Apache HTTP Server 2.4.60 - 2.4.61 Information Disclosure Vulnerability - Windows

2024-07-1800:00:00

plugins.openvas.org

apache

http server

version 2.4.60 - 2.4.61

information disclosure

vulnerability

windows

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

38.6%

JSON

Apache HTTP Server is prone to an information disclosure
vulnerability.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apache:http_server";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.152692");
  script_version("2024-08-23T05:05:37+0000");
  script_tag(name:"last_modification", value:"2024-08-23 05:05:37 +0000 (Fri, 23 Aug 2024)");
  script_tag(name:"creation_date", value:"2024-07-18 02:22:26 +0000 (Thu, 18 Jul 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-08-22 17:13:09 +0000 (Thu, 22 Aug 2024)");

  script_cve_id("CVE-2024-40725");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Apache HTTP Server 2.4.60 - 2.4.61 Information Disclosure Vulnerability - Windows");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Web Servers");
  script_dependencies("gb_apache_http_server_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("apache/http_server/detected", "Host/runs_windows");

  script_tag(name:"summary", value:"Apache HTTP Server is prone to an information disclosure
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"A partial fix for CVE-2024-39884 in the core of Apache HTTP
  Server ignores some use of the legacy content-type based configuration of handlers. 'AddType' and
  similar configuration, under some circumstances where files are requested indirectly, result in
  source code disclosure of local content. For example, PHP scripts may be served instead of
  interpreted.");

  script_tag(name:"affected", value:"Apache HTTP Server version 2.4.60 through 2.4.61.");

  script_tag(name:"solution", value:"Update to version 2.4.62 or later.");

  script_xref(name:"URL", value:"https://lists.apache.org/thread/gbl15n6obv7qtxdqf77hby4dmx731jlj");
  script_xref(name:"URL", value:"https://httpd.apache.org/security/vulnerabilities_24.html#2.4.62");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE,
                                          version_regex: "^[0-9]+\.[0-9]+\.[0-9]+"))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range(version: version, test_version: "2.4.60", test_version2: "2.4.61")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "2.4.62", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);