Apache HTTP Server Multiple Vulnerabilities (Sep 2014) - Linux

2021-11-0100:00:00

plugins.openvas.org

5.8 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.956 High

EPSS

Percentile

99.4%

JSON

Apache HTTP Server is prone to multiple vulnerabilities.

# Copyright (C) 2021 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

CPE = "cpe:/a:apache:http_server";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.147048");
  script_version("2021-11-01T03:59:12+0000");
  script_tag(name:"last_modification", value:"2021-11-01 03:59:12 +0000 (Mon, 01 Nov 2021)");
  script_tag(name:"creation_date", value:"2021-11-01 03:27:19 +0000 (Mon, 01 Nov 2021)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_cve_id("CVE-2013-5704", "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Apache HTTP Server Multiple Vulnerabilities (Sep 2014) - Linux");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2021 Greenbone Networks GmbH");
  script_family("Web Servers");
  script_dependencies("gb_apache_http_server_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("apache/http_server/detected", "Host/runs_unixoide");

  script_tag(name:"summary", value:"Apache HTTP Server is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following vulnerabilities exist:

  - CVE-2013-5704: HTTP trailers could be used to replace HTTP headers late during request
  processing, potentially undoing or otherwise confusing modules that examined or modified
  request headers earlier. This fix adds the 'MergeTrailers' directive to restore legacy behavior.

  - CVE-2014-0118: A resource consumption flaw was found in mod_deflate. If request body
  decompression was configured (using the 'DEFLATE' input filter), a remote attacker could cause
  the server to consume significant memory and/or CPU resources. The use of request body
  decompression is not a common configuration.

  - CVE-2014-0226: A race condition was found in mod_status. An attacker able to access a public
  server status page on a server using a threaded MPM could send a carefully crafted request which
  could lead to a heap buffer overflow. Note that it is not a default or recommended configuration
  to have a public accessible server status page.

  - CVE-2014-0231: A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts
  which did not consume standard input, a remote attacker could cause child processes to hang
  indefinitely, leading to denial of service.");

  script_tag(name:"affected", value:"Apache HTTP Server version 2.2.0 through 2.2.27 and 2.4.1
  through 2.4.10.");

  script_tag(name:"solution", value:"Update to version 2.2.29, 2.4.12 or later.");

  script_xref(name:"URL", value:"https://httpd.apache.org/security/vulnerabilities_22.html");
  script_xref(name:"URL", value:"https://httpd.apache.org/security/vulnerabilities_24.html");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE, version_regex: "^[0-9]+\.[0-9]+\.[0-9]+"))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range(version: version, test_version: "2.2.0", test_version2: "2.2.27")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "2.2.29", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range(version: version, test_version: "2.4.1", test_version2: "2.4.10")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "2.4.12", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);