Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-908-1.NASL
HistoryMar 11, 2010 - 12:00 a.m.

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : apache2 vulnerabilities (USN-908-1)

2010-03-1100:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn’t send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service.
This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10.
(CVE-2010-0408)

It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests. (CVE-2010-0434).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-908-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(45037);
  script_version("1.20");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-0408", "CVE-2010-0434");
  script_bugtraq_id(38491, 38580);
  script_xref(name:"USN", value:"908-1");

  script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : apache2 vulnerabilities (USN-908-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that mod_proxy_ajp did not properly handle errors
when a client doesn't send a request body. A remote attacker could
exploit this with a crafted request and cause a denial of service.
This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10.
(CVE-2010-0408)

It was discovered that Apache did not properly handle headers in
subrequests under certain conditions. A remote attacker could exploit
this with a crafted request and possibly obtain sensitive information
from previous requests. (CVE-2010-0434).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/908-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(200);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-src");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(6\.06|8\.04|8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"apache2", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-common", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-doc", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-perchild", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-prefork", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-worker", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-prefork-dev", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-threaded-dev", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"apache2-utils", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libapr0", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libapr0-dev", pkgver:"2.0.55-4ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-doc", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-event", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-perchild", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-prefork", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-worker", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-prefork-dev", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-src", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-threaded-dev", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2-utils", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"apache2.2-common", pkgver:"2.2.8-1ubuntu0.15")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-doc", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-mpm-event", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-mpm-prefork", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-mpm-worker", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-prefork-dev", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-src", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-suexec", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-suexec-custom", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-threaded-dev", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2-utils", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"apache2.2-common", pkgver:"2.2.9-7ubuntu3.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-doc", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-mpm-event", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-mpm-prefork", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-mpm-worker", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-prefork-dev", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-src", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-suexec", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-suexec-custom", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-threaded-dev", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2-utils", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"apache2.2-common", pkgver:"2.2.11-2ubuntu2.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-doc", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-mpm-event", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-mpm-itk", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-mpm-prefork", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-mpm-worker", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-prefork-dev", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-suexec", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-suexec-custom", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-threaded-dev", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2-utils", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2.2-bin", pkgver:"2.2.12-1ubuntu2.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"apache2.2-common", pkgver:"2.2.12-1ubuntu2.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-common / apache2-doc / apache2-mpm-event / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxapache2p-cpe:/a:canonical:ubuntu_linux:apache2
canonicalubuntu_linuxapache2-commonp-cpe:/a:canonical:ubuntu_linux:apache2-common
canonicalubuntu_linuxapache2-docp-cpe:/a:canonical:ubuntu_linux:apache2-doc
canonicalubuntu_linuxapache2-mpm-eventp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event
canonicalubuntu_linuxapache2-mpm-itkp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk
canonicalubuntu_linuxapache2-mpm-perchildp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild
canonicalubuntu_linuxapache2-mpm-preforkp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork
canonicalubuntu_linuxapache2-mpm-workerp-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker
canonicalubuntu_linuxapache2-prefork-devp-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev
canonicalubuntu_linuxapache2-srcp-cpe:/a:canonical:ubuntu_linux:apache2-src
Rows per page:
1-10 of 231

Related

nessus 29
openvas 34
oraclelinux 2
redhat 3
centos 2
fedora 3
veracode 2
ubuntucve 2
seebug 1
securityvulns 6
prion 2
httpd 3
cvelist 2
f5 4
cve 2
debiancve 2
slackware 1
gentoo 1
altlinux 3
vmware 2
kaspersky 2
oracle 2
nessus
nessus
Scientific Linux Security Update : httpd on SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 5 : httpd (RHSA-2010:0168)
2010-05-11 00:00:00
openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1)
2010-04-27 00:00:00
openvas
openvas
CentOS Update for httpd CESA-2010:0168 centos5 i386
2011-08-09 00:00:00
Debian: Security Advisory (DSA-2035-1)
2023-03-08 00:00:00
Ubuntu: Security Advisory (USN-908-1)
2010-03-12 00:00:00
oraclelinux
oraclelinux
httpd security and enhancement update
2010-03-25 00:00:00
httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
redhat
redhat
(RHSA-2010:0168) Moderate: httpd security and enhancement update
2010-03-25 00:00:00
(RHSA-2010:0396) Moderate: httpd and httpd22 security and enhancement update
2010-05-05 00:00:00
(RHSA-2010:0175) Low: httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
centos
centos
httpd, mod_ssl security update
2010-03-28 15:40:00
httpd, mod_ssl security update
2010-03-28 20:51:15
fedora
fedora
[SECURITY] Fedora 12 Update: httpd-2.2.15-1.fc12.2
2010-05-31 18:25:29
[SECURITY] Fedora 11 Update: httpd-2.2.15-1.fc11.1
2010-05-04 06:06:43
[SECURITY] Fedora 13 Update: httpd-2.2.15-1.fc13
2010-04-22 22:51:41
veracode
veracode
Information Disclosure
2020-04-10 00:47:47
Denial Of Service (DoS)
2020-04-10 00:47:47
ubuntucve
ubuntucve
CVE-2010-0434
2010-03-05 00:00:00
CVE-2010-0408
2010-03-05 00:00:00
seebug
seebug
Apache 2.2.x子请求处理信息泄露漏洞
2010-03-23 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:057 ] apache
2010-03-09 00:00:00
Apache HTTPD information leak
2010-03-09 00:00:00
Apple Mac OS X and QuickTime multiple security vulnerabilities
2013-11-18 00:00:00
prion
prion
Design/Logic Flaw
2010-03-05 19:30:00
Design/Logic Flaw
2010-03-05 16:30:00
httpd
httpd
Apache Httpd < 2.2.15 : Subrequest handling of request headers (mod_headers)
2009-12-09 00:00:00
Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)
2009-12-09 00:00:00
Apache Httpd < 2.2.15 : mod_proxy_ajp DoS
2010-02-02 00:00:00
cvelist
cvelist
CVE-2010-0434
2010-03-05 19:00:00
CVE-2010-0408
2010-03-05 16:00:00
f5
f5
K40284849 : Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
SOL40284849 - Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
SOL52470083 - Apache vulnerability CVE-2010-0408
2015-12-23 00:00:00
cve
cve
CVE-2010-0434
2010-03-05 19:30:00
CVE-2010-0408
2010-03-05 16:30:00
debiancve
debiancve
CVE-2010-0434
2010-03-05 19:30:00
CVE-2010-0408
2010-03-05 16:30:00
slackware
slackware
[slackware-security] httpd
2010-03-08 22:39:33
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
vmware
vmware
VMware Workstation, Player, and ACE address several security issues.
2010-09-23 00:00:00
VMware Workstation, Player, and ACE address several security issues.
2010-09-23 00:00:00
kaspersky
kaspersky
KLA10386 Multiple vulnerabilities in VMware
2010-09-23 00:00:00
KLA10066 Multiple vulnerabilities in Apache httpd
2010-10-19 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00
JSON
Related for UBUNTU_USN-908-1.NASL
nessus29openvas34oraclelinux2redhat3centos2fedora3veracode2ubuntucve2seebug1securityvulns6prion2httpd3cvelist2f54cve2debiancve2slackware1gentoo1altlinux3vmware2kaspersky2oracle2