Apache HTTP Server < 2.4.58 'mod_macro' Out-of-bounds Read Vulnerability - Windows

2023-10-1900:00:00

plugins.openvas.org

apache

http

server

mod_macro

out-of-bounds read

vulnerability

windows

cpe

cve-2023-31122

greenbone ag

web servers

vendorfix

version 2.4.57

version 2.4.58

oss-security

oss-security mailing list

openwall

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON

Apache HTTP Server is prone to an out-of-bounds read
vulnerability in mod_macro.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apache:http_server";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.100279");
  script_version("2024-02-15T05:05:40+0000");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"creation_date", value:"2023-10-19 13:20:07 +0000 (Thu, 19 Oct 2023)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-10-30 17:54:00 +0000 (Mon, 30 Oct 2023)");

  script_cve_id("CVE-2023-31122");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Apache HTTP Server < 2.4.58 'mod_macro' Out-of-bounds Read Vulnerability - Windows");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web Servers");
  script_dependencies("gb_apache_http_server_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("apache/http_server/detected", "Host/runs_windows");

  script_tag(name:"summary", value:"Apache HTTP Server is prone to an out-of-bounds read
  vulnerability in mod_macro.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"affected", value:"Apache HTTP Server version 2.4.57 and prior.");

  script_tag(name:"solution", value:"Update to version 2.4.58 or later.");

  # nb: As of 10/2023 the oss-security mailing list posting has more exact affected ranges.
  script_xref(name:"URL", value:"https://httpd.apache.org/security/vulnerabilities_24.html#2.4.58");
  script_xref(name:"URL", value:"https://www.openwall.com/lists/oss-security/2023/10/19/4");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE,
                                          version_regex: "^[0-9]+\.[0-9]+\.[0-9]+"))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_is_less(version: version, test_version: "2.4.58")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "2.4.58", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);