Lucene search
+L

Apache HTTP Server Auth Module SQL Insertion Attack

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2001 Matt MooreType 
openvas
 openvas
🔗 plugins.openvas.org👁 36 Views

Apache HTTP Server Auth Module SQL Insertion Attack. Vulnerable to SQL insertion attacks. Update the module

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus
Apache mod_auth_pgsql < 0.9.6 SQL Injection
20 Aug 200400:00
nessus
Tenable Nessus
Apache mod_auth_pg < 1.2b3 SQL Injection
20 Aug 200400:00
nessus
Tenable Nessus
Apache mod_auth_mysql < 1.10 SQL Injection
20 Aug 200400:00
nessus
Tenable Nessus
Apache mod_auth_oracle < 0.52 SQL Injection
20 Aug 200400:00
nessus
Tenable Nessus
Apache mod_auth_pgsql_sys < 0.9.5 SQL Injection
20 Aug 200400:00
nessus
Tenable Nessus
Apache Auth Module SQL Injection
7 Sep 200100:00
nessus
CVE
CVE-2001-1379
26 Jul 200204:00
cve
Cvelist
CVE-2001-1379
26 Jul 200204:00
cvelist
EUVD
EUVD-2001-1360
7 Oct 202500:30
euvd
NVD
CVE-2001-1379
29 Aug 200104:00
nvd
Rows per page
# SPDX-FileCopyrightText: 2001 Matt Moore
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apache:http_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.10752");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/3251");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/3253");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2001-1379");

  script_name("Apache HTTP Server Auth Module SQL Insertion Attack");

  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_banner");

  script_copyright("Copyright (C) 2001 Matt Moore");
  script_family("Web Servers");

  script_dependencies("gb_apache_http_server_consolidation.nasl");
  script_require_ports("Services/www", 80);
  script_mandatory_keys("apache/http_server/http/detected");

  script_tag(name:"solution", value:"Update the module.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"summary", value:"This plugin checks whether the web server is
  using Apache Auth modules which are known to be vulnerable to SQL
  insertion attacks.");

  exit(0);
}

include("http_func.inc");
include("host_details.inc");

if(!port = get_app_port(cpe:CPE, service:"www"))
  exit(0);

if(!get_app_location(cpe:CPE, port:port, nofork:TRUE))
  exit(0);

banner = http_get_remote_headers(port:port);

report =
string("There is a vulnerable version of the NAME module installed on this\n",
"Apache Web Server.\n",
"This module is vulnerable to a SQL insertion attack that could allow an\n",
"attacker to execute arbitrary SQL statements.\n\n",
"Solution: Get the latest version of this module (probably VERSION) at URL\n\n",
"References: RUS CERT Advisory available at http://cert-uni-stuttgart.de/advisories/apache_auth.php");

# Now check whether the banner contains references to the vulnerable modules...

if(egrep(pattern:"^Server:.*mod_auth_pg/((0\.[0-9])|(1\.[01])|1\.2b[0-2])([^0-9]|$)", string:banner)) {
  r = ereg_replace(pattern:"(.*)(NAME)(.*)(VERSION)(.*)(URL)(.*)", replace:"\1mod_auth_pg\31.3\5http://authpg.sourceforge.net\7", string:report);
  security_message(port:port, data:r);
  exit(0);
}


if(egrep(pattern:"^Server:.*mod_auth_mysql/((0\.[0-9])|(1\.[0-9]))([^0-9]|$)", string:banner)) {
  r = ereg_replace(pattern:"(.*)(NAME)(.*)(VERSION)(.*)(URL)(.*)", replace:"\1mod_auth_mysql\31.10\5ftp://ftp.kcilink.com/pub/\7", string:report);
  security_message(port:port, data:r);
  exit(0);
}

if(egrep(pattern:"^Server:.*mod_auth_oracle/0\.([0-4].*|5\.[01]([^0-9]|$))", string:banner)) {
  r = ereg_replace(pattern:"(.*)(NAME)(.*)(VERSION)(.*)(URL)(.*)", replace:"\1mod_auth_oracle\30.5.2\5some place\7", string:report);
  security_message(port:port, data:r);
  exit(0);
}

if(egrep(pattern:"^Server:.*mod_auth_pgsql/0\.(([0-8]\..*)|(9\.[0-5]([^0-9]|$))).*", string:banner)) {
  r = ereg_replace(pattern:"(.*)(NAME)(.*)(VERSION)(.*)(URL)(.*)", replace:"\1mod_auth_pgsql\30.9.6\5http://www.giuseppetanzilli.it/mod_auth_pgsql/dist\7", string:report);
  security_message(port:port, data:r);
  exit(0);
}


if(egrep(pattern:"^Server:.*mod_auth_pgsql_sys/0\.(([0-8]\..*)|(9\.[0-4]([^0-9]|$))).*", string:banner)) {
  r = ereg_replace(pattern:"(.*)(NAME)(.*)(VERSION)(.*)(URL)(.*)", replace:"\1mod_auth_pgsql_sys\30.9.5\5some place\7", string:report);
  security_message(port:port, data:r);
  exit(0);
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Aug 2023 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 27.5
EPSS0.01905
36