included Apache HTTP Server | 16 Jun 202614:00 | – | ibm | |
| Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server | 23 Jun 202616:13 | – | ibm | |
| Apache httpd -- Multiple vulnerabilities | 8 Jun 202600:00 | – | freebsd | |
| CVE-2026-34356 | 8 Jun 202615:12 | – | attackerkb | |
| CVE-2026-44185 | 8 Jun 202615:22 | – | attackerkb | |
| CVE-2026-44119 | 8 Jun 202615:17 | – | attackerkb | |
| CVE-2026-34355 | 8 Jun 202615:20 | – | attackerkb | |
| CVE-2026-43951 | 8 Jun 202615:16 | – | attackerkb | |
| CVE-2026-42536 | 8 Jun 202615:23 | – | attackerkb | |
| CVE-2026-48913 | 8 Jun 202615:24 | – | attackerkb |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-8516-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(325960);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/09");
script_cve_id(
"CVE-2026-29167",
"CVE-2026-29170",
"CVE-2026-34355",
"CVE-2026-34356",
"CVE-2026-42535",
"CVE-2026-42536",
"CVE-2026-43951",
"CVE-2026-44119",
"CVE-2026-44185",
"CVE-2026-44186",
"CVE-2026-44631",
"CVE-2026-48913"
);
script_xref(name:"IAVA", value:"2026-A-0558");
script_xref(name:"USN", value:"8516-1");
script_name(english:"Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : Apache HTTP Server vulnerabilities (USN-8516-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-8516-1 advisory.
It was discovered that Apache HTTP Server's mod_ldap module incorrectly handled memory when processing
per-directory configurations. An attacker could use this issue to cause the server to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2026-29167)
It was discovered that Apache HTTP Server's mod_proxy_ftp module incorrectly handled HTML generation for
FTP directory listings. A remote attacker could possibly use this issue to inject arbitrary web script or
HTML. (CVE-2026-29170)
It was discovered that Apache HTTP Server's mod_proxy_html module incorrectly handled certain content from
an untrusted backend. A remote attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-34355)
It was discovered that Apache HTTP Server incorrectly handled ProxyPassReverseCookie directives with a
malicious backend server. A remote attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-34356)
It was discovered that Apache HTTP Server's mod_dav_fs module incorrectly handled certain path operations.
An authenticated user could possibly use this issue to manipulate trusted WebDAV property databases or
cause a denial of service. (CVE-2026-42535)
It was discovered that Apache HTTP Server's mod_xml2enc module incorrectly handled certain content from an
untrusted backend. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash,
resulting in a denial of service. (CVE-2026-42536)
It was discovered that Apache HTTP Server incorrectly handled response headers when multiple content
languages were configured. A remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2026-43951)
It was discovered that Apache HTTP Server incorrectly restricted certain file functions in expressions
within .htaccess files. A local attacker with .htaccess write access could possibly use this issue to
obtain sensitive information. (CVE-2026-44119)
It was discovered that Apache HTTP Server's mod_ssl module incorrectly handled OCSP responses from an
attacker-controlled server. A remote attacker could possibly use this issue to obtain sensitive
information or cause a denial of service. (CVE-2026-44185)
It was discovered that Apache HTTP Server's mod_proxy_ftp module incorrectly handled responses from an
attacker-controlled backend FTP server. A remote attacker could possibly use this issue to cause Apache
HTTP Server to stop responding, resulting in a denial of service. (CVE-2026-44186)
It was discovered that Apache HTTP Server incorrectly handled crafted regular expressions in the server
configuration. An attacker could possibly use this issue to execute arbitrary code or cause a denial of
service. (CVE-2026-44631)
It was discovered that Apache HTTP Server's mod_http2 module had a use-after-free vulnerability when file
handles were exhausted. A remote attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-48913)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-8516-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-29167");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-44631");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/08");
script_set_attribute(attribute:"patch_publication_date", value:"2026/07/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:26.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-data");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-ssl-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-md");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-uwsgi");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2026 Canonical, Inc. / NASL script (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('22.04' >< os_release || '24.04' >< os_release || '26.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04 / 24.04 / 26.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '22.04', 'pkgname': 'apache2', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '22.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '22.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '22.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '22.04', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '22.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '22.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '22.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '22.04', 'pkgname': 'libapache2-mod-md', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '22.04', 'pkgname': 'libapache2-mod-proxy-uwsgi', 'pkgver': '2.4.52-1ubuntu4.23'},
{'osver': '24.04', 'pkgname': 'apache2', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '24.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '24.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '24.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '24.04', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '24.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '24.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '24.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '24.04', 'pkgname': 'libapache2-mod-md', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '24.04', 'pkgname': 'libapache2-mod-proxy-uwsgi', 'pkgver': '2.4.58-1ubuntu8.15'},
{'osver': '26.04', 'pkgname': 'apache2', 'pkgver': '2.4.66-2ubuntu2.4'},
{'osver': '26.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.66-2ubuntu2.4'},
{'osver': '26.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.66-2ubuntu2.4'},
{'osver': '26.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.66-2ubuntu2.4'},
{'osver': '26.04', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.66-2ubuntu2.4'},
{'osver': '26.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.66-2ubuntu2.4'},
{'osver': '26.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.66-2ubuntu2.4'},
{'osver': '26.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.66-2ubuntu2.4'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (osver && pkgname && pkgver) {
if (deb_check(release:osver, prefix:pkgname, reference:pkgver, cves:cves)) flag++;
}
}
if (flag)
{
var extra = '';
extra += ubuntu_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dev / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation