Lucene search
Copyright (C) 2009 Greenbone AGOPENVAS:136141256231064559HistoryAug 17, 2009 - 12:00 a.m.
Debian: Security Advisory (DSA-1834-1)
2009-08-1700:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
8
7.7 High
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.021 Low
EPSS
Percentile
89.0%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.64559");
script_cve_id("CVE-2009-1890", "CVE-2009-1891");
script_tag(name:"creation_date", value:"2009-08-17 14:54:45 +0000 (Mon, 17 Aug 2009)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"7.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_name("Debian: Security Advisory (DSA-1834-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(4|5)");
script_xref(name:"Advisory-ID", value:"DSA-1834-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2009/DSA-1834-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-1834");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'apache2' package(s) announced via the DSA-1834-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"CVE-2009-1890
A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 'etch'.
CVE-2009-1891
A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed.
The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch9.
For the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny4.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed in version 2.2.11-7.
This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages.
Updated packages for the s390 and mipsel architectures are not included yet. They will be released as soon as they become available.");
script_tag(name:"affected", value:"'apache2' package(s) on Debian 4, Debian 5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB4") {
if(!isnull(res = isdpkgvuln(pkg:"apache2", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-doc", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-mpm-event", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-mpm-perchild", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-mpm-prefork", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-mpm-worker", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-prefork-dev", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-src", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-threaded-dev", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-utils", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.3-4+etch9", rls:"DEB4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB5") {
if(!isnull(res = isdpkgvuln(pkg:"apache2", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-dbg", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-doc", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-mpm-event", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-mpm-prefork", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-mpm-worker", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-prefork-dev", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-src", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-suexec", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-suexec-custom", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-threaded-dev", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2-utils", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.9-10+lenny4", rls:"DEB5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
oraclelinux
oraclelinux
httpd security update
2009-07-09 00:00:00
httpd security and bug fix update
2009-08-10 00:00:00
httpd security update
2009-11-11 00:00:00
ubuntu
ubuntu
Apache regression
2009-08-19 00:00:00
Apache vulnerabilities
2009-07-13 00:00:00
nessus
nessus
Apache < 2.2.12 Multiple Vulnerabilities
2009-08-03 00:00:00
Oracle Linux 5 : httpd (ELSA-2009-1148)
2013-07-12 00:00:00
Debian DSA-1834-1 : apache2 - denial of service
2010-02-24 00:00:00
openvas
openvas
Debian Security Advisory DSA 1834-2 (apache2)
2009-08-17 00:00:00
RedHat Security Advisory RHSA-2009:1148
2009-07-29 00:00:00
CentOS Security Advisory CESA-2009:1148 (httpd)
2009-07-29 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:149 ] apache
2009-07-09 00:00:00
Apache DoS
2009-07-09 00:00:00
debian
debian
[SECURITY] [DSA 1834-2] New apache/apache2-mpm-itk fix regression
2009-07-30 16:37:19
[SECURITY] [DSA 1834-1] New apache2 packages fix denial of service
2009-07-15 19:01:57
redhat
redhat
(RHSA-2009:1148) Important: httpd security update
2009-07-09 00:00:00
(RHSA-2009:1156) Important: httpd security update
2009-07-14 00:00:00
(RHSA-2009:1155) Important: httpd security update
2009-07-14 00:00:00
centos
centos
httpd, mod_ssl security update
2009-07-14 12:16:38
httpd, mod_ssl security update
2009-08-10 21:35:07
httpd, mod_ssl security update
2009-11-12 22:39:15
osv
osv
apache2 apache2-mpm-itk - denial of service
2009-07-15 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: httpd-2.2.13-1.fc11
2009-08-31 23:39:38
gentoo
gentoo
Apache: Multiple vulnerabilities
2009-07-12 00:00:00
seebug
seebug
Apache mod_proxyεε代ηζη»ζε‘ζΌζ΄
2009-07-07 00:00:00
Apache 'mod_deflate'θΏη¨ζη»ζε‘ζΌζ΄
2009-07-13 00:00:00
debiancve
debiancve
CVE-2009-1890
2009-07-05 16:30:00
CVE-2009-1891
2009-07-10 15:30:00
cbl_mariner
cbl_mariner
CVE-2009-1890 affecting package httpd 2.4.53-1
2022-11-16 02:26:12
CVE-2009-1890 affecting package httpd 2.4.53-1
2022-11-24 00:45:35
httpd
httpd
Apache Httpd < 2.0.64 : mod_deflate DoS
2009-06-26 00:00:00
Apache Httpd < 2.2.12 : mod_proxy reverse proxy DoS
2009-06-30 00:00:00
Apache Httpd < 2.2.12 : mod_deflate DoS
2009-06-26 00:00:00
prion
prion
Code injection
2009-07-10 15:30:00
Code injection
2009-07-05 16:30:00
cve
cve
CVE-2009-1890
2009-07-05 16:30:00
CVE-2009-1891
2009-07-10 15:30:00
ubuntucve
ubuntucve
CVE-2009-1891
2009-07-10 00:00:00
CVE-2009-1890
2009-07-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:34:58
Denial Of Service (DoS)
2020-04-10 00:34:58
suse
suse
potential code execution in apache2,libapr1
2009-10-26 13:21:56
slackware
slackware
httpd
2009-08-02 15:33:03
freebsd
freebsd
apache22 -- several vulnerabilities
2009-07-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
kaspersky
kaspersky
KLA10066 Multiple vulnerabilities in Apache httpd
2010-10-19 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00
7.7 High
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.021 Low
EPSS
Percentile
89.0%
Related for OPENVAS:136141256231064559