DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310800827", "type": "openvas", "bulletinFamily": "scanner", "title": "Apache 'mod_proxy_http.c' Denial Of Service Vulnerability", "description": "This host is running Apache HTTP Server and is prone to Denial of Service\n vulnerability.", "published": "2009-07-07T00:00:00", "modified": "2019-03-07T00:00:00", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800827", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587", "http://secunia.com/advisories/35691", "http://www.vupen.com/english/advisories/2009/1773"], "cvelist": ["CVE-2009-1890"], "lastseen": "2019-05-29T18:40:21", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2009:1148"]}, {"type": "cve", "idList": ["CVE-2009-1890"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1834-1:A54B3", "DEBIAN:DSA-1834-2:CA437"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-1890"]}, {"type": "fedora", "idList": ["FEDORA:8669910F899"]}, {"type": "freebsd", "idList": ["E15F2356-9139-11DE-8F42-001AA0166822"]}, {"type": "gentoo", "idList": ["GLSA-200907-04"]}, {"type": "httpd", "idList": ["HTTPD:B44AEE5F83602723E751B3341D72C01D"]}, {"type": "nessus", "idList": ["5111.PRM", "5227.PRM", "800567.PRM", "800795.PRM", "APACHE_2_2_12.NASL", "CENTOS_RHSA-2009-1148.NASL", "DEBIAN_DSA-1834.NASL", "FEDORA_2009-8812.NASL", "FREEBSD_PKG_E15F2356913911DE8F42001AA0166822.NASL", "GENTOO_GLSA-200907-04.NASL", "MACOSX_10_6_2.NASL", "MACOSX_SECUPD2009-006.NASL", "MANDRIVA_MDVSA-2009-149.NASL", "MANDRIVA_MDVSA-2009-323.NASL", "ORACLELINUX_ELSA-2009-1148.NASL", "REDHAT-RHSA-2009-1148.NASL", "SLACKWARE_SSA_2009-214-01.NASL", "SL_20090709_HTTPD_ON_SL5_X.NASL", "SUSE9_12526.NASL", "SUSE_11_0_APACHE2-091020.NASL", "SUSE_11_1_APACHE2-091020.NASL", "SUSE_11_APACHE2-091020.NASL", "SUSE_APACHE2-6571.NASL", "SUSE_APACHE2-6572.NASL", "SUSE_APACHE2-6576.NASL", "UBUNTU_USN-802-1.NASL", "UBUNTU_USN-802-2.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102038", "OPENVAS:1361412562310102038", "OPENVAS:1361412562310122468", "OPENVAS:136141256231064385", "OPENVAS:136141256231064388", "OPENVAS:136141256231064391", "OPENVAS:136141256231064423", "OPENVAS:136141256231064426", "OPENVAS:136141256231064448", "OPENVAS:136141256231064500", "OPENVAS:136141256231064559", "OPENVAS:136141256231064571", "OPENVAS:136141256231064741", "OPENVAS:136141256231064783", "OPENVAS:136141256231066070", "OPENVAS:136141256231066074", "OPENVAS:136141256231066081", "OPENVAS:136141256231066106", "OPENVAS:136141256231066414", "OPENVAS:1361412562310835247", "OPENVAS:1361412562310880849", "OPENVAS:64385", "OPENVAS:64388", "OPENVAS:64391", "OPENVAS:64423", "OPENVAS:64426", "OPENVAS:64441", "OPENVAS:64442", "OPENVAS:64443", "OPENVAS:64448", "OPENVAS:64500", "OPENVAS:64559", "OPENVAS:64571", "OPENVAS:64741", "OPENVAS:64774", "OPENVAS:64783", "OPENVAS:66070", "OPENVAS:66074", "OPENVAS:66081", "OPENVAS:66106", "OPENVAS:66414", "OPENVAS:800827", "OPENVAS:835247", "OPENVAS:880849"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2013-1899555"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1148"]}, {"type": "redhat", "idList": ["RHSA-2009:1148", "RHSA-2009:1155", "RHSA-2009:1156"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22148", "SECURITYVULNS:VULN:10059", "SECURITYVULNS:VULN:13017"]}, {"type": "seebug", "idList": ["SSV:11762"]}, {"type": "slackware", "idList": ["SSA-2009-214-01"]}, {"type": "suse", "idList": ["SUSE-SA:2009:050"]}, {"type": "ubuntu", "idList": ["USN-802-1", "USN-802-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1890"]}]}, "score": {"value": 5.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2009:1148"]}, {"type": "cve", "idList": ["CVE-2009-1890"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1834-2:CA437"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-1890"]}, {"type": "freebsd", "idList": ["E15F2356-9139-11DE-8F42-001AA0166822"]}, {"type": "gentoo", "idList": ["GLSA-200907-04"]}, {"type": "httpd", "idList": ["HTTPD:B44AEE5F83602723E751B3341D72C01D"]}, {"type": "nessus", "idList": ["5111.PRM", "SUSE_11_0_APACHE2-091020.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231064391", "OPENVAS:136141256231064571", "OPENVAS:136141256231066414", "OPENVAS:66074", "OPENVAS:800827"]}, {"type": "redhat", "idList": ["RHSA-2009:1155"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13017"]}, {"type": "seebug", "idList": ["SSV:11762"]}, {"type": "slackware", "idList": ["SSA-2009-214-01"]}, {"type": "suse", "idList": ["SUSE-SA:2009:050"]}, {"type": "ubuntu", "idList": ["USN-802-1"]}]}, "exploitation": null, "vulnersScore": 5.8}, "pluginID": "1361412562310800827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_mod_proxy_dos_vuln.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# Apache 'mod_proxy_http.c' Denial Of Service Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800827\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-07 11:58:41 +0200 (Tue, 07 Jul 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2009-1890\");\n script_bugtraq_id(35565);\n script_name(\"Apache 'mod_proxy_http.c' Denial Of Service Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"apache/installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/35691\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/1773\");\n script_xref(name:\"URL\", value:\"http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause Denial of Service\n to the legitimate user by CPU consumption.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server version prior to 2.3.3.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to error in 'stream_reqbody_cl' function in 'mod_proxy_http.c'\n in the mod_proxy module. When a reverse proxy is configured, it does not properly\n handle an amount of streamed data that exceeds the Content-Length value via crafted requests.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.3.3 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache HTTP Server and is prone to Denial of Service\n vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n exit( 0 );\n\nif( version_is_less( version:vers, test_version:\"2.3.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.3.3\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "naslFamily": "Denial of Service", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"httpd": [{"lastseen": "2021-07-28T15:48:19", "description": "A denial of service flaw was found in the mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "httpd", "title": "Apache Httpd < 2.2.12 : mod_proxy reverse proxy DoS", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1890"], "modified": "2009-07-27T00:00:00", "id": "HTTPD:B44AEE5F83602723E751B3341D72C01D", "href": "https://httpd.apache.org/security_report.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2017-09-19T12:03:48", "description": "This host is running Apache HTTP Server and is prone to Denial of Service\n vulnerability.", "cvss3": {}, "published": "2009-07-07T00:00:00", "type": "openvas", "title": "Apache 'mod_proxy_http.c' Denial Of Service Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890"], "modified": "2017-09-18T00:00:00", "id": "OPENVAS:800827", "href": "http://plugins.openvas.org/nasl.php?oid=800827", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apache_mod_proxy_dos_vuln.nasl 7176 2017-09-18 12:01:01Z cfischer $\n#\n# Apache 'mod_proxy_http.c' Denial Of Service Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause Denial of Service\n to the legitimate user by CPU consumption.\n Impact Level: Application\";\ntag_affected = \"Apache HTTP Server version prior to 2.3.3\";\ntag_insight = \"The flaw is due to error in 'stream_reqbody_cl' function in 'mod_proxy_http.c'\n in the mod_proxy module. When a reverse proxy is configured, it does not properly\n handle an amount of streamed data that exceeds the Content-Length value via\n crafted requests.\";\ntag_solution = \"Fixed in the SVN repository.\n http://svn.apache.org/viewvc?view=rev&revision=790587\";\ntag_summary = \"This host is running Apache HTTP Server and is prone to Denial of Service\n vulnerability.\";\n\nif(description)\n{\n script_id(800827);\n script_version(\"$Revision: 7176 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-18 14:01:01 +0200 (Mon, 18 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-07 11:58:41 +0200 (Tue, 07 Jul 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_cve_id(\"CVE-2009-1890\");\n script_bugtraq_id(35565);\n script_name(\"Apache 'mod_proxy_http.c' Denial Of Service Vulnerability\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_apache_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/35691\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/1773\");\n script_xref(name : \"URL\" , value : \"http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nhttpdPort = get_http_port(default:80);\nif(httpdPort == NULL){\n exit(0);\n}\n\nhttpdVer = get_kb_item(\"www/\" + httpdPort + \"/Apache\");\nif(httpdVer == NULL){\n exit(0);\n}\n\nif(version_is_less(version:httpdVer, test_version:\"2.3.3\")){\n security_message(httpdPort);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:00", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1148.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1148", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064385", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064385", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1148.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1148 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1148.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64385\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1148\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1148.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:54", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1148.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1148", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64385", "href": "http://plugins.openvas.org/nasl.php?oid=64385", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1148.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1148 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1148.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64385);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1148\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1148.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~22.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:09", "description": "The remote host is missing an update to apache2\nannounced via advisory DSA 1834-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1834-1 (apache2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64423", "href": "http://plugins.openvas.org/nasl.php?oid=64423", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1834_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1834-1 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time. This\nissue did not affect Debian 4.0 etch. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. A similar flaw related to HEAD requests for compressed content\nwas also fixed. (CVE-2009-1891)\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny4.\n\nThe oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch9.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 2.2.11-7.\n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.\n\nUpdated packages for the s390 and mipsel architectures are not\nincluded yet. They will be released as soon as they become available.\";\ntag_summary = \"The remote host is missing an update to apache2\nannounced via advisory DSA 1834-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201834-1\";\n\n\nif(description)\n{\n script_id(64423);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1834-1 (apache2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.3-01-2+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.6-02-1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:58", "description": "The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:168.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:168 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064500", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064500", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_168.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:168 (apache)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in apache:\n\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\nmodule in the Apache HTTP Server before 2.3.3, when a reverse proxy\nis configured, does not properly handle an amount of streamed data\nthat exceeds the Content-Length value, which allows remote attackers\nto cause a denial of service (CPU consumption) via crafted requests\n(CVE-2009-1890).\n\nFix a potential Denial-of-Service attack against mod_deflate or other\nmodules, by forcing the server to consume CPU time in compressing a\nlarge file after a client disconnects (CVE-2009-1891).\n\nThis update provides fixes for these vulnerabilities.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:168\";\ntag_summary = \"The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:168.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64500\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:168 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:40", "description": "The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:168.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:168 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64500", "href": "http://plugins.openvas.org/nasl.php?oid=64500", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_168.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:168 (apache)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in apache:\n\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\nmodule in the Apache HTTP Server before 2.3.3, when a reverse proxy\nis configured, does not properly handle an amount of streamed data\nthat exceeds the Content-Length value, which allows remote attackers\nto cause a denial of service (CPU consumption) via crafted requests\n(CVE-2009-1890).\n\nFix a potential Denial-of-Service attack against mod_deflate or other\nmodules, by forcing the server to consume CPU time in compressing a\nlarge file after a client disconnects (CVE-2009-1891).\n\nThis update provides fixes for these vulnerabilities.\n\nAffected: Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:168\";\ntag_summary = \"The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:168.\";\n\n \n\nif(description)\n{\n script_id(64500);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:168 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.4mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:49", "description": "The remote host is missing updates to httpd announced in\nadvisory CESA-2009:1148.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1148 (httpd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064448", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064448", "sourceData": "#CESA-2009:1148 64448 2\n# $Id: ovcesa2009_1148.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1148 (httpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1148\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1148\nhttps://rhn.redhat.com/errata/RHSA-2009-1148.html\";\ntag_summary = \"The remote host is missing updates to httpd announced in\nadvisory CESA-2009:1148.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64448\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1148 (httpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:25", "description": "The remote host is missing an update to apache2\nannounced via advisory DSA 1834-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1834-1 (apache2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064423", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064423", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1834_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1834-1 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time. This\nissue did not affect Debian 4.0 etch. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. A similar flaw related to HEAD requests for compressed content\nwas also fixed. (CVE-2009-1891)\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny4.\n\nThe oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch9.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 2.2.11-7.\n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.\n\nUpdated packages for the s390 and mipsel architectures are not\nincluded yet. They will be released as soon as they become available.\";\ntag_summary = \"The remote host is missing an update to apache2\nannounced via advisory DSA 1834-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201834-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64423\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1834-1 (apache2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.3-01-2+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.3-4+etch9\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.6-02-1+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-dbg\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-10+lenny4\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:50", "description": "Check for the Version of httpd", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2009:1148 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880849", "href": "http://plugins.openvas.org/nasl.php?oid=880849", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2009:1148 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular Web server.\n\n A denial of service flaw was found in the Apache mod_proxy module when it\n was used as a reverse proxy. A remote attacker could use this flaw to force\n a proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n \n A denial of service flaw was found in the Apache mod_deflate module. This\n module continued to compress large files until compression was complete,\n even if the network connection that requested the content was closed before\n compression completed. This would cause mod_deflate to consume large\n amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n \n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"httpd on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-July/016028.html\");\n script_id(880849);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1148\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_name(\"CentOS Update for httpd CESA-2009:1148 centos5 i386\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for httpd CESA-2009:1148 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880849", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880849", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2009:1148 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-July/016028.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880849\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1148\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_name(\"CentOS Update for httpd CESA-2009:1148 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 5\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular Web server.\n\n A denial of service flaw was found in the Apache mod_proxy module when it\n was used as a reverse proxy. A remote attacker could use this flaw to force\n a proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\n A denial of service flaw was found in the Apache mod_deflate module. This\n module continued to compress large files until compression was complete,\n even if the network connection that requested the content was closed before\n compression completed. This would cause mod_deflate to consume large\n amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:56:25", "description": "The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:149.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:149 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:64391", "href": "http://plugins.openvas.org/nasl.php?oid=64391", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_149.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:149 (apache)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in apache:\n\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\nmodule in the Apache HTTP Server before 2.3.3, when a reverse proxy\nis configured, does not properly handle an amount of streamed data\nthat exceeds the Content-Length value, which allows remote attackers\nto cause a denial of service (CPU consumption) via crafted requests\n(CVE-2009-1890).\n\nFix a potential Denial-of-Service attack against mod_deflate or other\nmodules, by forcing the server to consume CPU time in compressing a\nlarge file after a client disconnects (CVE-2009-1891).\n\nThis update provides fixes for these vulnerabilities.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,\n Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:149\";\ntag_summary = \"The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:149.\";\n\n \n\nif(description)\n{\n script_id(64391);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:149 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-common\", rpm:\"apache2-common~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-manual\", rpm:\"apache2-manual~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_cache\", rpm:\"apache2-mod_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_dav\", rpm:\"apache2-mod_dav~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_deflate\", rpm:\"apache2-mod_deflate~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_disk_cache\", rpm:\"apache2-mod_disk_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_file_cache\", rpm:\"apache2-mod_file_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_ldap\", rpm:\"apache2-mod_ldap~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_mem_cache\", rpm:\"apache2-mod_mem_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_proxy\", rpm:\"apache2-mod_proxy~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_ssl\", rpm:\"apache2-mod_ssl~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-modules\", rpm:\"apache2-modules~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-source\", rpm:\"apache2-source~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr0\", rpm:\"libapr0~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64apr0\", rpm:\"lib64apr0~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-common\", rpm:\"apache2-common~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-manual\", rpm:\"apache2-manual~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_cache\", rpm:\"apache2-mod_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_dav\", rpm:\"apache2-mod_dav~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_deflate\", rpm:\"apache2-mod_deflate~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_disk_cache\", rpm:\"apache2-mod_disk_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_file_cache\", rpm:\"apache2-mod_file_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_ldap\", rpm:\"apache2-mod_ldap~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_mem_cache\", rpm:\"apache2-mod_mem_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_proxy\", rpm:\"apache2-mod_proxy~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_ssl\", rpm:\"apache2-mod_ssl~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-modules\", rpm:\"apache2-modules~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-source\", rpm:\"apache2-source~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr0\", rpm:\"libapr0~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "description": "The remote host is missing updates to httpd announced in\nadvisory CESA-2009:1148.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1148 (httpd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64448", "href": "http://plugins.openvas.org/nasl.php?oid=64448", "sourceData": "#CESA-2009:1148 64448 2\n# $Id: ovcesa2009_1148.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1148 (httpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1148\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1148\nhttps://rhn.redhat.com/errata/RHSA-2009-1148.html\";\ntag_summary = \"The remote host is missing updates to httpd announced in\nadvisory CESA-2009:1148.\";\n\n\n\nif(description)\n{\n script_id(64448);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1148 (httpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~22.el5.centos.2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:50", "description": "The remote host is missing an update to apache2\nannounced via advisory USN-802-2.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Ubuntu USN-802-2 (apache2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64774", "href": "http://plugins.openvas.org/nasl.php?oid=64774", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_802_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_802_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-802-2 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.8\n apache2-mpm-perchild 2.0.55-4ubuntu2.8\n apache2-mpm-prefork 2.0.55-4ubuntu2.8\n apache2-mpm-worker 2.0.55-4ubuntu2.8\n libapr0 2.0.55-4ubuntu2.8\n\nUbuntu 8.04 LTS:\n apache2-mpm-event 2.2.8-1ubuntu0.11\n apache2-mpm-perchild 2.2.8-1ubuntu0.11\n apache2-mpm-prefork 2.2.8-1ubuntu0.11\n apache2-mpm-worker 2.2.8-1ubuntu0.11\n apache2.2-common 2.2.8-1ubuntu0.11\n\nUbuntu 8.10:\n apache2-mpm-event 2.2.9-7ubuntu3.3\n apache2-mpm-prefork 2.2.9-7ubuntu3.3\n apache2-mpm-worker 2.2.9-7ubuntu3.3\n apache2.2-common 2.2.9-7ubuntu3.3\n\nUbuntu 9.04:\n apache2-mpm-event 2.2.11-2ubuntu2.3\n apache2-mpm-prefork 2.2.11-2ubuntu2.3\n apache2-mpm-worker 2.2.11-2ubuntu2.3\n apache2.2-common 2.2.11-2ubuntu2.3\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-802-2\";\n\ntag_insight = \"USN-802-1 fixed vulnerabilities in Apache. The upstream fix for\nCVE-2009-1891 introduced a regression that would cause Apache children to\noccasionally segfault when mod_deflate is used. This update fixes the\nproblem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that mod_proxy_http did not properly handle a large\n amount of streamed data when used as a reverse proxy. A remote attacker\n could exploit this and cause a denial of service via memory resource\n consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.\n (CVE-2009-1890)\n \n It was discovered that mod_deflate did not abort compressing large files\n when the connection was closed. A remote attacker could exploit this and\n cause a denial of service via CPU resource consumption. (CVE-2009-1891)\";\ntag_summary = \"The remote host is missing an update to apache2\nannounced via advisory USN-802-2.\";\n\n \n\n\nif(description)\n{\n script_id(64774);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1891\", \"CVE-2009-1890\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Ubuntu USN-802-2 (apache2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-802-2/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.8\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.11\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-7ubuntu3.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.11-2ubuntu2.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:16", "description": "The remote host is missing an update to apache2\nannounced via advisory DSA 1834-2.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1834-2 (apache2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064559", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064559", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1834_2.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1834-2 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The previous update caused a regression for apache2 in Debian 4.0\netch. Using mod_deflate together with mod_php could cause segfaults\nwhen a client aborts a connection. This update corrects this flaw.\nFor reference the original advisory text is below.\n\n\nA denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time. This\nissue did not affect Debian 4.0 etch. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. A similar flaw related to HEAD requests for compressed content\nwas also fixed. (CVE-2009-1891)\n\n\nThe oldstable distribution (etch), this problem has been fixed in\nversion 2.2.3-4+etch10.\n\nThe other distributions stable (lenny), testing (squeeze) and\nunstable (sid) were not affected by the regression.\n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.\n\nUpdated packages for apache2-mpm-itk for the s390 architecture are\nnot included yet. They will be released as soon as they become\navailable.\n\nWe recommend that you upgrade your apache2 (2.2.3-4+etch10), apache2-mpm-itk\";\ntag_summary = \"The remote host is missing an update to apache2\nannounced via advisory DSA 1834-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201834-2\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64559\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1834-2 (apache2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.3-01-2+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:16", "description": "The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:149.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:149 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064391", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064391", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_149.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:149 (apache)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been found and corrected in apache:\n\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\nmodule in the Apache HTTP Server before 2.3.3, when a reverse proxy\nis configured, does not properly handle an amount of streamed data\nthat exceeds the Content-Length value, which allows remote attackers\nto cause a denial of service (CPU consumption) via crafted requests\n(CVE-2009-1890).\n\nFix a potential Denial-of-Service attack against mod_deflate or other\nmodules, by forcing the server to consume CPU time in compressing a\nlarge file after a client disconnects (CVE-2009-1891).\n\nThis update provides fixes for these vulnerabilities.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,\n Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:149\";\ntag_summary = \"The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:149.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64391\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:149 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.8~6.5mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.11~10.4mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-common\", rpm:\"apache2-common~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-manual\", rpm:\"apache2-manual~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_cache\", rpm:\"apache2-mod_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_dav\", rpm:\"apache2-mod_dav~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_deflate\", rpm:\"apache2-mod_deflate~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_disk_cache\", rpm:\"apache2-mod_disk_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_file_cache\", rpm:\"apache2-mod_file_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_ldap\", rpm:\"apache2-mod_ldap~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_mem_cache\", rpm:\"apache2-mod_mem_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_proxy\", rpm:\"apache2-mod_proxy~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_ssl\", rpm:\"apache2-mod_ssl~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-modules\", rpm:\"apache2-modules~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-source\", rpm:\"apache2-source~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr0\", rpm:\"libapr0~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64apr0\", rpm:\"lib64apr0~2.0.48~6.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.3~1.7.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-common\", rpm:\"apache2-common~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-manual\", rpm:\"apache2-manual~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_cache\", rpm:\"apache2-mod_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_dav\", rpm:\"apache2-mod_dav~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_deflate\", rpm:\"apache2-mod_deflate~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_disk_cache\", rpm:\"apache2-mod_disk_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_file_cache\", rpm:\"apache2-mod_file_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_ldap\", rpm:\"apache2-mod_ldap~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_mem_cache\", rpm:\"apache2-mod_mem_cache~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_proxy\", rpm:\"apache2-mod_proxy~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-mod_ssl\", rpm:\"apache2-mod_ssl~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-modules\", rpm:\"apache2-modules~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-source\", rpm:\"apache2-source~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr0\", rpm:\"libapr0~2.0.48~6.21.C30mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:25", "description": "The remote host is missing an update to apache2\nannounced via advisory DSA 1834-2.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1834-2 (apache2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64559", "href": "http://plugins.openvas.org/nasl.php?oid=64559", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1834_2.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1834-2 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The previous update caused a regression for apache2 in Debian 4.0\netch. Using mod_deflate together with mod_php could cause segfaults\nwhen a client aborts a connection. This update corrects this flaw.\nFor reference the original advisory text is below.\n\n\nA denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time. This\nissue did not affect Debian 4.0 etch. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. A similar flaw related to HEAD requests for compressed content\nwas also fixed. (CVE-2009-1891)\n\n\nThe oldstable distribution (etch), this problem has been fixed in\nversion 2.2.3-4+etch10.\n\nThe other distributions stable (lenny), testing (squeeze) and\nunstable (sid) were not affected by the regression.\n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.\n\nUpdated packages for apache2-mpm-itk for the s390 architecture are\nnot included yet. They will be released as soon as they become\navailable.\n\nWe recommend that you upgrade your apache2 (2.2.3-4+etch10), apache2-mpm-itk\";\ntag_summary = \"The remote host is missing an update to apache2\nannounced via advisory DSA 1834-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201834-2\";\n\n\nif(description)\n{\n script_id(64559);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Debian Security Advisory DSA 1834-2 (apache2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.3-01-2+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.3-4+etch10\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:08", "description": "Oracle Linux Local Security Checks ELSA-2009-1148", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1148", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122468", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122468", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1148.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122468\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:46:00 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1148\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1148 - httpd security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1148\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1148.html\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~22.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~22.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~22.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~22.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-27T10:55:43", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1156.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nA flaw was found in the handling of the Options and AllowOverride\ndirectives used by the Apache HTTP Server. In configurations using the\nAllowOverride directive with certain Options= arguments, local users\nwere not restricted from executing commands from a Server-Side-Include\nscript as intended. (CVE-2009-1195)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1156", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64388", "href": "http://plugins.openvas.org/nasl.php?oid=64388", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1156.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1156 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1156.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nA flaw was found in the handling of the Options and AllowOverride\ndirectives used by the Apache HTTP Server. In configurations using the\nAllowOverride directive with certain Options= arguments, local users\nwere not restricted from executing commands from a Server-Side-Include\nscript as intended. (CVE-2009-1195)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64388);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1156\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1156.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:27", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1156.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nA flaw was found in the handling of the Options and AllowOverride\ndirectives used by the Apache HTTP Server. In configurations using the\nAllowOverride directive with certain Options= arguments, local users\nwere not restricted from executing commands from a Server-Side-Include\nscript as intended. (CVE-2009-1195)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1156", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064388", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064388", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1156.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1156 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1156.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nA flaw was found in the handling of the Options and AllowOverride\ndirectives used by the Apache HTTP Server. In configurations using the\nAllowOverride directive with certain Options= arguments, local users\nwere not restricted from executing commands from a Server-Side-Include\nscript as intended. (CVE-2009-1195)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64388\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1156\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1156.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.11~3.el5s2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:27", "description": "The remote host is missing an update to httpd\nannounced via advisory FEDORA-2009-8812.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8812 (httpd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64741", "href": "http://plugins.openvas.org/nasl.php?oid=64741", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8812.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8812 (httpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a powerful, efficient, and extensible\nweb server.\n\nUpdate Information:\n\nThis update includes the latest release of the Apache HTTP Server, version\n2.2.13, fixing several security issues:\n\n* Fix a potential Denial-of-Service attack against mod_deflate or\n other modules, by forcing the server to consume CPU time in compressing\n a large file after a client disconnects. (CVE-2009-1891)\n* Prevent the Includes Option from being enabled in an\n .htaccess file if the AllowOverride restrictions do not permit it.\n (CVE-2009-1195)\n* Fix a potential Denial-of-Service attack against mod_proxy\n in a reverse proxy configuration, where a remote attacker can force a proxy\n process to consume CPU time indefinitely. (CVE-2009-1890)\n* mod_proxy_ajp: Avoid delivering content from a previous request\n which failed to send a request body. (CVE-2009-1191)\n\nMany bug fixes are also included; see the upstream\nchangelog for further details:\n\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.13\n\nChangeLog:\n\n* Tue Aug 18 2009 Joe Orton 2.2.13-1\n- update to 2.2.13\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update httpd' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8812\";\ntag_summary = \"The remote host is missing an update to httpd\nannounced via advisory FEDORA-2009-8812.\";\n\n\n\nif(description)\n{\n script_id(64741);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1891\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1191\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8812 (httpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=509375\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=509125\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=489436\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:21", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-04.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-04 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64426", "href": "http://plugins.openvas.org/nasl.php?oid=64426", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in the Apache HTTP daemon allow for local\nprivilege escalation, information disclosure or Denial of Service\nattacks.\";\ntag_solution = \"All Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.11-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=268154\nhttp://bugs.gentoo.org/show_bug.cgi?id=271470\nhttp://bugs.gentoo.org/show_bug.cgi?id=276426\nhttp://bugs.gentoo.org/show_bug.cgi?id=276792\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-04.\";\n\n \n \n\nif(description)\n{\n script_id(64426);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1191\", \"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200907-04 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-servers/apache\", unaffected: make_list(\"ge 2.2.11-r2\"), vulnerable: make_list(\"lt 2.2.11-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:59", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-worker\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5060942 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SLES9: Security update for Apache 2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3094", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-1891"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66070", "href": "http://plugins.openvas.org/nasl.php?oid=66070", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5060942.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-worker\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5060942 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(66070);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.59~1.14\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:06", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-04.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-04 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064426", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064426", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in the Apache HTTP daemon allow for local\nprivilege escalation, information disclosure or Denial of Service\nattacks.\";\ntag_solution = \"All Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.11-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=268154\nhttp://bugs.gentoo.org/show_bug.cgi?id=271470\nhttp://bugs.gentoo.org/show_bug.cgi?id=276426\nhttp://bugs.gentoo.org/show_bug.cgi?id=276792\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-04.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64426\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1191\", \"CVE-2009-1890\", \"CVE-2009-1891\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200907-04 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-servers/apache\", unaffected: make_list(\"ge 2.2.11-r2\"), vulnerable: make_list(\"lt 2.2.11-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:24", "description": "The remote host is missing an update to httpd\nannounced via advisory FEDORA-2009-8812.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8812 (httpd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064741", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064741", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8812.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8812 (httpd)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a powerful, efficient, and extensible\nweb server.\n\nUpdate Information:\n\nThis update includes the latest release of the Apache HTTP Server, version\n2.2.13, fixing several security issues:\n\n* Fix a potential Denial-of-Service attack against mod_deflate or\n other modules, by forcing the server to consume CPU time in compressing\n a large file after a client disconnects. (CVE-2009-1891)\n* Prevent the Includes Option from being enabled in an\n .htaccess file if the AllowOverride restrictions do not permit it.\n (CVE-2009-1195)\n* Fix a potential Denial-of-Service attack against mod_proxy\n in a reverse proxy configuration, where a remote attacker can force a proxy\n process to consume CPU time indefinitely. (CVE-2009-1890)\n* mod_proxy_ajp: Avoid delivering content from a previous request\n which failed to send a request body. (CVE-2009-1191)\n\nMany bug fixes are also included; see the upstream\nchangelog for further details:\n\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.13\n\nChangeLog:\n\n* Tue Aug 18 2009 Joe Orton 2.2.13-1\n- update to 2.2.13\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update httpd' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8812\";\ntag_summary = \"The remote host is missing an update to httpd\nannounced via advisory FEDORA-2009-8812.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64741\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1891\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1191\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8812 (httpd)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=509375\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=509125\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=489436\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.13~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:37", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-worker\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5060942 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SLES9: Security update for Apache 2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3094", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-1891"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066070", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066070", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5060942.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-worker\n libapr0\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5060942 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66070\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.0.59~1.14\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:37", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-worker\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SLES10: Security update for Apache 2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3094", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66074", "href": "http://plugins.openvas.org/nasl.php?oid=66074", "sourceData": "#\n#VID slesp2-apache2-6571\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-worker\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66074);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:40", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-utils\n apache2-worker\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SLES11: Security update for Apache 2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3094", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66081", "href": "http://plugins.openvas.org/nasl.php?oid=66081", "sourceData": "#\n#VID ca7f5abf8025ba6ef69af14cd6570458\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-utils\n apache2-worker\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=521906\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=513080\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=512583\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=539571\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=519194\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=538322\");\n script_id(66081);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:38", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-utils\n apache2-worker\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SLES11: Security update for Apache 2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3094", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066081", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066081", "sourceData": "#\n#VID ca7f5abf8025ba6ef69af14cd6570458\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-utils\n apache2-worker\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=521906\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=513080\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=512583\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=539571\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=519194\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=538322\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.66081\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES11: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.10~2.21.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:28", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-worker\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SLES10: Security update for Apache 2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3094", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066074", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066074", "sourceData": "#\n#VID slesp2-apache2-6571\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Apache 2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2\n apache2-devel\n apache2-doc\n apache2-example-pages\n apache2-prefork\n apache2-worker\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66074\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for Apache 2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.3~16.25.4\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:34", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:050.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3094", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-2412", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066106", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066106", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_050.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:050 (apache2,libapr1)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache web server was updated to fix various security issues:\n- the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195)\n- mod_proxy could run into an infinite loop when used as reverse proxy\n(CVE-2009-1890)\n- mod_deflate continued to compress large files even after a network\nconnection was closed, causing mod_deflate to consume large amounts\nof CPU (CVE-2009-1891)\n- The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in\nthe mod_proxy_ftp module allows remote FTP servers to cause a denial\nof service (NULL pointer dereference and child process crash) via a\nmalformed reply to an EPSV command. (CVE-2009-3094)\n- access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)\n\nAlso the libapr1 and libapr-util1 Apache helper libraries were updated\nto fix multiple integer overflows that could probably be used to\nexecute arbitrary code remotely. (CVE-2009-2412)\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:050\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:050.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66106\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-2412\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-debuginfo\", rpm:\"libapr-util1-debuginfo~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-debugsource\", rpm:\"libapr-util1-debugsource~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-debuginfo\", rpm:\"libapr1-debuginfo~1.3.3~12.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-debugsource\", rpm:\"libapr1-debugsource~1.3.3~12.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1\", rpm:\"libapr1~1.3.3~12.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel\", rpm:\"libapr1-devel~1.3.3~12.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-debuginfo\", rpm:\"libapr-util1-debuginfo~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-debugsource\", rpm:\"libapr-util1-debugsource~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-debuginfo\", rpm:\"libapr1-debuginfo~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-debugsource\", rpm:\"libapr1-debugsource~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1\", rpm:\"libapr1~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel\", rpm:\"libapr1-devel~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1\", rpm:\"libapr1~1.2.9~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel\", rpm:\"libapr1-devel~1.2.9~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-64bit\", rpm:\"libapr-util1-64bit~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel-64bit\", rpm:\"libapr-util1-devel-64bit~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-64bit\", rpm:\"libapr1-64bit~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel-64bit\", rpm:\"libapr1-devel-64bit~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-64bit\", rpm:\"libapr-util1-64bit~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel-64bit\", rpm:\"libapr-util1-devel-64bit~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-64bit\", rpm:\"libapr1-64bit~1.2.9~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel-64bit\", rpm:\"libapr1-devel-64bit~1.2.9~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:18", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:050.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3094", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-2412", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:66106", "href": "http://plugins.openvas.org/nasl.php?oid=66106", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_050.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:050 (apache2,libapr1)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache web server was updated to fix various security issues:\n- the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195)\n- mod_proxy could run into an infinite loop when used as reverse proxy\n(CVE-2009-1890)\n- mod_deflate continued to compress large files even after a network\nconnection was closed, causing mod_deflate to consume large amounts\nof CPU (CVE-2009-1891)\n- The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in\nthe mod_proxy_ftp module allows remote FTP servers to cause a denial\nof service (NULL pointer dereference and child process crash) via a\nmalformed reply to an EPSV command. (CVE-2009-3094)\n- access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)\n\nAlso the libapr1 and libapr-util1 Apache helper libraries were updated\nto fix multiple integer overflows that could probably be used to\nexecute arbitrary code remotely. (CVE-2009-2412)\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:050\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:050.\";\n\n \n\nif(description)\n{\n script_id(66106);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-2412\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-debuginfo\", rpm:\"libapr-util1-debuginfo~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-debugsource\", rpm:\"libapr-util1-debugsource~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-debuginfo\", rpm:\"libapr1-debuginfo~1.3.3~12.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-debugsource\", rpm:\"libapr1-debugsource~1.3.3~12.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.10~2.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.3.4~13.3.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1\", rpm:\"libapr1~1.3.3~12.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel\", rpm:\"libapr1-devel~1.3.3~12.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-debuginfo\", rpm:\"libapr-util1-debuginfo~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-debugsource\", rpm:\"libapr-util1-debugsource~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-debuginfo\", rpm:\"libapr1-debuginfo~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-debugsource\", rpm:\"libapr1-debugsource~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.8~28.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1\", rpm:\"libapr1~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel\", rpm:\"libapr1-devel~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.2.4~70.11\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1\", rpm:\"libapr-util1~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-mysql\", rpm:\"libapr-util1-dbd-mysql~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-pgsql\", rpm:\"libapr-util1-dbd-pgsql~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-dbd-sqlite3\", rpm:\"libapr-util1-dbd-sqlite3~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel\", rpm:\"libapr-util1-devel~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1\", rpm:\"libapr1~1.2.9~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel\", rpm:\"libapr1-devel~1.2.9~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-64bit\", rpm:\"libapr-util1-64bit~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel-64bit\", rpm:\"libapr-util1-devel-64bit~1.2.12~43.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-64bit\", rpm:\"libapr1-64bit~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel-64bit\", rpm:\"libapr1-devel-64bit~1.2.12~27.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-64bit\", rpm:\"libapr-util1-64bit~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr-util1-devel-64bit\", rpm:\"libapr-util1-devel-64bit~1.2.8~68.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-64bit\", rpm:\"libapr1-64bit~1.2.9~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libapr1-devel-64bit\", rpm:\"libapr1-devel-64bit~1.2.9~9.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:43", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-214-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-214-01 httpd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231064571", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064571", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_214_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64571\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-1891\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1191\", \"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-214-01 httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-214-01\");\n\n script_tag(name:\"insight\", value:\"New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-214-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:50:35", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-214-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-214-01 httpd ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64571", "href": "http://plugins.openvas.org/nasl.php?oid=64571", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_214_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-214-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-214-01\";\n \nif(description)\n{\n script_id(64571);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-1891\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1191\", \"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-214-01 httpd \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"httpd\", ver:\"2.2.12-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:17", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "FreeBSD Ports: apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2003-1564", "CVE-2009-1195"], "modified": "2016-12-21T00:00:00", "id": "OPENVAS:64783", "href": "http://plugins.openvas.org/nasl.php?oid=64783", "sourceData": "#\n#VID e15f2356-9139-11de-8f42-001aa0166822\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e15f2356-9139-11de-8f42-001aa0166822\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apache\n\nCVE-2009-1891\nThe mod_deflate module in Apache httpd 2.2.11 and earlier compresses\nlarge files until completion even after the associated network\nconnection is closed, which allows remote attackers to cause a denial\nof service (CPU consumption).\n\nCVE-2009-1195\nThe Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\nproperly handle Options=IncludesNOEXEC in the AllowOverride directive,\nwhich allows local users to gain privileges by configuring (1) Options\nIncludes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n.htaccess file, and then inserting an exec element in a .shtml file.\n\nCVE-2009-1890\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\nmodule in the Apache HTTP Server before 2.3.3, when a reverse proxy is\nconfigured, does not properly handle an amount of streamed data that\nexceeds the Content-Length value, which allows remote attackers to\ncause a denial of service (CPU consumption) via crafted requests.\n\nCVE-2009-1191\nmod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server\n2.2.11 allows remote attackers to obtain sensitive response data,\nintended for a client that sent an earlier POST request with no\nrequest body, via an HTTP request.\n\nCVE-2009-0023\nThe apr_strmatch_precompile function in strmatch/apr_strmatch.c in\nApache APR-util before 1.3.5 allows remote attackers to cause a denial\nof service (daemon crash) via crafted input involving (1) a .htaccess\nfile used with the Apache HTTP Server, (2) the SVNMasterURI directive\nin the mod_dav_svn module in the Apache HTTP Server, (3) the\nmod_apreq2 module for the Apache HTTP Server, or (4) an application\nthat uses the libapreq2 library, which triggers a heap-based buffer\nunderflow.\n\nCVE-2009-1955\nThe expat XML parser in the apr_xml_* interface in xml/apr_xml.c in\nApache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn\nmodules in the Apache HTTP Server, allows remote attackers to cause a\ndenial of service (memory consumption) via a crafted XML document\ncontaining a large number of nested entity references, as demonstrated\nby a PROPFIND request, a similar issue to CVE-2003-1564.\n\nCVE-2009-1956\nOff-by-one error in the apr_brigade_vprintf function in Apache\nAPR-util before 1.3.5 on big-endian platforms allows remote attackers\nto obtain sensitive information or cause a denial of service\n(application crash) via crafted input.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\n\n\nif(description)\n{\n script_id(64783);\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1891\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1191\", \"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.2.0\")>0 && revcomp(a:bver, b:\"2.2.12\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:20", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-09-02T00:00:00", "type": "openvas", "title": "FreeBSD Ports: apache", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2003-1564", "CVE-2009-1195"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064783", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064783", "sourceData": "#\n#VID e15f2356-9139-11de-8f42-001aa0166822\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e15f2356-9139-11de-8f42-001aa0166822\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apache\n\nCVE-2009-1891\nThe mod_deflate module in Apache httpd 2.2.11 and earlier compresses\nlarge files until completion even after the associated network\nconnection is closed, which allows remote attackers to cause a denial\nof service (CPU consumption).\n\nCVE-2009-1195\nThe Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\nproperly handle Options=IncludesNOEXEC in the AllowOverride directive,\nwhich allows local users to gain privileges by configuring (1) Options\nIncludes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n.htaccess file, and then inserting an exec element in a .shtml file.\n\nCVE-2009-1890\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\nmodule in the Apache HTTP Server before 2.3.3, when a reverse proxy is\nconfigured, does not properly handle an amount of streamed data that\nexceeds the Content-Length value, which allows remote attackers to\ncause a denial of service (CPU consumption) via crafted requests.\n\nCVE-2009-1191\nmod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server\n2.2.11 allows remote attackers to obtain sensitive response data,\nintended for a client that sent an earlier POST request with no\nrequest body, via an HTTP request.\n\nCVE-2009-0023\nThe apr_strmatch_precompile function in strmatch/apr_strmatch.c in\nApache APR-util before 1.3.5 allows remote attackers to cause a denial\nof service (daemon crash) via crafted input involving (1) a .htaccess\nfile used with the Apache HTTP Server, (2) the SVNMasterURI directive\nin the mod_dav_svn module in the Apache HTTP Server, (3) the\nmod_apreq2 module for the Apache HTTP Server, or (4) an application\nthat uses the libapreq2 library, which triggers a heap-based buffer\nunderflow.\n\nCVE-2009-1955\nThe expat XML parser in the apr_xml_* interface in xml/apr_xml.c in\nApache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn\nmodules in the Apache HTTP Server, allows remote attackers to cause a\ndenial of service (memory consumption) via a crafted XML document\ncontaining a large number of nested entity references, as demonstrated\nby a PROPFIND request, a similar issue to CVE-2003-1564.\n\nCVE-2009-1956\nOff-by-one error in the apr_brigade_vprintf function in Apache\nAPR-util before 1.3.5 on big-endian platforms allows remote attackers\nto obtain sensitive information or cause a denial of service\n(application crash) via crafted input.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64783\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-1891\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1191\", \"CVE-2009-0023\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.2.0\")>0 && revcomp(a:bver, b:\"2.2.12\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:27", "description": "The remote host is missing an update for the Apache-based Web Server package(s) announced via the referenced advisory.", "cvss3": {}, "published": "2011-01-04T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache-based Web Server HPSBUX02612", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3918", "CVE-2009-1955", "CVE-2007-6203", "CVE-2009-1890", "CVE-2009-0023", "CVE-2010-1452", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2018-10-04T00:00:00", "id": "OPENVAS:1361412562310835247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_hp_ux_HPSBUX02612.nasl 11739 2018-10-04 07:49:31Z cfischer $\n#\n# HP-UX Update for Apache-based Web Server HPSBUX02612\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02579879\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835247\");\n script_version(\"$Revision: 11739 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-04 09:49:31 +0200 (Thu, 04 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"HPSBUX\", value:\"02612\");\n script_cve_id(\"CVE-2010-1452\", \"CVE-2009-1956\", \"CVE-2009-1955\", \"CVE-2009-1891\", \"CVE-2009-1890\", \"CVE-2009-1195\", \"CVE-2009-0023\", \"CVE-2007-6203\", \"CVE-2006-3918\");\n script_name(\"HP-UX Update for Apache-based Web Server HPSBUX02612\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Apache-based Web Server package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/hp_pkgrev\", re:\"ssh/login/release=HPUX(11\\.31|11\\.23|11\\.11)\");\n\n script_tag(name:\"impact\", value:\"Local information disclosure, increase of privilege, remote Denial of Service (DoS)\");\n\n script_tag(name:\"affected\", value:\"Apache-based Web Server on HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to\n v2.0.63.01 HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX\n Web Server Suite v.2.32\");\n\n script_tag(name:\"insight\", value:\"Potential security vulnerabilities have been identified with HP-UX\n Apache-based Web Server. These vulnerabilities could be exploited locally to\n disclose information, increase privilege or remotely create a Denial of\n Service (DoS).\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = hpux_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:55:52", "description": "Check for the Version of Apache-based Web Server", "cvss3": {}, "published": "2011-01-04T00:00:00", "type": "openvas", "title": "HP-UX Update for Apache-based Web Server HPSBUX02612", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-3918", "CVE-2009-1955", "CVE-2007-6203", "CVE-2009-1890", "CVE-2009-0023", "CVE-2010-1452", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835247", "href": "http://plugins.openvas.org/nasl.php?oid=835247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache-based Web Server HPSBUX02612\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Local information disclosure\n increase of privilege\n remote Denial of Service (DoS)\";\ntag_affected = \"Apache-based Web Server on\n HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to \n v2.0.63.01 HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX \n Web Server Suite v.2.32\";\ntag_insight = \"Potential security vulnerabilities have been identified with HP-UX \n Apache-based Web Server. These vulnerabilities could be exploited locally to \n disclose information, increase privilege or remotely create a Denial of \n Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02579879\");\n script_id(835247);\n script_version(\"$Revision: 6582 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:11:56 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-04 15:48:51 +0100 (Tue, 04 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02612\");\n script_cve_id(\"CVE-2010-1452\", \"CVE-2009-1956\", \"CVE-2009-1955\", \"CVE-2009-1891\", \"CVE-2009-1890\", \"CVE-2009-1195\", \"CVE-2009-0023\", \"CVE-2007-6203\", \"CVE-2006-3918\");\n script_name(\"HP-UX Update for Apache-based Web Server HPSBUX02612\");\n\n script_summary(\"Check for the Version of Apache-based Web Server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPCH32.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.APACHE2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.AUTH_LDAP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_JK2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.MOD_PERL2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.PHP2\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE.WEBPROXY\", revision:\"B.2.0.63.01\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:59", "description": "The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:323.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:323 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2008-2939", "CVE-2009-3094", "CVE-2008-1678", "CVE-2009-3555", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066414", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066414", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_323.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:323 (apache)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed with this update, please\nvisit the referenced security advisories.\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:323\nhttp://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2\";\ntag_summary = \"The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:323.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66414\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2008-1678\", \"CVE-2009-1191\", \"CVE-2008-2939\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\", \"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:323 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:57:00", "description": "The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:323.", "cvss3": {}, "published": "2009-12-10T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:323 (apache)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2008-2939", "CVE-2009-3094", "CVE-2008-1678", "CVE-2009-3555", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66414", "href": "http://plugins.openvas.org/nasl.php?oid=66414", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_323.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:323 (apache)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed with this update, please\nvisit the referenced security advisories.\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nThis update provides a solution to these vulnerabilities.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:323\nhttp://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2\";\ntag_summary = \"The remote host is missing an update to apache\nannounced via advisory MDVSA-2009:323.\";\n\n \n\nif(description)\n{\n script_id(66414);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2008-1678\", \"CVE-2009-1191\", \"CVE-2008-2939\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\", \"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:323 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.6~8.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:28:10", "description": "The remote host is missing an update to tiff\nannounced via advisory USN-801-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Ubuntu USN-801-1 (tiff)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2347", "CVE-2008-0196", "CVE-2009-1185", "CVE-2009-0034", "CVE-2009-0858", "CVE-2009-2334", "CVE-2009-1424", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-1422", "CVE-2009-0352", "CVE-2009-0040", "CVE-2009-0652", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-2285", "CVE-2009-2295", "CVE-2009-0771", "CVE-2009-1392", "CVE-2009-0774", "CVE-2008-2327", "CVE-2009-1890", "CVE-2009-0037", "CVE-2009-2335", "CVE-2009-1836", "CVE-2009-2336", "CVE-2009-0353", "CVE-2009-0776", "CVE-2009-1841", "CVE-2009-1423", "CVE-2009-1302", "CVE-2009-1891", "CVE-2009-1307", "CVE-2009-1303", "CVE-2009-1959", "CVE-2009-1425", "CVE-2009-2360"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64442", "href": "http://plugins.openvas.org/nasl.php?oid=64442", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_801_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_801_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-801-1 (tiff)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libtiff4 3.7.4-1ubuntu3.6\n\nUbuntu 8.04 LTS:\n libtiff4 3.8.2-7ubuntu3.4\n\nUbuntu 8.10:\n libtiff4 3.8.2-11ubuntu0.8.10.3\n\nUbuntu 9.04:\n libtiff4 3.8.2-11ubuntu0.9.04.3\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-801-1\";\n\ntag_insight = \"Tielei Wang and Tom Lane discovered that the TIFF library did not correctly\nhandle certain malformed TIFF images. If a user or automated system were\ntricked into processing a malicious image, an attacker could execute\narbitrary code with the privileges of the user invoking the program.\";\ntag_summary = \"The remote host is missing an update to tiff\nannounced via advisory USN-801-1.\";\n\n \n\n\nif(description)\n{\n script_id(64442);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-2347\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2008-2327\", \"CVE-2009-2285\", \"CVE-2009-2295\", \"CVE-2009-0858\", \"CVE-2009-2334\", \"CVE-2009-2335\", \"CVE-2009-2336\", \"CVE-2008-0196\", \"CVE-2009-2360\", \"CVE-2009-0040\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0652\", \"CVE-2009-0771\", \"CVE-2009-0772\", \"CVE-2009-0773\", \"CVE-2009-0774\", \"CVE-2009-0776\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1307\", \"CVE-2009-1832\", \"CVE-2009-1392\", \"CVE-2009-1836\", \"CVE-2009-1838\", \"CVE-2009-1841\", \"CVE-2009-1185\", \"CVE-2009-0034\", \"CVE-2009-0037\", \"CVE-2009-1422\", \"CVE-2009-1423\", \"CVE-2009-1424\", \"CVE-2009-1425\", \"CVE-2009-1959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-801-1 (tiff)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-801-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-doc\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-dev\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnscache-run\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"djbdns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbndns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sork-passwd-h3\", ver:\"3.0-2+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-text\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:53", "description": "The remote host is missing an update to apache2\nannounced via advisory USN-802-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Ubuntu USN-802-1 (apache2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2347", "CVE-2008-0196", "CVE-2009-1185", "CVE-2009-0034", "CVE-2009-0858", "CVE-2009-2334", "CVE-2009-1424", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-1422", "CVE-2009-0352", "CVE-2009-0040", "CVE-2009-0652", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-2285", "CVE-2009-2295", "CVE-2009-0771", "CVE-2009-1392", "CVE-2009-0774", "CVE-2008-2327", "CVE-2009-1890", "CVE-2009-0037", "CVE-2009-2335", "CVE-2009-1836", "CVE-2009-2336", "CVE-2009-0353", "CVE-2009-0776", "CVE-2009-1841", "CVE-2009-1423", "CVE-2009-1302", "CVE-2009-1891", "CVE-2009-1307", "CVE-2009-1303", "CVE-2009-1959", "CVE-2009-1425", "CVE-2009-2360"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64443", "href": "http://plugins.openvas.org/nasl.php?oid=64443", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_802_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_802_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-802-1 (apache2)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.6\n apache2-mpm-perchild 2.0.55-4ubuntu2.6\n apache2-mpm-prefork 2.0.55-4ubuntu2.6\n apache2-mpm-worker 2.0.55-4ubuntu2.6\n libapr0 2.0.55-4ubuntu2.6\n\nUbuntu 8.04 LTS:\n apache2-mpm-event 2.2.8-1ubuntu0.10\n apache2-mpm-perchild 2.2.8-1ubuntu0.10\n apache2-mpm-prefork 2.2.8-1ubuntu0.10\n apache2-mpm-worker 2.2.8-1ubuntu0.10\n apache2.2-common 2.2.8-1ubuntu0.10\n\nUbuntu 8.10:\n apache2-mpm-event 2.2.9-7ubuntu3.2\n apache2-mpm-prefork 2.2.9-7ubuntu3.2\n apache2-mpm-worker 2.2.9-7ubuntu3.2\n apache2.2-common 2.2.9-7ubuntu3.2\n\nUbuntu 9.04:\n apache2-mpm-event 2.2.11-2ubuntu2.2\n apache2-mpm-prefork 2.2.11-2ubuntu2.2\n apache2-mpm-worker 2.2.11-2ubuntu2.2\n apache2.2-common 2.2.11-2ubuntu2.2\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-802-1\";\n\ntag_insight = \"It was discovered that mod_proxy_http did not properly handle a large\namount of streamed data when used as a reverse proxy. A remote attacker\ncould exploit this and cause a denial of service via memory resource\nconsumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.\n(CVE-2009-1890)\n\nIt was discovered that mod_deflate did not abort compressing large files\nwhen the connection was closed. A remote attacker could exploit this and\ncause a denial of service via CPU resource consumption. (CVE-2009-1891)\";\ntag_summary = \"The remote host is missing an update to apache2\nannounced via advisory USN-802-1.\";\n\n \n\n\nif(description)\n{\n script_id(64443);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2008-2327\", \"CVE-2009-2285\", \"CVE-2009-2347\", \"CVE-2009-2295\", \"CVE-2009-0858\", \"CVE-2009-2334\", \"CVE-2009-2335\", \"CVE-2009-2336\", \"CVE-2008-0196\", \"CVE-2009-2360\", \"CVE-2009-0040\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0652\", \"CVE-2009-0771\", \"CVE-2009-0772\", \"CVE-2009-0773\", \"CVE-2009-0774\", \"CVE-2009-0776\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1307\", \"CVE-2009-1832\", \"CVE-2009-1392\", \"CVE-2009-1836\", \"CVE-2009-1838\", \"CVE-2009-1841\", \"CVE-2009-1185\", \"CVE-2009-0034\", \"CVE-2009-0037\", \"CVE-2009-1422\", \"CVE-2009-1423\", \"CVE-2009-1424\", \"CVE-2009-1425\", \"CVE-2009-1959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-802-1 (apache2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-802-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-doc\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-dev\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnscache-run\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"djbdns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbndns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sork-passwd-h3\", ver:\"3.0-2+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-text\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:19", "description": "The remote host is missing an update to dbus\nannounced via advisory USN-799-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Ubuntu USN-799-1 (dbus)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-2347", "CVE-2008-0196", "CVE-2009-1185", "CVE-2009-0034", "CVE-2009-0858", "CVE-2009-2334", "CVE-2009-1424", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-1422", "CVE-2009-0352", "CVE-2009-0040", "CVE-2009-0652", "CVE-2009-1838", "CVE-2009-1832", "CVE-2009-2285", "CVE-2009-2295", "CVE-2009-0771", "CVE-2009-1392", "CVE-2009-0774", "CVE-2008-2327", "CVE-2009-1890", "CVE-2009-0037", "CVE-2009-2335", "CVE-2009-1836", "CVE-2009-2336", "CVE-2009-0353", "CVE-2009-0776", "CVE-2009-1841", "CVE-2009-1423", "CVE-2009-1302", "CVE-2009-1189", "CVE-2009-1891", "CVE-2009-1307", "CVE-2009-1303", "CVE-2009-1959", "CVE-2009-1425", "CVE-2009-2360"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64441", "href": "http://plugins.openvas.org/nasl.php?oid=64441", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_799_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_799_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-799-1 (dbus)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libdbus-1-2 0.60-6ubuntu8.4\n\nUbuntu 8.04 LTS:\n libdbus-1-3 1.1.20-1ubuntu3.3\n\nUbuntu 8.10:\n libdbus-1-3 1.2.4-0ubuntu1.1\n\nUbuntu 9.04:\n libdbus-1-3 1.2.12-0ubuntu2.1\n\nAfter a standard system upgrade you need to reboot your computer to\neffect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-799-1\";\n\ntag_insight = \"It was discovered that the D-Bus library did not correctly validate\nsignatures. If a local user sent a specially crafted D-Bus key, they could\nspoof a valid signature and bypass security policies.\";\ntag_summary = \"The remote host is missing an update to dbus\nannounced via advisory USN-799-1.\";\n\n \n\n\nif(description)\n{\n script_id(64441);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-1189\", \"CVE-2009-2347\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2008-2327\", \"CVE-2009-2285\", \"CVE-2009-2295\", \"CVE-2009-0858\", \"CVE-2009-2334\", \"CVE-2009-2335\", \"CVE-2009-2336\", \"CVE-2008-0196\", \"CVE-2009-2360\", \"CVE-2009-0040\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0652\", \"CVE-2009-0771\", \"CVE-2009-0772\", \"CVE-2009-0773\", \"CVE-2009-0774\", \"CVE-2009-0776\", \"CVE-2009-1302\", \"CVE-2009-1303\", \"CVE-2009-1307\", \"CVE-2009-1832\", \"CVE-2009-1392\", \"CVE-2009-1836\", \"CVE-2009-1838\", \"CVE-2009-1841\", \"CVE-2009-1185\", \"CVE-2009-0034\", \"CVE-2009-0037\", \"CVE-2009-1422\", \"CVE-2009-1423\", \"CVE-2009-1424\", \"CVE-2009-1425\", \"CVE-2009-1959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-799-1 (dbus)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-799-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"dbus-1-doc\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-cil\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"monodoc-dbus-1-manual\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-1-utils\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-2\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-dev\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-glib-1-2\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-glib-1-dev\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-qt-1-1c2\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-qt-1-dev\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dbus\", ver:\"0.60-6ubuntu8.4\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-1-doc\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-x11\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-3\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-dev\", ver:\"1.1.20-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-1-doc\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-x11\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-3\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-dev\", ver:\"1.2.4-0ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-1-doc\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus-x11\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbus\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-3\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbus-1-dev\", ver:\"1.2.12-0ubuntu2.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.7.4-1ubuntu3.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-7ubuntu3.4\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-11ubuntu0.8.10.3\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-doc\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-tools\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4-dev\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff4\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiffxx0c2\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtiff-opengl\", ver:\"3.8.2-11ubuntu0.9.04.3\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.10\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.9-7ubuntu3.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.11-2ubuntu2.2\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-doc\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml-dev\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcamlimages-ocaml\", ver:\"2.2.0-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnscache-run\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"djbdns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dbndns\", ver:\"1.05-4+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sork-passwd-h3\", ver:\"3.0-2+lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dbg\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-gnome-support\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"icedove-dev\", ver:\"2.0.0.22-0lenny1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-text\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.10-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-3ubuntu3.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-4ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi-dev\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"irssi\", ver:\"0.8.12-6ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:08", "description": "The remote host is missing Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006.", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2008-0658", "CVE-2007-5707", "CVE-2009-2414", "CVE-2009-1955", "CVE-2009-2411", "CVE-2009-2203", "CVE-2009-2666", "CVE-2007-6698", "CVE-2009-2834", "CVE-2009-3292", "CVE-2009-2838", "CVE-2009-2416", "CVE-2009-2827", "CVE-2009-2833", "CVE-2009-2409", "CVE-2009-2824", "CVE-2009-2285", "CVE-2009-2408", "CVE-2009-2798", "CVE-2009-1632", "CVE-2009-2202", "CVE-2009-2820", "CVE-2009-3111", "CVE-2009-2832", "CVE-2009-2835", "CVE-2009-2837", "CVE-2009-2826", "CVE-2009-1890", "CVE-2009-2819", "CVE-2009-2829", "CVE-2009-0023", "CVE-2009-2823", "CVE-2009-1574", "CVE-2009-2831", "CVE-2009-3235", "CVE-2009-2412", "CVE-2009-1956", "CVE-2009-2840", "CVE-2009-3291", "CVE-2009-2825", "CVE-2009-3293", "CVE-2009-2839", "CVE-2009-1891", "CVE-2009-2836", "CVE-2009-2828", "CVE-2009-2808", "CVE-2009-2799", "CVE-2009-2818", "CVE-2008-5161", "CVE-2009-1195", "CVE-2009-2810", "CVE-2009-2830"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310102038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102038", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_upd_10_6_2_secupd_2009-006.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006\n#\n# LSS-NVT-2010-027\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102038\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2009-2819\", \"CVE-2009-2818\", \"CVE-2009-0023\", \"CVE-2009-1191\", \"CVE-2009-1195\",\n \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-1955\", \"CVE-2009-1956\", \"CVE-2009-2823\",\n \"CVE-2009-2412\", \"CVE-2009-2824\", \"CVE-2009-2825\", \"CVE-2009-2826\", \"CVE-2009-2202\",\n \"CVE-2009-2799\", \"CVE-2009-2820\", \"CVE-2009-2831\", \"CVE-2009-2828\", \"CVE-2009-2827\",\n \"CVE-2009-3235\", \"CVE-2009-2829\", \"CVE-2009-2666\", \"CVE-2009-2830\", \"CVE-2009-2832\",\n \"CVE-2009-2808\", \"CVE-2009-2285\", \"CVE-2009-2833\", \"CVE-2009-2834\", \"CVE-2009-1574\",\n \"CVE-2009-1632\", \"CVE-2009-2835\", \"CVE-2009-2810\", \"CVE-2009-2409\", \"CVE-2009-2414\",\n \"CVE-2009-2416\", \"CVE-2009-2836\", \"CVE-2009-2408\", \"CVE-2007-5707\", \"CVE-2007-6698\",\n \"CVE-2008-0658\", \"CVE-2008-5161\", \"CVE-2009-3291\", \"CVE-2009-3292\", \"CVE-2009-3293\",\n \"CVE-2009-2837\", \"CVE-2009-2838\", \"CVE-2009-2203\", \"CVE-2009-2798\", \"CVE-2009-3111\",\n \"CVE-2009-2839\", \"CVE-2009-2840\", \"CVE-2009-2411\");\n script_name(\"Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[56]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3937\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n AFP Client\n\n Adaptive Firewall\n\n Apache\n\n Apache Portable Runtime\n\n ATS\n\n Certificate Assistant\n\n CoreGraphics\n\n CoreMedia\n\n CUPS\n\n Dictionary\n\n DirectoryService\n\n Disk Images\n\n Dovecot\n\n Event Monitor\n\n fetchmail\n\n file\n\n FTP Server\n\n Help Viewer\n\n ImageIO\n\n International Components for Unicode\n\n IOKit\n\n IPSec\n\n Kernel\n\n Launch Services\n\n libsecurity\n\n libxml\n\n Login Window\n\n OpenLDAP\n\n OpenSSH\n\n PHP\n\n QuickDraw Manager\n\n QuickLook\n\n QuickTime\n\n FreeRADIUS\n\n Screen Sharing\n\n Spotlight\n\n Subversion\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[56]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\",\"Mac OS X Server 10.6.1\",\"Mac OS X 10.6.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.8\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.006\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.8\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.006\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.6.1\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.2\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.6.1\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.2\")) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:57", "description": "The remote host is missing Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006.\n One or more of the following components are affected:\n\n AFP Client\n Adaptive Firewall\n Apache\n Apache Portable Runtime\n ATS\n Certificate Assistant\n CoreGraphics\n CoreMedia\n CUPS\n Dictionary\n DirectoryService\n Disk Images\n Dovecot\n Event Monitor\n fetchmail\n file\n FTP Server\n Help Viewer\n ImageIO\n International Components for Unicode\n IOKit\n IPSec\n Kernel\n Launch Services\n libsecurity\n libxml\n Login Window\n OpenLDAP\n OpenSSH\n PHP\n QuickDraw Manager\n QuickLook\n QuickTime\n FreeRADIUS\n Screen Sharing\n Spotlight\n Subversion", "cvss3": {}, "published": "2010-05-12T00:00:00", "type": "openvas", "title": "Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2008-0658", "CVE-2007-5707", "CVE-2009-2414", "CVE-2009-1955", "CVE-2009-2411", "CVE-2009-2203", "CVE-2009-2666", "CVE-2007-6698", "CVE-2009-2834", "CVE-2009-3292", "CVE-2009-2838", "CVE-2009-2416", "CVE-2009-2827", "CVE-2009-2833", "CVE-2009-2409", "CVE-2009-2824", "CVE-2009-2285", "CVE-2009-2408", "CVE-2009-2798", "CVE-2009-1632", "CVE-2009-2202", "CVE-2009-2820", "CVE-2009-3111", "CVE-2009-2832", "CVE-2009-2835", "CVE-2009-2837", "CVE-2009-2826", "CVE-2009-1890", "CVE-2009-2819", "CVE-2009-2829", "CVE-2009-0023", "CVE-2009-2823", "CVE-2009-1574", "CVE-2009-2831", "CVE-2009-3235", "CVE-2009-2412", "CVE-2009-1956", "CVE-2009-2840", "CVE-2009-3291", "CVE-2009-2825", "CVE-2009-3293", "CVE-2009-2839", "CVE-2009-1891", "CVE-2009-2836", "CVE-2009-2828", "CVE-2009-2808", "CVE-2009-2799", "CVE-2009-2818", "CVE-2008-5161", "CVE-2009-1195", "CVE-2009-2810", "CVE-2009-2830"], "modified": "2017-02-22T00:00:00", "id": "OPENVAS:102038", "href": "http://plugins.openvas.org/nasl.php?oid=102038", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006\n#\n# LSS-NVT-2010-027\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT3937\";\n\ntag_summary = \"The remote host is missing Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006.\n One or more of the following components are affected:\n\n AFP Client\n Adaptive Firewall\n Apache\n Apache Portable Runtime\n ATS\n Certificate Assistant\n CoreGraphics\n CoreMedia\n CUPS\n Dictionary\n DirectoryService\n Disk Images\n Dovecot\n Event Monitor\n fetchmail\n file\n FTP Server\n Help Viewer\n ImageIO\n International Components for Unicode\n IOKit\n IPSec\n Kernel\n Launch Services\n libsecurity\n libxml\n Login Window\n OpenLDAP\n OpenSSH\n PHP\n QuickDraw Manager\n QuickLook\n QuickTime\n FreeRADIUS\n Screen Sharing\n Spotlight\n Subversion\";\n\n\nif(description)\n{\n script_id(102038);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2009-2819\",\"CVE-2009-2818\",\"CVE-2009-0023\",\"CVE-2009-1191\",\"CVE-2009-1195\",\"CVE-2009-1890\",\"CVE-2009-1891\",\"CVE-2009-1955\",\"CVE-2009-1956\",\"CVE-2009-2823\",\"CVE-2009-2412\",\"CVE-2009-2824\",\"CVE-2009-2825\",\"CVE-2009-2826\",\"CVE-2009-2202\",\"CVE-2009-2799\",\"CVE-2009-2820\",\"CVE-2009-2831\",\"CVE-2009-2828\",\"CVE-2009-2827\",\"CVE-2009-3235\",\"CVE-2009-2829\",\"CVE-2009-2666\",\"CVE-2009-2830\",\"CVE-2009-2832\",\"CVE-2009-2808\",\"CVE-2009-2285\",\"CVE-2009-2833\",\"CVE-2009-2834\",\"CVE-2009-1574\",\"CVE-2009-1632\",\"CVE-2009-2835\",\"CVE-2009-2810\",\"CVE-2009-2409\",\"CVE-2009-2414\",\"CVE-2009-2416\",\"CVE-2009-2836\",\"CVE-2009-2408\",\"CVE-2007-5707\",\"CVE-2007-6698\",\"CVE-2008-0658\",\"CVE-2008-5161\",\"CVE-2009-3291\",\"CVE-2009-3292\",\"CVE-2009-3293\",\"CVE-2009-2837\",\"CVE-2009-2838\",\"CVE-2009-2203\",\"CVE-2009-2798\",\"CVE-2009-3111\",\"CVE-2009-2839\",\"CVE-2009-2840\",\"CVE-2009-2411\");\n script_name(\"Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\",\"Mac OS X Server 10.6.1\",\"Mac OS X 10.6.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.006\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.006\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.6.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.2\")) { security_message(0); exit(0); }\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.6.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:\"10.6.2\")) { security_message(0); exit(0); }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:59:37", "description": "The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module\nin the Apache HTTP Server before 2.3.3, when a reverse proxy is configured,\ndoes not properly handle an amount of streamed data that exceeds the\nContent-Length value, which allows remote attackers to cause a denial of\nservice (CPU consumption) via crafted requests.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1890>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | couldn't reproduce on dapper, code is different\n", "cvss3": {}, "published": "2009-07-05T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1890", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1890"], "modified": "2009-07-05T00:00:00", "id": "UB:CVE-2009-1890", "href": "https://ubuntu.com/security/CVE-2009-1890", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T21:28:01", "description": "The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.", "cvss3": {}, "published": "2009-07-05T16:30:00", "type": "cve", "title": "CVE-2009-1890", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1890"], "modified": "2021-07-14T07:15:00", "cpe": ["cpe:/a:apache:http_server:1.2.6", "cpe:/a:apache:http_server:2.0.41", "cpe:/a:apache:http_server:1.3.31", "cpe:/a:apache:http_server:1.3", "cpe:/a:apache:http_server:2.0.59", "cpe:/a:apache:http_server:1.3.20", "cpe:/a:apache:http_server:2.0.28", "cpe:/a:apache:http_server:1.3.28", "cpe:/a:apache:http_server:1.3.34", "cpe:/a:apache:http_server:2.2.0", "cpe:/a:apache:http_server:1.0.2", "cpe:/a:apache:http_server:2.0.9", "cpe:/a:apache:http_server:2.0.49", "cpe:/a:apache:http_server:2.1.7", "cpe:/a:apache:http_server:2.0.56", "cpe:/a:apache:http_server:1.3.35", "cpe:/a:apache:http_server:1.2.4", "cpe:/a:apache:http_server:1.3.36", "cpe:/a:apache:http_server:2.0.35", "cpe:/a:apache:http_server:1.3.68", "cpe:/a:apache:http_server:2.0.51", "cpe:/a:apache:http_server:2.0.52", "cpe:/a:apache:http_server:2.1.8", "cpe:/a:apache:http_server:2.1.9", "cpe:/a:apache:http_server:2.0.40", "cpe:/a:apache:http_server:2.0.45", "cpe:/a:apache:http_server:2.1.4", "cpe:/a:apache:http_server:2.2.8", "cpe:/a:apache:http_server:1.3.14", "cpe:/a:apache:http_server:1.3.25", "cpe:/a:apache:http_server:2.2.10", "cpe:/a:apache:http_server:2.0.47", "cpe:/a:apache:http_server:2.2.1", "cpe:/a:apache:http_server:2.0.43", "cpe:/a:apache:http_server:1.3.22", "cpe:/a:apache:http_server:2.0.34", "cpe:/a:apache:http_server:2.0", "cpe:/a:apache:http_server:1.1", "cpe:/a:apache:http_server:2.1.1", "cpe:/a:apache:http_server:2.3.2", "cpe:/a:apache:http_server:0.8.14", "cpe:/a:apache:http_server:1.3.29", "cpe:/a:apache:http_server:1.3.33", "cpe:/a:apache:http_server:1.3.12", "cpe:/a:apache:http_server:1.3.65", "cpe:/a:apache:http_server:2.1.3", "cpe:/a:apache:http_server:2.0.53", "cpe:/a:apache:http_server:1.3.18", "cpe:/a:apache:http_server:2.0.50", "cpe:/a:apache:http_server:2.0.32", "cpe:/a:apache:http_server:1.3.26", "cpe:/a:apache:http_server:2.0.37", "cpe:/a:apache:http_server:1.3.9", "cpe:/a:apache:http_server:2.3.0", "cpe:/a:apache:http_server:1.2.5", "cpe:/a:apache:http_server:*", "cpe:/a:apache:http_server:2.0.54", "cpe:/a:apache:http_server:1.3.16", "cpe:/a:apache:http_server:1.3.19", "cpe:/a:apache:http_server:2.2.4", "cpe:/a:apache:http_server:2.2.3", "cpe:/a:apache:http_server:1.3.5", "cpe:/a:apache:http_server:1.3.11", "cpe:/a:apache:http_server:2.2.6", "cpe:/a:apache:http_server:2.2.2", "cpe:/a:apache:http_server:1.3.17", "cpe:/a:apache:http_server:1.3.6", "cpe:/a:apache:http_server:1.3.7", "cpe:/a:apache:http_server:1.3.38", "cpe:/a:apache:http_server:2.0.61", "cpe:/a:apache:http_server:1.3.1.1", "cpe:/a:apache:http_server:2.3.1", "cpe:/a:apache:http_server:2.0.36", "cpe:/a:apache:http_server:2.1.2", "cpe:/a:apache:http_server:2.0.60", "cpe:/a:apache:http_server:1.0.5", "cpe:/a:apache:http_server:1.3.10", "cpe:/a:apache:http_server:1.3.30", "cpe:/a:apache:http_server:1.3.24", "cpe:/a:apache:http_server:1.1.1", "cpe:/a:apache:http_server:1.3.13", "cpe:/a:apache:http_server:1.3.2", "cpe:/a:apache:http_server:2.0.57", "cpe:/a:apache:http_server:2.1.5", "cpe:/a:apache:http_server:1.3.23", "cpe:/a:apache:http_server:1.3.32", "cpe:/a:apache:http_server:2.0.38", "cpe:/a:apache:http_server:1.3.0", "cpe:/a:apache:http_server:1.3.37", "cpe:/a:apache:http_server:1.3.1", "cpe:/a:apache:http_server:1.99", "cpe:/a:apache:http_server:1.0", "cpe:/a:apache:http_server:2.2", "cpe:/a:apache:http_server:0.8.11", "cpe:/a:apache:http_server:1.3.15", "cpe:/a:apache:http_server:1.3.27", "cpe:/a:apache:http_server:1.3.4", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:apache:http_server:2.2.11", "cpe:/a:apache:http_server:2.0.44", "cpe:/a:apache:http_server:1.3.8", "cpe:/a:apache:http_server:-", "cpe:/a:apache:http_server:2.1.6", "cpe:/a:apache:http_server:1.3.3", "cpe:/a:apache:http_server:1.2.9", "cpe:/a:apache:http_server:1.3.39", "cpe:/a:apache:http_server:2.0.46", "cpe:/a:apache:http_server:2.0.55", "cpe:/a:apache:http_server:1.0.3", "cpe:/a:apache:http_server:2.1", "cpe:/a:apache:http_server:2.0.42", "cpe:/a:apache:http_server:1.2", "cpe:/a:apache:http_server:1.4.0", "cpe:/a:apache:http_server:2.0.39", "cpe:/a:apache:http_server:2.2.9", "cpe:/a:apache:http_server:2.2.7", "cpe:/a:apache:http_server:2.0.58"], "id": "CVE-2009-1890", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1890", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.24:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.2:*:windows:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.11:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.14:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.58:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.16:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.3:*:windows:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.26:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.13:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.14:*:mac_os:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.23:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.46:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.22:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.12:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:*:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.15:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.25:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.9:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.20:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.6:*:win32:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-06-11T05:58:10", "description": "The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.", "cvss3": {}, "published": "2009-07-05T16:30:00", "type": "debiancve", "title": "CVE-2009-1890", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1890"], "modified": "2009-07-05T16:30:00", "id": "DEBIANCVE:CVE-2009-1890", "href": "https://security-tracker.debian.org/tracker/CVE-2009-1890", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:44:55", "description": "BUGTRAQ ID: 35565\r\nCVE(CAN) ID: CVE-2009-1890\r\n\r\nApache HTTP Server\u662f\u4e00\u6b3e\u6d41\u884c\u7684Web\u670d\u52a1\u5668\u3002\r\n\r\n\u5982\u679c\u914d\u7f6e\u4e86\u53cd\u5411\u4ee3\u7406\u7684\u8bdd\uff0c\u5728Apache HTTP Server\u7684mod_proxy\u6a21\u5757\u4e2d\uff0cmod_proxy_http.c\u7684stream_reqbody_cl\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406\u6570\u91cf\u8d85\u8fc7\u4e86 Content-Length\u503c\u7684\u6d41\u6570\u636e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u7684\u4ee3\u7406\u8fdb\u7a0b\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5bfc\u81f4\u8017\u5c3d\u5927\u91cf\u7684CPU\u8d44\u6e90\u3002\n\nApache 2.2.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&amp;r2=790586&amp;pathrev=790587", "cvss3": {}, "published": "2009-07-07T00:00:00", "type": "seebug", "title": "Apache mod_proxy\u53cd\u5411\u4ee3\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1890"], "modified": "2009-07-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11762", "id": "SSV:11762", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-08-19T13:07:16", "description": "Multiple vulnerabilities has been found and corrected in apache :\n\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890).\n\nFix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891).\n\nThis update provides fixes for these vulnerabilities.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-10T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : apache (MDVSA-2009:149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-base", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache-htcacheclean", "p-cpe:/a:mandriva:linux:apache-mod_authn_dbd", "p-cpe:/a:mandriva:linux:apache-mod_cache", "p-cpe:/a:mandriva:linux:apache-mod_dav", "p-cpe:/a:mandriva:linux:apache-mod_dbd", "p-cpe:/a:mandriva:linux:apache-mod_deflate", "p-cpe:/a:mandriva:linux:apache-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache-mod_file_cache", "p-cpe:/a:mandriva:linux:apache-mod_ldap", "p-cpe:/a:mandriva:linux:apache-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache-mod_proxy", "p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp", "p-cpe:/a:mandriva:linux:apache-mod_ssl", "p-cpe:/a:mandriva:linux:apache-mod_userdir", "p-cpe:/a:mandriva:linux:apache-modules", "p-cpe:/a:mandriva:linux:apache-mpm-event", "p-cpe:/a:mandriva:linux:apache-mpm-itk", "p-cpe:/a:mandriva:linux:apache-mpm-peruser", "p-cpe:/a:mandriva:linux:apache-mpm-prefork", "p-cpe:/a:mandriva:linux:apache-mpm-worker", "p-cpe:/a:mandriva:linux:apache-source", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2009.1"], "id": "MANDRIVA_MDVSA-2009-149.NASL", "href": "https://www.tenable.com/plugins/nessus/39803", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:149. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39803);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_bugtraq_id(35565);\n script_xref(name:\"MDVSA\", value:\"2009:149\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache (MDVSA-2009:149)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in apache :\n\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\nmodule in the Apache HTTP Server before 2.3.3, when a reverse proxy is\nconfigured, does not properly handle an amount of streamed data that\nexceeds the Content-Length value, which allows remote attackers to\ncause a denial of service (CPU consumption) via crafted requests\n(CVE-2009-1890).\n\nFix a potential Denial-of-Service attack against mod_deflate or other\nmodules, by forcing the server to consume CPU time in compressing a\nlarge file after a client disconnects (CVE-2009-1891).\n\nThis update provides fixes for these vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-base-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-devel-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-htcacheclean-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_authn_dbd-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_cache-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_dav-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_dbd-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_deflate-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_disk_cache-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_file_cache-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_ldap-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_mem_cache-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_proxy-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_proxy_ajp-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_ssl-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mod_userdir-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-modules-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mpm-event-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mpm-itk-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mpm-prefork-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-mpm-worker-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"apache-source-2.2.8-6.5mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-base-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-devel-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-htcacheclean-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_authn_dbd-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_cache-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dav-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dbd-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_deflate-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_disk_cache-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_file_cache-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_ldap-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_mem_cache-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_proxy-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_proxy_ajp-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_ssl-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_userdir-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-modules-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-event-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-itk-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-peruser-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-prefork-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-worker-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-source-2.2.9-12.3mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-base-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-devel-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-htcacheclean-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_authn_dbd-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_cache-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_dav-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_dbd-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_deflate-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_disk_cache-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_file_cache-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_ldap-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_mem_cache-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_proxy-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_proxy_ajp-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_ssl-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_userdir-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-modules-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-event-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-itk-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-peruser-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-prefork-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-worker-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-source-2.2.11-10.4mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:07:04", "description": "USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1890)\n\nIt was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption. (CVE-2009-1891).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-20T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 regression (USN-802-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-doc", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-src", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom", "p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "p-cpe:/a:canonical:ubuntu_linux:apache2.2-common", "p-cpe:/a:canonical:ubuntu_linux:libapr0", "p-cpe:/a:canonical:ubuntu_linux:libapr0-dev", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-802-2.NASL", "href": "https://www.tenable.com/plugins/nessus/40655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-802-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40655);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_xref(name:\"USN\", value:\"802-2\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 regression (USN-802-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-802-1 fixed vulnerabilities in Apache. The upstream fix for\nCVE-2009-1891 introduced a regression that would cause Apache children\nto occasionally segfault when mod_deflate is used. This update fixes\nthe problem.\n\nWe apologize for the inconvenience.\n\nIt was discovered that mod_proxy_http did not properly handle a large\namount of streamed data when used as a reverse proxy. A remote\nattacker could exploit this and cause a denial of service via memory\nresource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and\n9.04. (CVE-2009-1890)\n\nIt was discovered that mod_deflate did not abort compressing\nlarge files when the connection was closed. A remote\nattacker could exploit this and cause a denial of service\nvia CPU resource consumption. (CVE-2009-1891).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/802-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-common\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-doc\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-utils\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapr0\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapr0-dev\", pkgver:\"2.0.55-4ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-doc\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-src\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-utils\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2.2-common\", pkgver:\"2.2.8-1ubuntu0.11\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-doc\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-src\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-suexec\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-suexec-custom\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-utils\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2.2-common\", pkgver:\"2.2.9-7ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-doc\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-src\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-suexec\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-suexec-custom\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-utils\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2.2-common\", pkgver:\"2.2.11-2ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-common / apache2-doc / apache2-mpm-event / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:05:41", "description": "Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time.\n(CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : httpd (CESA-2009:1148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "p-cpe:/a:centos:centos:httpd-manual", "p-cpe:/a:centos:centos:mod_ssl", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1148.NASL", "href": "https://www.tenable.com/plugins/nessus/43768", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1148 and \n# CentOS Errata and Security Advisory 2009:1148 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43768);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_bugtraq_id(35565);\n script_xref(name:\"RHSA\", value:\"2009:1148\");\n\n script_name(english:\"CentOS 5 : httpd (CESA-2009:1148)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time.\n(CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016028.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f19eaf9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016029.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19a1238c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-2.2.3-22.el5.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-devel-2.2.3-22.el5.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-manual-2.2.3-22.el5.centos.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mod_ssl-2.2.3-22.el5.centos.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:05:20", "description": "- CVE-2009-1890 A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 'etch'.\n\n - CVE-2009-1891 A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed.\n\nThe oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch9.", "cvss3": {"score": null, "vector": null}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1834-1 : apache2 - denial of service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:apache2", "cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1834.NASL", "href": "https://www.tenable.com/plugins/nessus/44699", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1834. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44699);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_bugtraq_id(35565, 35623);\n script_xref(name:\"DSA\", value:\"1834\");\n\n script_name(english:\"Debian DSA-1834-1 : apache2 - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"- CVE-2009-1890\n A denial of service flaw was found in the Apache\n mod_proxy module when it was used as a reverse proxy. A\n remote attacker could use this flaw to force a proxy\n process to consume large amounts of CPU time. This issue\n did not affect Debian 4.0 'etch'.\n\n - CVE-2009-1891\n A denial of service flaw was found in the Apache\n mod_deflate module. This module continued to compress\n large files until compression was complete, even if the\n network connection that requested the content was closed\n before compression completed. This would cause\n mod_deflate to consume large amounts of CPU if\n mod_deflate was enabled for a large file. A similar flaw\n related to HEAD requests for compressed content was also\n fixed.\n\nThe oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch9.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1834\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny4.\n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.\n\nUpdated packages for the s390 and mipsel architectures are not\nincluded yet. They will be released as soon as they become available.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"apache2\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-doc\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.3-01-2+etch3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-mpm-perchild\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-src\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2-utils\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"apache2.2-common\", reference:\"2.2.3-4+etch9\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-dbg\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-doc\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-mpm-event\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-mpm-itk\", reference:\"2.2.6-02-1+lenny2\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-mpm-prefork\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-mpm-worker\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-prefork-dev\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-src\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-suexec\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-suexec-custom\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-threaded-dev\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2-utils\", reference:\"2.2.9-10+lenny4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"apache2.2-common\", reference:\"2.2.9-10+lenny4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:07:15", "description": "Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time.\n(CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-10T00:00:00", "type": "nessus", "title": "RHEL 5 : httpd (RHSA-2009:1148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1148.NASL", "href": "https://www.tenable.com/plugins/nessus/39770", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1148. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39770);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_bugtraq_id(35565);\n script_xref(name:\"RHSA\", value:\"2009:1148\");\n\n script_name(english:\"RHEL 5 : httpd (RHSA-2009:1148)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time.\n(CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1148\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1148\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-2.2.3-22.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-2.2.3-22.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-2.2.3-22.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"httpd-devel-2.2.3-22.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-manual-2.2.3-22.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-manual-2.2.3-22.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.3-22.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_ssl-2.2.3-22.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mod_ssl-2.2.3-22.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.3-22.el5_3.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / mod_ssl\");\n }\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:07:17", "description": "It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1890)\n\nIt was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.\n(CVE-2009-1891).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-14T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 vulnerabilities (USN-802-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2", "p-cpe:/a:canonical:ubuntu_linux:apache2-common", "p-cpe:/a:canonical:ubuntu_linux:apache2-doc", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork", "p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker", "p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-src", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec", "p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom", "p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev", "p-cpe:/a:canonical:ubuntu_linux:apache2-utils", "p-cpe:/a:canonical:ubuntu_linux:apache2.2-common", "p-cpe:/a:canonical:ubuntu_linux:libapr0", "p-cpe:/a:canonical:ubuntu_linux:libapr0-dev", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-802-1.NASL", "href": "https://www.tenable.com/plugins/nessus/39789", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-802-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39789);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_bugtraq_id(35565, 35623);\n script_xref(name:\"USN\", value:\"802-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 vulnerabilities (USN-802-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that mod_proxy_http did not properly handle a large\namount of streamed data when used as a reverse proxy. A remote\nattacker could exploit this and cause a denial of service via memory\nresource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and\n9.04. (CVE-2009-1890)\n\nIt was discovered that mod_deflate did not abort compressing large\nfiles when the connection was closed. A remote attacker could exploit\nthis and cause a denial of service via CPU resource consumption.\n(CVE-2009-1891).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/802-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-common\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-doc\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"apache2-utils\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapr0\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libapr0-dev\", pkgver:\"2.0.55-4ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-doc\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-perchild\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-src\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2-utils\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"apache2.2-common\", pkgver:\"2.2.8-1ubuntu0.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-doc\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-src\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-suexec\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-suexec-custom\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2-utils\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"apache2.2-common\", pkgver:\"2.2.9-7ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-doc\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-mpm-event\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-mpm-prefork\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-mpm-worker\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-prefork-dev\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-src\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-suexec\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-suexec-custom\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-threaded-dev\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2-utils\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"apache2.2-common\", pkgver:\"2.2.11-2ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2 / apache2-common / apache2-doc / apache2-mpm-event / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:54:35", "description": "From Red Hat Security Advisory 2009:1148 :\n\nUpdated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time.\n(CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : httpd (ELSA-2009-1148)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd-manual", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-1148.NASL", "href": "https://www.tenable.com/plugins/nessus/67890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1148 and \n# Oracle Linux Security Advisory ELSA-2009-1148 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67890);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n script_bugtraq_id(35565);\n script_xref(name:\"RHSA\", value:\"2009:1148\");\n\n script_name(english:\"Oracle Linux 5 : httpd (ELSA-2009-1148)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1148 :\n\nUpdated httpd packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time.\n(CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-July/001072.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"httpd-2.2.3-22.0.1.el5_3.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-devel-2.2.3-22.0.1.el5_3.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-manual-2.2.3-22.0.1.el5_3.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mod_ssl-2.2.3-22.0.1.el5_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:57:38", "description": "A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time.\n(CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAfter installing the updated packages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : httpd on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090709_HTTPD_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60614);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time.\n(CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. (CVE-2009-1891)\n\nAfter installing the updated packages, the httpd daemon must be\nrestarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=673\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e34e3426\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"httpd-2.2.3-22.sl5.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-devel-2.2.3-22.sl5.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-manual-2.2.3-22.sl5.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mod_ssl-2.2.3-22.sl5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:06:16", "description": "This update of the Apache webserver fixes various security issues :\n\n - mod_proxy could run into an infinite loop when used as reverse proxy. (CVE-2009-1890) \n\n - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU. (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module.\n (CVE-2009-3095)", "cvss3": {"score": null, "vector": null}, "published": "2009-10-26T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Apache 2 (YOU Patch Number 12526)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891", "CVE-2009-3094", "CVE-2009-3095"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12526.NASL", "href": "https://www.tenable.com/plugins/nessus/42243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42243);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n\n script_name(english:\"SuSE9 Security Update : Apache 2 (YOU Patch Number 12526)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the Apache webserver fixes various security issues :\n\n - mod_proxy could run into an infinite loop when used as\n reverse proxy. (CVE-2009-1890) \n\n - mod_deflate continued to compress large files even after\n a network connection was closed, causing mod_deflate to\n consume large amounts of CPU. (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in\n modules/proxy/proxy_ftp.c in the mod_proxy_ftp module\n allows remote FTP servers to cause a denial of service\n (NULL pointer dereference and child process crash) via a\n malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module.\n (CVE-2009-3095)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1890.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1891.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3095.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12526.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-2.0.59-1.14\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-devel-2.0.59-1.14\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-doc-2.0.59-1.14\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-example-pages-2.0.59-1.14\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-prefork-2.0.59-1.14\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"apache2-worker-2.0.59-1.14\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libapr0-2.0.59-1.14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:19", "description": "The remote host is affected by the vulnerability described in GLSA-200907-04 (Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Apache HTTP server:\n Jonathan Peatfield reported that the 'Options=IncludesNoEXEC' argument to the 'AllowOverride' directive is not processed properly (CVE-2009-1195).\n Sander de Boer discovered that the AJP proxy module (mod_proxy_ajp) does not correctly handle POST requests that do not contain a request body (CVE-2009-1191).\n The vendor reported that the HTTP proxy module (mod_proxy_http), when being used as a reverse proxy, does not properly handle requests containing more data as stated in the 'Content-Length' header (CVE-2009-1890).\n Francois Guerraz discovered that mod_deflate does not abort the compression of large files even when the requesting connection is closed prematurely (CVE-2009-1891).\n Impact :\n\n A local attacker could circumvent restrictions put up by the server administrator and execute arbitrary commands with the privileges of the user running the Apache server. A remote attacker could send multiple requests to a server with the AJP proxy module, possibly resulting in the disclosure of a request intended for another client, or cause a Denial of Service by sending specially crafted requests to servers running mod_proxy_http or mod_deflate.\n Workaround :\n\n Remove 'include', 'proxy_ajp', 'proxy_http' and 'deflate' from APACHE2_MODULES in make.conf and rebuild Apache, or disable the aforementioned modules in the Apache configuration.", "cvss3": {"score": null, "vector": null}, "published": "2009-07-13T00:00:00", "type": "nessus", "title": "GLSA-200907-04 : Apache: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:apache", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200907-04.NASL", "href": "https://www.tenable.com/plugins/nessus/39775", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200907-04.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39775);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1191\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\");\n script_bugtraq_id(34663, 35115, 35565, 35623);\n script_xref(name:\"GLSA\", value:\"200907-04\");\n\n script_name(english:\"GLSA-200907-04 : Apache: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200907-04\n(Apache: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the Apache HTTP\n server:\n Jonathan Peatfield reported that the\n 'Options=IncludesNoEXEC' argument to the 'AllowOverride' directive is\n not processed properly (CVE-2009-1195).\n Sander de Boer\n discovered that the AJP proxy module (mod_proxy_ajp) does not correctly\n handle POST requests that do not contain a request body\n (CVE-2009-1191).\n The vendor reported that the HTTP proxy\n module (mod_proxy_http), when being used as a reverse proxy, does not\n properly handle requests containing more data as stated in the\n 'Content-Length' header (CVE-2009-1890).\n Francois Guerraz\n discovered that mod_deflate does not abort the compression of large\n files even when the requesting connection is closed prematurely\n (CVE-2009-1891).\n \nImpact :\n\n A local attacker could circumvent restrictions put up by the server\n administrator and execute arbitrary commands with the privileges of the\n user running the Apache server. A remote attacker could send multiple\n requests to a server with the AJP proxy module, possibly resulting in\n the disclosure of a request intended for another client, or cause a\n Denial of Service by sending specially crafted requests to servers\n running mod_proxy_http or mod_deflate.\n \nWorkaround :\n\n Remove 'include', 'proxy_ajp', 'proxy_http' and 'deflate' from\n APACHE2_MODULES in make.conf and rebuild Apache, or disable the\n aforementioned modules in the Apache configuration.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200907-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.11-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-servers/apache\", unaffected:make_list(\"ge 2.2.11-r2\"), vulnerable:make_list(\"lt 2.2.11-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T14:56:47", "description": "This update includes the latest release of the Apache HTTP Server, version 2.2.13, fixing several security issues: * Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. (CVE-2009-1891) * Prevent the 'Includes' Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. (CVE-2009-1195) * Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration, where a remote attacker can force a proxy process to consume CPU time indefinitely. (CVE-2009-1890) * mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body. (CVE-2009-1191) Many bug fixes are also included; see the upstream changelog for further details:\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.13\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-09-02T00:00:00", "type": "nessus", "title": "Fedora 11 : httpd-2.2.13-1.fc11 (2009-8812)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-8812.NASL", "href": "https://www.tenable.com/plugins/nessus/40833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8812.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40833);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\");\n script_bugtraq_id(34663, 35115, 35565, 35623);\n script_xref(name:\"FEDORA\", value:\"2009-8812\");\n\n script_name(english:\"Fedora 11 : httpd-2.2.13-1.fc11 (2009-8812)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest release of the Apache HTTP Server,\nversion 2.2.13, fixing several security issues: * Fix a potential\nDenial-of-Service attack against mod_deflate or other modules, by\nforcing the server to consume CPU time in compressing a large file\nafter a client disconnects. (CVE-2009-1891) * Prevent the 'Includes'\nOption from being enabled in an .htaccess file if the AllowOverride\nrestrictions do not permit it. (CVE-2009-1195) * Fix a potential\nDenial-of-Service attack against mod_proxy in a reverse proxy\nconfiguration, where a remote attacker can force a proxy process to\nconsume CPU time indefinitely. (CVE-2009-1890) * mod_proxy_ajp: Avoid\ndelivering content from a previous request which failed to send a\nrequest body. (CVE-2009-1191) Many bug fixes are also included; see\nthe upstream changelog for further details:\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.13\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.apache.org/dist/httpd/CHANGES_2.2.13\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=489436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=509125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=509375\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028633.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b05cfadc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"httpd-2.2.13-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:06:21", "description": "This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195) \n\n - mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) \n\n - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)", "cvss3": {"score": null, "vector": null}, "published": "2009-10-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (apache2-1419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-3094", "CVE-2009-3095"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-worker", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_APACHE2-091020.NASL", "href": "https://www.tenable.com/plugins/nessus/42245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-1419.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42245);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n\n script_name(english:\"openSUSE Security Update : apache2 (apache2-1419)\");\n script_summary(english:\"Check for the apache2-1419 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via\n .htaccess (CVE-2009-1195) \n\n - mod_proxy could run into an infinite loop when used as\n reverse proxy (CVE-2009-1890) \n\n - mod_deflate continued to compress large files even after\n a network connection was closed, causing mod_deflate to\n consume large amounts of CPU (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in\n modules/proxy/proxy_ftp.c in the mod_proxy_ftp module\n allows remote FTP servers to cause a denial of service\n (NULL pointer dereference and child process crash) via a\n malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module\n (CVE-2009-3095)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=512583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=513080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=521906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=538322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=539571\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"apache2-2.2.8-28.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"apache2-devel-2.2.8-28.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"apache2-example-pages-2.2.8-28.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"apache2-prefork-2.2.8-28.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"apache2-utils-2.2.8-28.8\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"apache2-worker-2.2.8-28.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:19", "description": "This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195) \n\n - mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) \n\n - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)", "cvss3": {"score": null, "vector": null}, "published": "2009-10-30T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : apache2 (apache2-6576)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-3094", "CVE-2009-3095"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-worker", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_APACHE2-6576.NASL", "href": "https://www.tenable.com/plugins/nessus/42319", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-6576.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42319);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n\n script_name(english:\"openSUSE 10 Security Update : apache2 (apache2-6576)\");\n script_summary(english:\"Check for the apache2-6576 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via\n .htaccess (CVE-2009-1195) \n\n - mod_proxy could run into an infinite loop when used as\n reverse proxy (CVE-2009-1890) \n\n - mod_deflate continued to compress large files even after\n a network connection was closed, causing mod_deflate to\n consume large amounts of CPU (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in\n modules/proxy/proxy_ftp.c in the mod_proxy_ftp module\n allows remote FTP servers to cause a denial of service\n (NULL pointer dereference and child process crash) via a\n malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module\n (CVE-2009-3095)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-2.2.4-70.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-devel-2.2.4-70.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-example-pages-2.2.4-70.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-prefork-2.2.4-70.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-utils-2.2.4-70.11\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"apache2-worker-2.2.4-70.11\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:02:33", "description": "This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via .htaccess. (CVE-2009-1195)\n\n - mod_proxy could run into an infinite loop when used as reverse proxy. (CVE-2009-1890)\n\n - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU. (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module.\n (CVE-2009-3095)\n\nAlso a incompatibility between mod_cache and mod_rewrite was fixed.", "cvss3": {"score": null, "vector": null}, "published": "2010-10-11T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6572)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-3094", "CVE-2009-3095"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-6572.NASL", "href": "https://www.tenable.com/plugins/nessus/49826", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49826);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n\n script_name(english:\"SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6572)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via\n .htaccess. (CVE-2009-1195)\n\n - mod_proxy could run into an infinite loop when used as\n reverse proxy. (CVE-2009-1890)\n\n - mod_deflate continued to compress large files even after\n a network connection was closed, causing mod_deflate to\n consume large amounts of CPU. (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in\n modules/proxy/proxy_ftp.c in the mod_proxy_ftp module\n allows remote FTP servers to cause a denial of service\n (NULL pointer dereference and child process crash) via a\n malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module.\n (CVE-2009-3095)\n\nAlso a incompatibility between mod_cache and mod_rewrite was fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1195.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1890.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1891.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3095.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6572.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"apache2-2.2.3-16.28.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"apache2-devel-2.2.3-16.28.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"apache2-doc-2.2.3-16.28.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"apache2-example-pages-2.2.3-16.28.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"apache2-prefork-2.2.3-16.28.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"apache2-worker-2.2.3-16.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:19", "description": "This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via .htaccess. (CVE-2009-1195)\n\n - mod_proxy could run into an infinite loop when used as reverse proxy. (CVE-2009-1890)\n\n - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU. (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)", "cvss3": {"score": null, "vector": null}, "published": "2009-10-26T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : Apache 2 (SAT Patch Number 1417)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-3094", "CVE-2009-3095"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:apache2", "p-cpe:/a:novell:suse_linux:11:apache2-doc", "p-cpe:/a:novell:suse_linux:11:apache2-example-pages", "p-cpe:/a:novell:suse_linux:11:apache2-prefork", "p-cpe:/a:novell:suse_linux:11:apache2-utils", "p-cpe:/a:novell:suse_linux:11:apache2-worker", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_APACHE2-091020.NASL", "href": "https://www.tenable.com/plugins/nessus/42252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42252);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n\n script_name(english:\"SuSE 11 Security Update : Apache 2 (SAT Patch Number 1417)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via\n .htaccess. (CVE-2009-1195)\n\n - mod_proxy could run into an infinite loop when used as\n reverse proxy. (CVE-2009-1890)\n\n - mod_deflate continued to compress large files even after\n a network connection was closed, causing mod_deflate to\n consume large amounts of CPU. (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in\n modules/proxy/proxy_ftp.c in the mod_proxy_ftp module\n allows remote FTP servers to cause a denial of service\n (NULL pointer dereference and child process crash) via a\n malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module\n (CVE-2009-3095)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=512583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=513080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=521906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=538322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=539571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1195.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1890.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1891.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3095.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1417.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"apache2-2.2.10-2.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"apache2-doc-2.2.10-2.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"apache2-example-pages-2.2.10-2.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"apache2-prefork-2.2.10-2.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"apache2-utils-2.2.10-2.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"apache2-worker-2.2.10-2.21.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:21", "description": "This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via .htaccess. (CVE-2009-1195)\n\n - mod_proxy could run into an infinite loop when used as reverse proxy. (CVE-2009-1890)\n\n - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU. (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module.\n (CVE-2009-3095)\n\nAlso a incompatibility between mod_cache and mod_rewrite was fixed.", "cvss3": {"score": null, "vector": null}, "published": "2009-10-26T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6571)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-3094", "CVE-2009-3095"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_APACHE2-6571.NASL", "href": "https://www.tenable.com/plugins/nessus/42253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42253);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n\n script_name(english:\"SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6571)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via\n .htaccess. (CVE-2009-1195)\n\n - mod_proxy could run into an infinite loop when used as\n reverse proxy. (CVE-2009-1890)\n\n - mod_deflate continued to compress large files even after\n a network connection was closed, causing mod_deflate to\n consume large amounts of CPU. (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in\n modules/proxy/proxy_ftp.c in the mod_proxy_ftp module\n allows remote FTP servers to cause a denial of service\n (NULL pointer dereference and child process crash) via a\n malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module.\n (CVE-2009-3095)\n\nAlso a incompatibility between mod_cache and mod_rewrite was fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1195.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1890.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1891.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3094.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3095.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6571.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"apache2-2.2.3-16.25.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"apache2-devel-2.2.3-16.25.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"apache2-doc-2.2.3-16.25.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"apache2-example-pages-2.2.3-16.25.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"apache2-prefork-2.2.3-16.25.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"apache2-worker-2.2.3-16.25.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:06:16", "description": "This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195) \n\n - mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) \n\n - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)", "cvss3": {"score": null, "vector": null}, "published": "2009-10-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : apache2 (apache2-1419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-3094", "CVE-2009-3095"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:apache2", "p-cpe:/a:novell:opensuse:apache2-devel", "p-cpe:/a:novell:opensuse:apache2-example-pages", "p-cpe:/a:novell:opensuse:apache2-prefork", "p-cpe:/a:novell:opensuse:apache2-utils", "p-cpe:/a:novell:opensuse:apache2-worker", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_APACHE2-091020.NASL", "href": "https://www.tenable.com/plugins/nessus/42248", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update apache2-1419.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42248);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\");\n\n script_name(english:\"openSUSE Security Update : apache2 (apache2-1419)\");\n script_summary(english:\"Check for the apache2-1419 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of the Apache webserver fixes various security issues :\n\n - the option IncludesNOEXEC could be bypassed via\n .htaccess (CVE-2009-1195) \n\n - mod_proxy could run into an infinite loop when used as\n reverse proxy (CVE-2009-1890) \n\n - mod_deflate continued to compress large files even after\n a network connection was closed, causing mod_deflate to\n consume large amounts of CPU (CVE-2009-1891)\n\n - The ap_proxy_ftp_handler function in\n modules/proxy/proxy_ftp.c in the mod_proxy_ftp module\n allows remote FTP servers to cause a denial of service\n (NULL pointer dereference and child process crash) via a\n malformed reply to an EPSV command. (CVE-2009-3094)\n\n - access restriction bypass in mod_proxy_ftp module\n (CVE-2009-3095)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=512583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=513080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=519194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=521906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=538322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=539571\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-example-pages\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"apache2-2.2.10-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"apache2-devel-2.2.10-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"apache2-example-pages-2.2.10-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"apache2-prefork-2.2.10-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"apache2-utils-2.2.10-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"apache2-worker-2.2.10-2.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:07:00", "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-03T00:00:00", "type": "nessus", "title": "Slackware 12.0 / 12.1 / 12.2 / current : httpd (SSA:2009-214-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:httpd", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2"], "id": "SLACKWARE_SSA_2009-214-01.NASL", "href": "https://www.tenable.com/plugins/nessus/40459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-214-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40459);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1191\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n script_bugtraq_id(34663, 35115, 35221, 35251, 35253, 35565, 35623);\n script_xref(name:\"SSA\", value:\"2009-214-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / current : httpd (SSA:2009-214-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New httpd packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566124\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75f95a82\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected httpd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"httpd\", pkgver:\"2.2.12\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:06:53", "description": "According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.12. Such versions may be affected by several issues : \n\n - A denial-of-service vulnerability in the 'mod_proxy' module could be exploited to cause the process to consume large amounts of CPU resources. (CVE-2009-1890)\n\n - The 'mod_deflate' module is prone to a remote denial-of-service vulnerability when large file downloads are terminated before completing. (CVE-2009-1891)\n\nNNM cannot determine whether the affected modules are in use.", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2009-08-03T00:00:00", "type": "nessus", "title": "Apache < 2.2.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1195", "CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1191"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*"], "id": "5111.PRM", "href": "https://www.tenable.com/plugins/nnm/5111", "sourceData": "Binary data 5111.prm", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T13:07:00", "description": "Apache ChangeLog reports :\n\nCVE-2009-1891: Fix a potential Denial-of-Service attack against mod_deflate or other modules.\n\nCVE-2009-1195: Prevent the 'Includes' Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it.\n\nCVE-2009-1890: Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration.\n\nCVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body.\n\nCVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules (was already fixed in 2.2.11_5).", "cvss3": {"score": null, "vector": null}, "published": "2009-08-25T00:00:00", "type": "nessus", "title": "FreeBSD : apache22 -- several vulnerabilities (e15f2356-9139-11de-8f42-001aa0166822)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E15F2356913911DE8F42001AA0166822.NASL", "href": "https://www.tenable.com/plugins/nessus/40760", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40760);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0023\", \"CVE-2009-1191\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-1955\", \"CVE-2009-1956\");\n\n script_name(english:\"FreeBSD : apache22 -- several vulnerabilities (e15f2356-9139-11de-8f42-001aa0166822)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache ChangeLog reports :\n\nCVE-2009-1891: Fix a potential Denial-of-Service attack against\nmod_deflate or other modules.\n\nCVE-2009-1195: Prevent the 'Includes' Option from being enabled in an\n.htaccess file if the AllowOverride restrictions do not permit it.\n\nCVE-2009-1890: Fix a potential Denial-of-Service attack against\nmod_proxy in a reverse proxy configuration.\n\nCVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous\nrequest which failed to send a request body.\n\nCVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the\nAPR-util library has been updated, fixing three different security\nissues which may affect particular configurations and third-party\nmodules (was already fixed in 2.2.11_5).\"\n );\n # https://vuxml.freebsd.org/freebsd/e15f2356-9139-11de-8f42-001aa0166822.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae6079a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache>2.2.0<2.2.12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:06:54", "description": "According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.12. Such versions may be affected by several issues : \n\n - A denial-of-service vulnerability in the 'mod_proxy' module could be exploited to cause the process to consume large amounts of CPU resources. (CVE-2009-1890)\n\n - The 'mod_deflate' module is prone to a remote denial-of-service vulnerability when large file downloads are terminated before completing. (CVE-2009-1891)\n", "cvss3": {"score": null, "vector": null}, "published": "2009-08-03T00:00:00", "type": "nessus", "title": "Apache < 2.2.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1195", "CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1191"], "modified": "2009-08-03T00:00:00", "cpe": [], "id": "800567.PRM", "href": "https://www.tenable.com/plugins/lce/800567", "sourceData": "Binary data 800567.prm", "cvss": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T02:45:21", "description": "According to its banner, the version of Apache 2.2.x. running on the remote host is prior to 2.2.12. It is, therefore, affected by the following vulnerabilities :\n\n - A heap-based buffer underwrite flaw exists in the function 'apr_strmatch_precompile()' in the bundled copy of the APR-util library, which could be triggered when parsing configuration data to crash the daemon.\n (CVE-2009-0023)\n\n - A flaw in the mod_proxy_ajp module in version 2.2.11 only may allow a remote attacker to obtain sensitive response data intended for a client that sent an earlier POST request with no request body.\n (CVE-2009-1191)\n\n - The server does not limit the use of directives in a .htaccess file as expected based on directives such as 'AllowOverride' and 'Options' in the configuration file, which could enable a local user to bypass security restrictions. (CVE-2009-1195)\n\n - Failure to properly handle an amount of streamed data that exceeds the Content-Length value allows a remote attacker to force a proxy process to consume CPU time indefinitely when mod_proxy is used in a reverse proxy configuration. (CVE-2009-1890)\n\n - Failure of mod_deflate to stop compressing a file when the associated network connection is closed may allow a remote attacker to consume large amounts of CPU if there is a large (>10 MB) file available that has mod_deflate enabled. (CVE-2009-1891)\n\n - Using a specially crafted XML document with a large number of nested entities, a remote attacker may be able to consume an excessive amount of memory due to a flaw in the bundled expat XML parser used by the mod_dav and mod_dav_svn modules. (CVE-2009-1955)\n\n - There is an off-by-one overflow in the function 'apr_brigade_vprintf()' in the bundled copy of the APR-util library in the way it handles a variable list of arguments, which could be leveraged on big-endian platforms to perform information disclosure or denial of service attacks. (CVE-2009-1956)\n\nNote that Nessus has relied solely on the version in the Server response header and did not try to check for the issues themselves or even whether the affected modules are in use.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2009-08-02T00:00:00", "type": "nessus", "title": "Apache 2.2.x < 2.2.12 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956"], "modified": "2020-04-27T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_2_2_12.NASL", "href": "https://www.tenable.com/plugins/nessus/40467", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(40467);\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_version(\"1.28\");\n\n script_cve_id(\n \"CVE-2009-0023\",\n \"CVE-2009-1191\",\n \"CVE-2009-1195\",\n \"CVE-2009-1890\",\n \"CVE-2009-1891\",\n \"CVE-2009-1955\",\n \"CVE-2009-1956\"\n );\n script_bugtraq_id(34663, 35115, 35221, 35251, 35253, 35565, 35623);\n\n script_name(english:\"Apache 2.2.x < 2.2.12 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server may be affected by several issues.\"\n );\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache 2.2.x. running on the\nremote host is prior to 2.2.12. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A heap-based buffer underwrite flaw exists in the\n function 'apr_strmatch_precompile()' in the bundled copy\n of the APR-util library, which could be triggered when\n parsing configuration data to crash the daemon.\n (CVE-2009-0023)\n\n - A flaw in the mod_proxy_ajp module in version 2.2.11\n only may allow a remote attacker to obtain sensitive\n response data intended for a client that sent an\n earlier POST request with no request body.\n (CVE-2009-1191)\n\n - The server does not limit the use of directives in a\n .htaccess file as expected based on directives such\n as 'AllowOverride' and 'Options' in the configuration\n file, which could enable a local user to bypass\n security restrictions. (CVE-2009-1195)\n\n - Failure to properly handle an amount of streamed data\n that exceeds the Content-Length value allows a remote\n attacker to force a proxy process to consume CPU time\n indefinitely when mod_proxy is used in a reverse proxy\n configuration. (CVE-2009-1890)\n\n - Failure of mod_deflate to stop compressing a file when\n the associated network connection is closed may allow a\n remote attacker to consume large amounts of CPU if\n there is a large (>10 MB) file available that has\n mod_deflate enabled. (CVE-2009-1891)\n\n - Using a specially crafted XML document with a large\n number of nested entities, a remote attacker may be\n able to consume an excessive amount of memory due to\n a flaw in the bundled expat XML parser used by the\n mod_dav and mod_dav_svn modules. (CVE-2009-1955)\n\n - There is an off-by-one overflow in the function\n 'apr_brigade_vprintf()' in the bundled copy of the\n APR-util library in the way it handles a variable list\n of arguments, which could be leveraged on big-endian\n platforms to perform information disclosure or denial\n of service attacks. (CVE-2009-1956)\n\nNote that Nessus has relied solely on the version in the Server\nresponse header and did not try to check for the issues themselves or\neven whether the affected modules are in use.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://httpd.apache.org/security/vulnerabilities_22.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.2.12 or later. Alternatively, ensure that\nthe affected modules / directives are not in use.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-1955\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 119, 189, 399);\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/02\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2020 Tenable Network Security, Inc.\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was \n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\n# Check if the version looks like either ServerTokens Major/Minor\n# was used\nif (version =~ '^2(\\\\.2)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^2\\\\.2' && ver_compare(ver:version, fix:'2.2.12') == -1)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version + \n '\\n Fixed version : 2.2.12\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T13:05:54", "description": "Multiple vulnerabilities has been found and corrected in apache :\n\nMemory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678).\nNote that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).\n\nmod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request (CVE-2009-1191).\n\nCross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.\n\nThe Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).\n\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890).\n\nFix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891).\n\nThe ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094).\n\nThe mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).\n\nApache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers\n\nThis update provides a solution to these vulnerabilities.", "cvss3": {"score": null, "vector": null}, "published": "2009-12-08T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : apache (MDVSA-2009:323)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1678", "CVE-2008-2939", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-3094", "CVE-2009-3095", "CVE-2009-3555"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-base", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache-htcacheclean", "p-cpe:/a:mandriva:linux:apache-mod_authn_dbd", "p-cpe:/a:mandriva:linux:apache-mod_cache", "p-cpe:/a:mandriva:linux:apache-mod_dav", "p-cpe:/a:mandriva:linux:apache-mod_dbd", "p-cpe:/a:mandriva:linux:apache-mod_deflate", "p-cpe:/a:mandriva:linux:apache-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache-mod_file_cache", "p-cpe:/a:mandriva:linux:apache-mod_ldap", "p-cpe:/a:mandriva:linux:apache-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache-mod_proxy", "p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp", "p-cpe:/a:mandriva:linux:apache-mod_ssl", "p-cpe:/a:mandriva:linux:apache-mod_userdir", "p-cpe:/a:mandriva:linux:apache-modules", "p-cpe:/a:mandriva:linux:apache-mpm-event", "p-cpe:/a:mandriva:linux:apache-mpm-itk", "p-cpe:/a:mandriva:linux:apache-mpm-prefork", "p-cpe:/a:mandriva:linux:apache-mpm-worker", "p-cpe:/a:mandriva:linux:apache-source", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2009-323.NASL", "href": "https://www.tenable.com/plugins/nessus/43042", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:323. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43042);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1678\", \"CVE-2008-2939\", \"CVE-2009-1191\", \"CVE-2009-1195\", \"CVE-2009-1890\", \"CVE-2009-1891\", \"CVE-2009-3094\", \"CVE-2009-3095\", \"CVE-2009-3555\");\n script_bugtraq_id(30560, 31692, 34663, 35115, 35565, 35623, 36254, 36260, 36935);\n script_xref(name:\"MDVSA\", value:\"2009:323\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache (MDVSA-2009:323)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in apache :\n\nMemory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c\nin libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to\ncause a denial of service (memory consumption) via multiple calls, as\ndemonstrated by initial SSL client handshakes to the Apache HTTP\nServer mod_ssl that specify a compression algorithm (CVE-2008-1678).\nNote that this security issue does not really apply as zlib\ncompression is not enabled in the openssl build provided by Mandriva,\nbut apache is patched to address this issue anyway (conserns 2008.1\nonly).\n\nmod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server\n2.2.11 allows remote attackers to obtain sensitive response data,\nintended for a client that sent an earlier POST request with no\nrequest body, via an HTTP request (CVE-2009-1191).\n\nCross-site scripting (XSS) vulnerability in proxy_ftp.c in the\nmod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c\nin the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,\nallows remote attackers to inject arbitrary web script or HTML via\nwildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this\nsecurity issue was initially addressed with MDVSA-2008:195 but the\npatch fixing the issue was added but not applied in 2009.0.\n\nThe Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\nproperly handle Options=IncludesNOEXEC in the AllowOverride directive,\nwhich allows local users to gain privileges by configuring (1) Options\nIncludes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n.htaccess file, and then inserting an exec element in a .shtml file\n(CVE-2009-1195).\n\nThe stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\nmodule in the Apache HTTP Server before 2.3.3, when a reverse proxy is\nconfigured, does not properly handle an amount of streamed data that\nexceeds the Content-Length value, which allows remote attackers to\ncause a denial of service (CPU consumption) via crafted requests\n(CVE-2009-1890).\n\nFix a potential Denial-of-Service attack against mod_deflate or other\nmodules, by forcing the server to consume CPU time in compressing a\nlarge file after a client disconnects (CVE-2009-1891).\n\nThe ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the\nmod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13\nallows remote FTP servers to cause a denial of service (NULL pointer\ndereference and child process crash) via a malformed reply to an EPSV\ncommand (CVE-2009-3094).\n\nThe mod_proxy_ftp module in the Apache HTTP Server allows remote\nattackers to bypass intended access restrictions and send arbitrary\ncommands to an FTP server via vectors related to the embedding of\nthese commands in the Authorization HTTP header, as demonstrated by a\ncertain module in VulnDisco Pack Professional 8.11. NOTE: as of\n20090903, this disclosure has no actionable information. However,\nbecause the VulnDisco Pack author is a reliable researcher, the issue\nis being assigned a CVE identifier for tracking purposes\n(CVE-2009-3095).\n\nApache is affected by SSL injection or man-in-the-middle attacks due\nto a design flaw in the SSL and/or TLS protocols. A short term\nsolution was released Sat Nov 07 2009 by the ASF team to mitigate\nthese problems. Apache will now reject in-session renegotiation\n(CVE-2009-3555).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\n\nThis update provides a solution to these vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-base-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-devel-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-htcacheclean-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_authn_dbd-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_cache-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_dav-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_dbd-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_deflate-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_disk_cache-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_file_cache-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_ldap-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_mem_cache-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_proxy-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_ssl-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mod_userdir-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-modules-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mpm-event-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mpm-itk-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mpm-prefork-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-mpm-worker-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"apache-source-2.2.6-8.3mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:39:51", "description": "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2.\n\nMac OS X 10.6.2 contains security fixes for the following products :\n\n - Adaptive Firewall\n - Apache\n - Apache Portable Runtime\n - Certificate Assistant\n - CoreMedia\n - CUPS\n - Dovecot\n - fetchmail\n - file\n - FTP Server\n - Help Viewer\n - ImageIO\n - IOKit\n - IPSec\n - Kernel\n - Launch Services\n - libsecurity\n - libxml\n - Login Window\n - OpenLDAP\n - QuickDraw Manager\n - QuickTime\n - Screen Sharing\n - Subversion", "cvss3": {"score": null, "vector": null}, "published": "2009-11-09T00:00:00", "type": "nessus", "title": "Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2202", "CVE-2009-2203", "CVE-2009-2285", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2798", "CVE-2009-2799", "CVE-2009-2808", "CVE-2009-2810", "CVE-2009-2818", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2825", "CVE-2009-2830", "CVE-2009-2832", "CVE-2009-2834", "CVE-2009-2835", "CVE-2009-2836", "CVE-2009-2837", "CVE-2009-2839", "CVE-2009-3235"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_6_2.NASL", "href": "https://www.tenable.com/plugins/nessus/42434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(42434);\n script_version(\"1.33\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2009-0023\",\n \"CVE-2009-1191\",\n \"CVE-2009-1195\",\n \"CVE-2009-1574\",\n \"CVE-2009-1632\",\n \"CVE-2009-1890\",\n \"CVE-2009-1891\",\n \"CVE-2009-1955\",\n \"CVE-2009-1956\",\n \"CVE-2009-2202\",\n \"CVE-2009-2203\",\n \"CVE-2009-2285\",\n \"CVE-2009-2408\",\n \"CVE-2009-2409\",\n \"CVE-2009-2411\",\n \"CVE-2009-2412\",\n \"CVE-2009-2414\",\n \"CVE-2009-2416\",\n \"CVE-2009-2666\",\n \"CVE-2009-2798\",\n \"CVE-2009-2799\",\n \"CVE-2009-2808\",\n \"CVE-2009-2810\",\n \"CVE-2009-2818\",\n \"CVE-2009-2820\",\n \"CVE-2009-2823\",\n \"CVE-2009-2825\",\n \"CVE-2009-2830\",\n \"CVE-2009-2832\",\n \"CVE-2009-2834\",\n \"CVE-2009-2835\",\n \"CVE-2009-2836\",\n \"CVE-2009-2837\",\n \"CVE-2009-2839\",\n \"CVE-2009-3235\"\n );\n script_bugtraq_id(\n 34663,\n 35115,\n 35221,\n 35251,\n 35451,\n 35565,\n 35623,\n 35888,\n 35983,\n 36328,\n 36377,\n 36963,\n 36964,\n 36974,\n 36975,\n 36977,\n 36979,\n 36983,\n 36984,\n 36985,\n 36987,\n 36990\n );\n\n script_name(english:\"Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.2.\n\nMac OS X 10.6.2 contains security fixes for the following products :\n\n - Adaptive Firewall\n - Apache\n - Apache Portable Runtime\n - Certificate Assistant\n - CoreMedia\n - CUPS\n - Dovecot\n - fetchmail\n - file\n - FTP Server\n - Help Viewer\n - ImageIO\n - IOKit\n - IPSec\n - Kernel\n - Launch Services\n - libsecurity\n - libxml\n - Login Window\n - OpenLDAP\n - QuickDraw Manager\n - QuickTime\n - Screen Sharing\n - Subversion\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT3937\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/18255\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.6.2 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 119, 189, 264, 310, 362, 399);\n script_set_attribute(\n attribute:\"vuln_publication_date\", \n value:\"2009/11/09\"\n );\n script_set_attribute(\n attribute:\"patch_publication_date\", \n value:\"2009/11/09\"\n );\n script_set_attribute(\n attribute:\"plugin_publication_date\", \n value:\"2009/11/09\"\n );\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n c = get_kb_item(\"Host/OS/Confidence\");\n if ( isnull(os) || c <= 70 ) exit(0);\n}\nif (!os) exit(1, \"The 'Host/OS' KB item is missing.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6($|\\.[01]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:58", "description": "The remote host is running a version of Mac OS X 10.6 that is older than version 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : \n\n - Adaptive Firewall\n\n - Apache\n\n - Apache Protable Runtime\n\n - Certificate Assistant\n\n - CoreMedia\n\n - CUPS\n\n - DoveCot\n\n - fetchmail\n\n - file\n\n - FTP Server\n\n - Help Viewer\n\n - ImageIO\n\n - IOKit\n\n - IPSec\n\n - Kernel\n\n - Launch Services\n\n - libsecurity\n\n - libxml\n\n Login Window\n\n - OpenLDAP\n\n - QuickDraw Manager\n\nQuickTime\n\n - Screen Sharing\n\n - Subversion", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2009-11-10T00:00:00", "type": "nessus", "title": "Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1195", "CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-2285", "CVE-2009-2408", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2411", "CVE-2009-2666", "CVE-2009-2820", "CVE-2009-2833", "CVE-2009-2832", "CVE-2009-2836", "CVE-2009-2819", "CVE-2009-2818", "CVE-2009-1191", "CVE-2009-2809", "CVE-2009-2840", "CVE-2009-2835", "CVE-2009-2839", "CVE-2009-2202", "CVE-2009-2203", "CVE-2009-2798", "CVE-2009-2799", "CVE-2009-2831", "CVE-2009-2824", "CVE-2009-2830", "CVE-2009-2823", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2829", "CVE-2009-2808", "CVE-2009-2837", "CVE-2009-2810", "CVE-2009-2825", "CVE-2009-2828", "CVE-2009-2834", "CVE-2009-2838", "CVE-2009-3225"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "5227.PRM", "href": "https://www.tenable.com/plugins/nnm/5227", "sourceData": "Binary data 5227.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:39:33", "description": "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied.\n\nThis security update contains fixes for the following products :\n\n - AFP Client\n - Adaptive Firewall\n - Apache\n - Apache Portable Runtime\n - ATS\n - Certificate Assistant\n - CoreGraphics\n - CUPS\n - Dictionary\n - DirectoryService\n - Disk Images\n - Event Monitor\n - fetchmail\n - FTP Server\n - Help Viewer\n - International Components for Unicode\n - IOKit\n - IPSec\n - libsecurity\n - libxml\n - OpenLDAP\n - OpenSSH\n - PHP\n - QuickDraw Manager\n - QuickLook\n - FreeRADIUS\n - Screen Sharing\n - Spotlight\n - Subversion", "cvss3": {"score": null, "vector": null}, "published": "2009-11-09T00:00:00", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2009-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2009-006.NASL", "href": "https://www.tenable.com/plugins/nessus/42433", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(42433);\n script_version(\"1.27\");\n\n script_cve_id(\n \"CVE-2007-5707\",\n \"CVE-2007-6698\",\n \"CVE-2008-0658\",\n \"CVE-2008-5161\",\n \"CVE-2009-0023\",\n \"CVE-2009-1191\",\n \"CVE-2009-1195\",\n \"CVE-2009-1574\",\n \"CVE-2009-1632\",\n \"CVE-2009-1890\",\n \"CVE-2009-1891\",\n \"CVE-2009-1955\",\n \"CVE-2009-1956\",\n \"CVE-2009-2408\",\n \"CVE-2009-2409\",\n \"CVE-2009-2411\",\n \"CVE-2009-2412\",\n \"CVE-2009-2414\",\n \"CVE-2009-2416\",\n \"CVE-2009-2666\",\n \"CVE-2009-2808\",\n \"CVE-2009-2818\",\n \"CVE-2009-2819\",\n \"CVE-2009-2820\",\n \"CVE-2009-2823\",\n \"CVE-2009-2824\",\n \"CVE-2009-2825\",\n \"CVE-2009-2826\",\n \"CVE-2009-2827\",\n \"CVE-2009-2828\",\n \"CVE-2009-2829\",\n \"CVE-2009-2831\",\n \"CVE-2009-2832\",\n \"CVE-2009-2833\",\n \"CVE-2009-2834\",\n \"CVE-2009-2837\",\n \"CVE-2009-2838\",\n \"CVE-2009-2839\",\n \"CVE-2009-2840\",\n \"CVE-2009-3111\",\n \"CVE-2009-3291\",\n \"CVE-2009-3292\",\n \"CVE-2009-3293\"\n );\n script_bugtraq_id(\n 26245,\n 27778,\n 34663,\n 35115,\n 35221,\n 35251,\n 35565,\n 35623,\n 35888,\n 35983,\n 36263,\n 36449,\n 36959,\n 36961,\n 36962,\n 36963,\n 36964,\n 36966,\n 36967,\n 36972,\n 36973,\n 36975,\n 36977,\n 36978,\n 36979,\n 36982,\n 36985,\n 36988,\n 36990\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)\");\n script_summary(english:\"Check for the presence of Security Update 2009-006\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2009-006 applied.\n\nThis security update contains fixes for the following products :\n\n - AFP Client\n - Adaptive Firewall\n - Apache\n - Apache Portable Runtime\n - ATS\n - Certificate Assistant\n - CoreGraphics\n - CUPS\n - Dictionary\n - DirectoryService\n - Disk Images\n - Event Monitor\n - fetchmail\n - FTP Server\n - Help Viewer\n - International Components for Unicode\n - IOKit\n - IPSec\n - libsecurity\n - libxml\n - OpenLDAP\n - OpenSSH\n - PHP\n - QuickDraw Manager\n - QuickLook\n - FreeRADIUS\n - Screen Sharing\n - Spotlight\n - Subversion\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT3937\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/18255\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2009-006 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399);\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/09\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\npat = \"^.+Darwin.* ([0-9]+\\.[0-9.]+).*$\";\nif (!ereg(pattern:pat, string:uname)) exit(1, \"Can't identify the Darwin kernel version from the uname output (\"+uname+\").\");\n\ndarwin = ereg_replace(pattern:pat, replace:\"\\1\", string:uname);\nif (ereg(pattern:\"^(9\\.[0-8]\\.)\", string:darwin))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2009\\.00[6-9]|20[1-9][0-9]\\.[0-9]+)\\.bom\", string:packages))\n exit(0, \"The host has Security Update 2009-006 or later installed and therefore is not affected.\");\n else\n security_hole(0);\n}\nelse exit(0, \"The host is running Darwin kernel version \"+darwin+\" and therefore is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:58", "description": "The remote host is running a version of Mac OS X 10.6 that is older than version 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : \n\n - Adaptive Firewall\n\n - Apache\n\n - Apache Protable Runtime\n\n - Certificate Assistant\n\n - CoreMedia\n\n - CUPS\n\n - DoveCot\n\n - fetchmail\n\n - file\n\n - FTP Server\n\n - Help Viewer\n\n - ImageIO\n\n - IOKit\n\n - IPSec\n\n - Kernel\n\n - Launch Services\n\n - libsecurity\n\n - libxml\n\n Login Window\n\n - OpenLDAP\n\n - QuickDraw Manager\n\nQuickTime\n\n - Screen Sharing\n\n - Subversion\n\n", "cvss3": {"score": null, "vector": null}, "published": "2009-11-10T00:00:00", "type": "nessus", "title": "Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1195", "CVE-2009-0023", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-2285", "CVE-2009-2408", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2411", "CVE-2009-2666", "CVE-2009-2820", "CVE-2009-2833", "CVE-2009-2832", "CVE-2009-2836", "CVE-2009-2819", "CVE-2009-2818", "CVE-2009-1191", "CVE-2009-2809", "CVE-2009-2840", "CVE-2009-2835", "CVE-2009-2839", "CVE-2009-2202", "CVE-2009-2203", "CVE-2009-2798", "CVE-2009-2799", "CVE-2009-2831", "CVE-2009-2824", "CVE-2009-2830", "CVE-2009-2823", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2829", "CVE-2009-2808", "CVE-2009-2837", "CVE-2009-2810", "CVE-2009-2825", "CVE-2009-2828", "CVE-2009-2834", "CVE-2009-2838", "CVE-2009-3225"], "modified": "2009-11-10T00:00:00", "cpe": [], "id": "800795.PRM", "href": "https://www.tenable.com/plugins/lce/800795", "sourceData": "Binary data 800795.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:13", "description": "[2.2.3-22.0.1.el5_3.2]\n- Replace index.html with Oracle's index page oracle_index.html\n- Update vstring and distro in specfile\n[2.2.3-22.el5_3.2]\n- add security fixes for CVE-2009-1890, CVE-2009-1891 (#509782)", "cvss3": {}, "published": "2009-07-09T00:00:00", "type": "oraclelinux", "title": "httpd security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2009-07-09T00:00:00", "id": "ELSA-2009-1148", "href": "http://linux.oracle.com/errata/ELSA-2009-1148.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2022-02-27T12:00:43", "description": "**CentOS Errata and Security Advisory** CESA-2009:1148\n\n\nThe Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2009-July/052947.html\nhttps://lists.centos.org/pipermail/centos-announce/2009-July/052948.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nmod_ssl\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2009:1148", "cvss3": {}, "published": "2009-07-14T12:16:38", "type": "centos", "title": "httpd, mod_ssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2009-07-14T12:16:38", "id": "CESA-2009:1148", "href": "https://lists.centos.org/pipermail/centos-announce/2009-July/052947.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T13:26:28", "description": "It was discovered that mod_proxy_http did not properly handle a large \namount of streamed data when used as a reverse proxy. A remote attacker \ncould exploit this and cause a denial of service via memory resource \nconsumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. \n(CVE-2009-1890)\n\nIt was discovered that mod_deflate did not abort compressing large files \nwhen the connection was closed. A remote attacker could exploit this and \ncause a denial of service via CPU resource consumption. (CVE-2009-1891)\n", "cvss3": {}, "published": "2009-07-13T00:00:00", "type": "ubuntu", "title": "Apache vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1891", "CVE-2009-1890"], "modified": "2009-07-13T00:00:00", "id": "USN-802-1", "href": "https://ubuntu.com/security/notices/USN-802-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-04T13:25:49", "description": "USN-802-1 fixed vulnerabilities in Apache. The upstream fix for \nCVE-2009-1891 introduced a regression that would cause Apache children to \noccasionally segfault when mod_deflate is used. This update fixes the \nproblem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that mod_proxy_http did not properly handle a large \namount of streamed data when used as a reverse proxy. A remote attacker \ncould exploit this and cause a denial of service via memory resource \nconsumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. \n(CVE-2009-1890)\n\nIt was discovered that mod_deflate did not abort compressing large files \nwhen the connection was closed. A remote attacker could exploit this and \ncause a denial of service via CPU resource consumption. (CVE-2009-1891)\n", "cvss3": {}, "published": "2009-08-19T00:00:00", "type": "ubuntu", "title": "Apache regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1891", "CVE-2009-1890"], "modified": "2009-08-19T00:00:00", "id": "USN-802-2", "href": "https://ubuntu.com/security/notices/USN-802-2", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2021-10-22T01:05:29", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1834-2 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJuly 31, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : apache2\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-1890 CVE-2009-1891\n\nThe previous update caused a regression for apache2 in Debian 4.0\n&quot;etch&quot;. Using mod_deflate together with mod_php could cause segfaults\nwhen a client aborts a connection. This update corrects this flaw.\nFor reference the original advisory text is below.\n\n\nA denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time. This\nissue did not affect Debian 4.0 &quot;etch&quot;. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. A similar flaw related to HEAD requests for compressed content\nwas also fixed. (CVE-2009-1891)\n\n\nThe oldstable distribution (etch), this problem has been fixed in\nversion 2.2.3-4+etch10.\n\nThe other distributions stable (lenny), testing (squeeze) and\nunstable (sid) were not affected by the regression.\n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.\n\nUpdated packages for apache2-mpm-itk for the s390 architecture are\nnot included yet. They will be released as soon as they become\navailable.\n\nWe recommend that you upgrade your apache2 (2.2.3-4+etch10), apache2-mpm-itk\n(2.2.3-01-2+etch4) package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch10.diff.gz\n Size/MD5 checksum: 127383 f93c44605a130b89c93b967c6e6bb32f\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01.orig.tar.gz\n Size/MD5 checksum: 29071 63daaf8812777aacfd5a31ead4ff0061\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4.diff.gz\n Size/MD5 checksum: 12732 f46b409815f523fb15fc2b013bece3b2\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch10.dsc\n Size/MD5 checksum: 1070 4baefcb4c6ec1f2d146f1387a5240026\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4.dsc\n Size/MD5 checksum: 676 b385d6a3a328371323c79c7906deb5bf\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch10_all.deb\n Size/MD5 checksum: 6673900 95cf69a8148a93569f183e417753226d\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch10_all.deb\n Size/MD5 checksum: 41480 dc99f23beb96a0a743d3d61d6c8d941d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch10_all.deb\n Size/MD5 checksum: 2243464 1239e372d92afb5551cfa6018e509797\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch10_all.deb\n Size/MD5 checksum: 274332 5ac8887f0d4b5e46a2d6461a1c75234d\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_alpha.deb\n Size/MD5 checksum: 345878 09b90c946e6bfab4df70096345b73753\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_alpha.deb\n Size/MD5 checksum: 445144 c578da017ebba196a95e148b22f45e0f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_alpha.deb\n Size/MD5 checksum: 409542 7a2897d2effa66ce0e8125e81c12d98e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_alpha.deb\n Size/MD5 checksum: 410448 f6b3abb4d3f7e58f5439969bacdcd693\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_alpha.deb\n Size/MD5 checksum: 185014 699e45fb31514a058a69fb6c6e7bc7ae\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_alpha.deb\n Size/MD5 checksum: 1043540 f438e482259956a7e0f110dc28ac868a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_alpha.deb\n Size/MD5 checksum: 449444 f0b040f783a19ea83aa7fc195dfd5b95\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_alpha.deb\n Size/MD5 checksum: 450050 9fe6f4b3f9006c9932161272a78c6fdf\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_amd64.deb\n Size/MD5 checksum: 999344 76762c4b207fc51a41ba2352a830de5b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_amd64.deb\n Size/MD5 checksum: 408140 8c7838b3bdb58da06e2d1b38ac108c5d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_amd64.deb\n Size/MD5 checksum: 436052 ee0c8c2b7f68310c638797ddb17e63d4\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_amd64.deb\n Size/MD5 checksum: 172670 95a2ae134db345fa0d511c8195c975da\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_amd64.deb\n Size/MD5 checksum: 436550 93036fabc3c61c162386e8d60be0b748\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_amd64.deb\n Size/MD5 checksum: 432066 a9135049fd176e5110c8835d735ac37c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_amd64.deb\n Size/MD5 checksum: 341944 b95dffeda21dd8e9e57f95d7dcf2c6db\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_amd64.deb\n Size/MD5 checksum: 408854 e57b29deda62fd0a7166058c9714a4af\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_arm.deb\n Size/MD5 checksum: 421544 318e056fc1eba12581f8cd68a58a2efe\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_arm.deb\n Size/MD5 checksum: 420848 855526f42acaf33e10f39156c0ef86a7\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_arm.deb\n Size/MD5 checksum: 967868 1d5b37c9e9b43447c09d859f48e3db08\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_arm.deb\n Size/MD5 checksum: 416808 98bf5d67c2c5c1a0bcdaf5dd0e4a84b4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_arm.deb\n Size/MD5 checksum: 346016 b8ebca72754f2a5c060fd0707dae0b48\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_arm.deb\n Size/MD5 checksum: 157494 0699661a334ce691bee31bda2b5aea13\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_arm.deb\n Size/MD5 checksum: 407924 169a45721a2a2348b9d4fd9ca4018638\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_arm.deb\n Size/MD5 checksum: 408736 3e3285544b775977559a7b5a667e9467\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_hppa.deb\n Size/MD5 checksum: 439794 ae3ee116b4f6734d19e2608c986f20a7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_hppa.deb\n Size/MD5 checksum: 410668 0332975eef0ca8914493434c81a3b57c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_hppa.deb\n Size/MD5 checksum: 351926 aba7da336587d20e3472c42399a60cbb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_hppa.deb\n Size/MD5 checksum: 443764 94b899d6e77c0a1138a1adca32e964d4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_hppa.deb\n Size/MD5 checksum: 409798 87358d3a8d78ae38b43147ffc005dbea\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_hppa.deb\n Size/MD5 checksum: 1078344 5c5df848f29a6b94edd74aaa1938339d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_hppa.deb\n Size/MD5 checksum: 443176 a3418d816ee5814bf8e4e1782ebf1a13\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_hppa.deb\n Size/MD5 checksum: 179290 76bada2a7c0b4ce41781da02bc1d6854\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_i386.deb\n Size/MD5 checksum: 424296 1ac7e4c1b706756a3c68373994eee40d\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_i386.deb\n Size/MD5 checksum: 160986 f072fe639f1ecfd54c308854f2bf835e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_i386.deb\n Size/MD5 checksum: 342538 0cde1185cf0ad60b108a1495920279bb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_i386.deb\n Size/MD5 checksum: 410152 fff23ec5be34b4bb737b82193027d1f5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_i386.deb\n Size/MD5 checksum: 409140 41ab1d141fc82da6ae31151cc4fbf9cd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_i386.deb\n Size/MD5 checksum: 419960 ad49cd170aa024b5675824bc7ad7f5a9\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_i386.deb\n Size/MD5 checksum: 423772 7d65eb2f244037796be8a002b2c5a8aa\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_i386.deb\n Size/MD5 checksum: 962518 0c15eacb1a69d8a4c1fe8b51357355ca\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_ia64.deb\n Size/MD5 checksum: 360442 5390c02c0408fd09da0c80dcbe64213f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_ia64.deb\n Size/MD5 checksum: 407446 c36f9d80cd0797b87350bf6143e9ee73\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_ia64.deb\n Size/MD5 checksum: 490906 9a344d49dc0ec7520d0f643fc3146aa6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_ia64.deb\n Size/MD5 checksum: 497976 7317cb12cb6221de213560ded3b70d23\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_ia64.deb\n Size/MD5 checksum: 1204042 68ebaec425c18cccc50de59cf02a4299\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_ia64.deb\n Size/MD5 checksum: 497164 f9b49290d914a08bde04dfbb7fe8e08c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_ia64.deb\n Size/MD5 checksum: 406794 fc9a49dd15f1b4ff329eaa1c34a42010\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_ia64.deb\n Size/MD5 checksum: 231680 3c7bef395cd12838a2558a283de92b36\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_mips.deb\n Size/MD5 checksum: 407450 0b4e8f985961199ab4544d7473c97fb8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_mips.deb\n Size/MD5 checksum: 429886 8187f9ba100e7c0888e380d550fc0a9f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_mips.deb\n Size/MD5 checksum: 349856 0af264b2e9786b205f41bd98178bd57c\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_mips.deb\n Size/MD5 checksum: 170252 1231b6309bcf7bdf0e0da6056b5f476a\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_mips.deb\n Size/MD5 checksum: 951382 10a60cd2f5b966e57b978e02c55d579b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_mips.deb\n Size/MD5 checksum: 433908 da8b85f735da139c1f1c7518d3ddf044\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_mips.deb\n Size/MD5 checksum: 434564 e0ef1472f70fe37b0ba922c56100f934\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_mips.deb\n Size/MD5 checksum: 406790 d8805ca4ccb44dd6df20a99f75fcae56\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_mipsel.deb\n Size/MD5 checksum: 433410 03caef7359294827ca37daf9e12eca88\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_mipsel.deb\n Size/MD5 checksum: 406794 2eb44e4936c0d66460f128bacc64d6a2\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_mipsel.deb\n Size/MD5 checksum: 168612 d9bf709f9c8e6c3bd1a0b610e2c14997\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_mipsel.deb\n Size/MD5 checksum: 350096 e9171305fd5073da24561a594a0e7ce7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_mipsel.deb\n Size/MD5 checksum: 407444 afd60533d6769b415ed72160009599f0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_mipsel.deb\n Size/MD5 checksum: 428732 694d06725c3f3069c5474a1eba8bc5d8\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_mipsel.deb\n Size/MD5 checksum: 951118 40581cf551d7e6ef3daff28b15d27b43\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_mipsel.deb\n Size/MD5 checksum: 434082 4e6d114481480983ebe412e59f3144a1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_powerpc.deb\n Size/MD5 checksum: 409238 ee52afe172a6adff0fb2189527feb1ab\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_powerpc.deb\n Size/MD5 checksum: 167606 5c94bb438e858477696f14f9e8c4ddd6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_powerpc.deb\n Size/MD5 checksum: 354700 91bec57127d987f81063f403eb135aed\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_powerpc.deb\n Size/MD5 checksum: 428560 d4e4f84b31105d642438a98d1cd77115\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_powerpc.deb\n Size/MD5 checksum: 433126 8eebf2551b490b17446d3d32d0260387\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_powerpc.deb\n Size/MD5 checksum: 432548 dbe2d1e2911315057ca5abde7ed6cbb8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_powerpc.deb\n Size/MD5 checksum: 409992 9371af946dc7a6f4155dc3003de1177b\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_powerpc.deb\n Size/MD5 checksum: 1060574 b7fec9b18fd7df2cf136ca125c12e4b6\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_s390.deb\n Size/MD5 checksum: 437110 aa86e0b23b46beeaaa5438336fe04552\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_s390.deb\n Size/MD5 checksum: 406788 d5e931d2fdf36c7fb983e7e1f710653c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_s390.deb\n Size/MD5 checksum: 407450 932daa00b0a6d967b1af613ea0930034\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_s390.deb\n Size/MD5 checksum: 348416 70b8e219b4c86095065b11875ec83b01\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_s390.deb\n Size/MD5 checksum: 993986 0dd64eb40ee4a89fd3fbff4d1997d30e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_s390.deb\n Size/MD5 checksum: 442014 ccb9c5a6ca257e10305cd3772b1d83ff\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_s390.deb\n Size/MD5 checksum: 443016 4b986bfae8d89f66e8482632d528a449\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch10_sparc.deb\n Size/MD5 checksum: 422172 ffb5cc475c8c9773b588afee5cf2e516\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch10_sparc.deb\n Size/MD5 checksum: 959208 3122892629c49a09287803c4f0298281\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch10_sparc.deb\n Size/MD5 checksum: 409556 a32ab93bcc5458fa0a6d98634075c6e6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch10_sparc.deb\n Size/MD5 checksum: 422568 8e9b179b70d757b411e76e5b7005ba6e\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4_sparc.deb\n Size/MD5 checksum: 157826 bdc36b078bd4f6cb2a5ed6ea7714a74c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch10_sparc.deb\n Size/MD5 checksum: 408632 a834c57ec1d4022e335f7438038ae042\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch10_sparc.deb\n Size/MD5 checksum: 343696 db40b0d4b164b8490009aa110621db9c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch10_sparc.deb\n Size/MD5 checksum: 418790 6e51c4c6412d868e5e55808fd4f6865a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2009-07-30T16:37:19", "type": "debian", "title": "[SECURITY] [DSA 1834-2] New apache/apache2-mpm-itk fix regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2009-07-30T16:37:19", "id": "DEBIAN:DSA-1834-2:CA437", "href": "https://lists.debian.org/debian-security-announce/2009/msg00163.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-22T01:08:06", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1834 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJuly 15, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : apache2\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-1890 CVE-2009-1891\n\nA denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time. This\nissue did not affect Debian 4.0 &quot;etch&quot;. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. A similar flaw related to HEAD requests for compressed content\nwas also fixed. (CVE-2009-1891)\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny4.\n\nThe oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch9.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 2.2.11-7.\n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.\n\nUpdated packages for the s390 and mipsel architectures are not\nincluded yet. They will be released as soon as they become available.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.diff.gz\n Size/MD5 checksum: 127065 2705ba251cdd2e979ce85099b4548848\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.dsc\n Size/MD5 checksum: 1068 5090ccfce8dc2e193a0200a5046fc0c2\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.diff.gz\n Size/MD5 checksum: 12705 7327720850092af23dae939c8b6e0268\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01.orig.tar.gz\n Size/MD5 checksum: 29071 63daaf8812777aacfd5a31ead4ff0061\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.dsc\n Size/MD5 checksum: 676 3823620d6958a99e0d9bf8d54172071e\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch9_all.deb\n Size/MD5 checksum: 6666600 863bd8f5274dcca2b348ddfb455f1e98\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch9_all.deb\n Size/MD5 checksum: 274258 632e77496c06ac55702187083210c5bd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch9_all.deb\n Size/MD5 checksum: 2243400 3c97cd0ed50e13730082455509ccf2ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9_all.deb\n Size/MD5 checksum: 41428 765f1df6239124b257a17373ec12a25c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_alpha.deb\n Size/MD5 checksum: 184750 a5ab12e5997c22cc5384f4dd57039bf0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 406786 9327ff1f134980e38e8af0a9bd333744\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 345748 e6aa3a131e39ea0da098cd68e769ca7b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 407410 1f8fa482173f33fbf635c4d4b622d6dd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 449496 f4bb6824e49f741d853b80c6cd1c34be\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 444670 26e6f91f3f21c9c3ce178abff526f8d6\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 1016848 234579bc27e5372455df962ae77da5ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 450004 8d41f42126489a657627549f3fd03236\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 408082 af95e2d0f5daba30588d20bee6ea1374\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 408766 8769e1922010d061afd64b917bf9ebfb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 436036 83d55a3ec28d1d2954d5c524ace972ed\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 999314 86e7fb785110434ba47a93ad08dfbb46\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 432016 34bea3d8a903690047c0ce17dff9d0a8\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_amd64.deb\n Size/MD5 checksum: 172540 7e6a45df8e195f3871b1d5f333a832d7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 341900 59846089ce413189c2a999b46ff9022c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 436510 c697b045a1b6643f4aca8f75b6019688\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 346122 69dc7042a32293cf61c6a037a0defcf2\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 966476 cfe3ffb085393e3ed0d4c58a078b21c2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 422504 19091c57d38578606c074f637f5b9b77\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 421738 91f192b72202b0266f64e418c6ecf419\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 411030 5be3b5b0a332a274f16ac9fcfbfed59c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 411766 84009ab4d2335289437a721b2828f66e\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_arm.deb\n Size/MD5 checksum: 157456 c025f46f6df32cc58eb44c1fe43a0b95\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 418168 90253c45e4e2ddd858144f0df7083881\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 443192 062ef8c245a4d94bff4ffaa7de4e80bc\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 1078368 3796cc564424fa9302f59ecdfb609e07\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 351892 a140b65fb1cd39922347fa9c3bfd3378\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 439772 d654376818ab21c08354d91354f774e4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 410632 a287c471fe93b308f6b11262cd7a9f5a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 409756 41555f1eb2b8a1f506b72521a45da883\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 443650 e1ce0eaf55fb5f75061ec379d86ed00f\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_hppa.deb\n Size/MD5 checksum: 179276 41098929aec66df2eb6aff15c65d185b\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 423714 80ff91b5681b3b65b9f82510b78995d8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 342508 473c50b8e3b3ff72f61fd2773ad0a5ec\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 419898 3efc018978b3f6879d4e17cd870da7c6\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 962488 9f79ca5450eb153eeb77d0ccdf63af53\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 424256 f7df4f2e8308b37945d6c9350fb68059\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_i386.deb\n Size/MD5 checksum: 160954 7bced5cbbed7133d3e7792b0aa40673c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 410094 c973180a87c19636cc18823d872eaaf5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 409096 aca126fc936879a914786d64b39582f1\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_ia64.deb\n Size/MD5 checksum: 231658 8588ce0e7b8f4ac4a486c3ee1f7e3f98\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 407390 c0070cc353345e43208362eb4b59fde2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 490872 0e1504ba3f45642856d2fa0b961f8700\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 1203918 a0f6cbde5068600b39a1ecd4ec6a5b47\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 497934 5c8cd8e03d196f3bf950c11c48c4ee8b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 360406 db46e71e165212b10d2fbda1a606cd98\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 497114 289213d2c49b217caf6a35d69f63e1e7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 406772 84111944453e85d3abf713ae51826439\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_mips.deb\n Size/MD5 checksum: 170220 026044026baf1ce8467698a2a73aa5ab\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 407938 b64b7c8cbc89b5a53ec2aaa58afec391\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 433466 cbb48f0d929ce882c39d76966ba70193\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 434190 ce951039761e140b5886fe57a255fa44\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 348326 a718aad2980aa88aacd1d521c41de077\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 409050 d35c3c4676678eb03b9661484051b391\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 976346 6a45c13a7402ec443a17760e26483bf8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 429286 1bd2eed2169f0de38f651821aaa3da3b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 432192 906d504de8f20bc6c8ad1469a837e195\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 406780 1e83caee969de1766eb5fc6067e76696\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 427394 8a6ca2bdba868fdebeee23dda1f72701\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 431602 90b2195a707a5b67745eabef4c2a8768\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 1035070 0c620f29ceab742f65dad5eaf1d9d4f4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 353950 a0ba6038b988595e5a23dd1fb7639c4c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 407402 f0288619d689fc7dcf60860a4f36a933\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_powerpc.deb\n Size/MD5 checksum: 167642 c30002dbdc362dd5467146d1937dea53\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 418730 48e4d2f03309d7b24e3cde05a5b71a21\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 408606 1578768e504d10048c569485d9606289\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_sparc.deb\n Size/MD5 checksum: 157718 452a1e8f879fbc6d63a553d6baec602d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 343654 ac6444870699cc33ad7f961eed9398ce\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 422500 5a8ce79508be63aa69c4df345bb0cee0\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 959220 b771edecfb5c7813eca216bfe66a3898\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 422118 6565c943000320159110ac22dcd5f559\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 409490 c1a6eba5bc28035aa796688e47e5e4dc\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.dsc\n Size/MD5 checksum: 1164 307984cde328f4d612ab19f783850723\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.diff.gz\n Size/MD5 checksum: 13140 adfb807359e881c02f62c979a1f3728b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02.orig.tar.gz\n Size/MD5 checksum: 33295 1da861a142f8d0d2e2a5bfbc7c760199\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.diff.gz\n Size/MD5 checksum: 138623 e83f70e3fe9dc21e23b9e12e0e3509a2\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.dsc\n Size/MD5 checksum: 1673 3edbeef1b78cdcb238a1b156b1e15bb3\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny4_all.deb\n Size/MD5 checksum: 6734400 79b3f9d5db6aa727567fbe8465ff90d4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny4_all.deb\n Size/MD5 checksum: 2060300 196001254f77a940ad90c9b71a852e77\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4_all.deb\n Size/MD5 checksum: 44714 bc0ebb5a9da11e825827315a6899abfb\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 847834 aaf8837f7c08aca3d011376dcffc7e16\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 147370 dbb9268ff94f758a080b6e8a05a4bdf2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 261110 83e82a6a01480d834aa5339e24f5969a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 256066 96f6245fa6e4ed746ef8262233f503ad\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 208196 6ee84eaafd8eb561b9a439dcbb783236\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 261798 a1229304be029b88e4f5c398f91f4e40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 83944 8b74c4d4c39b5ac398710dab602337e2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 209246 bc34fe81b34a34e0dc9f7ead8de8fe1a\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_alpha.deb\n Size/MD5 checksum: 198092 4881bbe2b0e5b4f348877e7ea627ce52\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 2401116 319b1da984a7f71cc3c7a7a5ba49b867\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 82234 4c29b98521c49ac1ecbc8d6c011abdfa\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 144626 5d4768acfae476c402e6fc4691b4546e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 209292 67863fa88619fd577003df2aa7cce0e0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 82096 a98e3f9008a265b60353de3951e2e398\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 208304 57c865b54fb1cc86c4a8cfab227bc306\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 253304 074663f709a0bf0ee633455f80fee628\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 257894 6360df03503d90a3d3ce328b864e6f51\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 2461864 89f24f597409e1c28c269d480c73e3e4\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_amd64.deb\n Size/MD5 checksum: 195110 701e3f4e5f285547da2812995f2633c6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 257386 4d91795d2a2fad9cdf6b68339b4829b6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 83788 5316f2c34b8b48c4add784cc76753456\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 814092 20325906f84a4e8fe2d44facc5b6b5d3\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 2325038 1d76ab85e35d2cbba2f03e27a298e94c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 80888 86bf973a332a92a29382ee8a46a6c026\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 785978 52f17dbf1fee0cd55ee9009fdd4f0fd8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 223420 dff6ac226c23cf2a09203988d7a2b9f1\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_arm.deb\n Size/MD5 checksum: 161996 1a897301ece23202fcfa1237255fc4d2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 82676 d9fbdef2dff08820870956f9657a58e6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 219532 71eacc1f45625b1df19e76d75e3ba3c6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 146788 ac12d8e6bdf36cb3dcdc25cb18e3e30a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 210508 a21d73a92f2afc9fe444e8605a17b217\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 224274 522c6f94729d2a1dee88587c915d519d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 209360 e929d57bd87b4274b164957b1ddecd28\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 225576 b0dcffd0883f47503ccf734f18852ad0\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 801902 185f8929c05f1908bcaa8b860f389578\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 221418 c65a0ed2b6c24ca34b7b8eaf89b371d4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 2339212 8774ee70034af693ad839a1a32cb8349\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_armel.deb\n Size/MD5 checksum: 162788 1af310dc30900cb2351f0b72700f1b6a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 83420 d8880a371ce336eb07ecdb6560658a9d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 150670 d78e5498f0eef77186479e10bb91b6b1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 213296 2bab992f24e1772284062500f3574524\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 212144 216add040a936ef2981edc7d9561e114\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 81784 cac9e229181c8437b445bdfb8812c3c4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 225852 ae8ac07aacb889e9f3e6c59c8b511fcf\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_hppa.deb\n Size/MD5 checksum: 183160 f2b39550c5f7e82e489c912166d9979e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 152354 065c6e2360f9a561032ff001da648d4d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 83830 de830f6d2a404e47907eff31c8e500f8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 82196 16539b99fc2144c8bcfcd7af8d0ab185\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 246170 7d2bc68a96df307fed56456b73f03b66\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 246644 3047579aa5229cd6015dbb1e4235bd5e\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 888518 69936f2c0a47f50d1656d42a1f07be60\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 211744 a16842a731424f0da311c9ad06db1e6d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 2380288 cd896ebb2704567cb74f3d0ee7e0eb4d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 210730 716d95b564b12cf4a3a44d3b847d1718\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 241526 9e86d0c72e5c01770d5b9a403eea1931\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 2321656 ec028a4db5a43f4ed9ad5be64752d03a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 236982 db7f962144ad83c02e89cf774292288b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 81826 14dc03b9022352f6ca89cc18d5a0330e\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_i386.deb\n Size/MD5 checksum: 178820 b6a82b00259627a7f7fb593d9b011766\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 83576 1bada724cf9b6dd9f63c650467efeba9\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 142984 a5f47b4e360f4dfb1af40edc0fd4b029\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 212226 962c9711427d4b3040f2682cc76ab86a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 240950 d071d125f52595d24d7ce27a700125b2\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 782590 91c5374730252660a652998778f37d8d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 210906 c3f8cc33efaf94bb394269a70c71a0d1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 240464 5354fbeaf0547f9a42bb15093325f549\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 311214 f283915f5e76d3cd640589d549a76a71\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 85302 ff6953155bfaf472969417b48b2551f8\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 1035884 aa5c4d97a05db590c5f3f2cf4d19c555\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 2316556 d26cb59c9177ec0e71a95ad856d4e051\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_ia64.deb\n Size/MD5 checksum: 246932 42ab72304a76a62f65836b6c60c73010\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 312166 f58ecace375bd6b35f1a4062748c5408\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 209228 559adca455e0ef1f204e96ac4fbe49ef\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 162262 ba2b1c266c3587a302212bf4f2ed240f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 208174 8c9fe75a24cde7114b2f7652537deecd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 83422 1779b4541944fa8a94a1dd33e4cbc609\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 304150 4a2c480a73e0ed79b46b05b58fe0fd61\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 83190 e093dfcad8021f25f7176da924459c6c\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_mips.deb\n Size/MD5 checksum: 170822 294522178e939a92592d5d146b68cd9d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 233580 961e112fcdeacc251dee947f8f724aa8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 232924 52a97e65bdccc87e309a82234ab89dab\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 149230 9708268be4f09ba11e5bb51179d928f2\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 779762 d2c17dcc02d84293914bb3f4f6ab67d3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 228990 a141cf37d468e74442cbcd7012925e44\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 208192 33165f7a8cb46d7c296c248955128218\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 209244 b016214150d6ce9a7e43e64a851f5978\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 81522 1abe52816f5a0d8c00e3b2fb1879414f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 2463130 344c79f122bab946da9fc39f9a8a4b36\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 257046 c952768064ed400bb2e1d9e27e4ba99a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 84070 e17bd8d31a36da03bef16415993e7e45\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 915634 53944e6d790f63ca816bf2136b79af3e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 208218 b9e3f2e66531d56bb570424353272102\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 82412 766b0d2515db8ffeb85dca4b484105f1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 160476 8d0ecf34f8000fd940c921a0b3d4e548\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 209268 cf420bf9a74835ea64697f91b87803c4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 257776 b6177ff3288d6b330f88be5c66257fb0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 2495370 fd4dd820e677dc7e70c76e1fab8e92f6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 252980 dc623a508aba2b5686b91b8dbaa960c8\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_powerpc.deb\n Size/MD5 checksum: 195282 f195b72bd2cb69fd34dad3e784789140\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 259520 fbaaf66f397575413ef453aa722144e8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 260108 2ae0ee8cc14adc7968258bd08a3e81ed\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 822996 d30704ff33a6aa78bbbd45a6f7ac0143\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 208180 38718b3016843e4c6143b42d3b305303\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 150432 c4efb820040316a31f1b101c52234ead\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 209230 7f38737a3435372a60be9bb1d55e28cb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 83810 b975c720b2dfef46c355d4c46fe11981\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 82046 9c1ef780cb0b791585ca092084672204\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 2405236 abbada7447e8b5870bf8a8bf88a63ef2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 255468 ff853775f302788837c58af1e78992c6\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_sparc.deb\n Size/MD5 checksum: 177430 6fc629e355d1631ffb88b8614d9fea10\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 2230948 0139ae6fb585ca7299549ff59e5317b8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 210438 fe77b48974cfb980f1cbfd744cdab798\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 236456 2f7cf5cb7aa7eb2b40a914894c7aa883\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 83162 7c17c245241db944b85ca8972a19a785\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 240688 713eb6278ca62f82ed6837480fa278de\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 81388 b76095bbe6e716c35f6b1f2f76a35428\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 240168 6fa24064bf73b944fb41beea7b95f66e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 211722 92acf170832b8d56e67dbd0760459e47\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 147228 a166a6f2e75dbedd9e3795af1b1f34af\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 780484 cfec1976f87aee4535b0de9df3410127\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2009-07-15T19:01:57", "type": "debian", "title": "[SECURITY] [DSA 1834-1] New apache2 packages fix denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2009-07-15T19:01:57", "id": "DEBIAN:DSA-1834-1:A54B3", "href": "https://lists.debian.org/debian-security-announce/2009/msg00148.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:43:40", "description": "The Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-07-09T00:00:00", "type": "redhat", "title": "(RHSA-2009:1148) Important: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2017-09-08T08:16:49", "id": "RHSA-2009:1148", "href": "https://access.redhat.com/errata/RHSA-2009:1148", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-21T04:43:49", "description": "The Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA flaw was found in the handling of the \"Options\" and \"AllowOverride\"\ndirectives used by the Apache HTTP Server. In configurations using the\n\"AllowOverride\" directive with certain \"Options=\" arguments, local users\nwere not restricted from executing commands from a Server-Side-Include\nscript as intended. (CVE-2009-1195)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nAll users of JBoss Enterprise Web Server 1.0.0 should upgrade to these\nupdated packages, which contain backported patches to correct these issues.\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect.", "cvss3": {}, "published": "2009-07-14T00:00:00", "type": "redhat", "title": "(RHSA-2009:1155) Important: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891"], "modified": "2016-04-04T14:31:38", "id": "RHSA-2009:1155", "href": "https://access.redhat.com/errata/RHSA-2009:1155", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:39:01", "description": "The Apache HTTP Server is a popular Web server.\n\nA denial of service flaw was found in the Apache mod_proxy module when it\nwas used as a reverse proxy. A remote attacker could use this flaw to force\na proxy process to consume large amounts of CPU time. (CVE-2009-1890)\n\nA denial of service flaw was found in the Apache mod_deflate module. This\nmodule continued to compress large files until compression was complete,\neven if the network connection that requested the content was closed before\ncompression completed. This would cause mod_deflate to consume large\namounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)\n\nA flaw was found in the handling of the \"Options\" and \"AllowOverride\"\ndirectives used by the Apache HTTP Server. In configurations using the\n\"AllowOverride\" directive with certain \"Options=\" arguments, local users\nwere not restricted from executing commands from a Server-Side-Include\nscript as intended. (CVE-2009-1195)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.", "cvss3": {}, "published": "2009-07-14T00:00:00", "type": "redhat", "title": "(RHSA-2009:1156) Important: httpd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891"], "modified": "2019-03-22T19:44:11", "id": "RHSA-2009:1156", "href": "https://access.redhat.com/errata/RHSA-2009:1156", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T18:46:49", "description": "Data exceeding Content-length value causes CPU exhaustion. mod_deflate doesn&#39;t break file compress operation if client disconnects.", "edition": 2, "cvss3": {}, "published": "2009-07-09T00:00:00", "title": "Apache DoS", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2009-07-09T00:00:00", "id": "SECURITYVULNS:VULN:10059", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10059", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:149\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : apache\r\n Date : July 9, 2009\r\n Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,\r\n Multi Network Firewall 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in apache:\r\n \r\n The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\r\n module in the Apache HTTP Server before 2.3.3, when a reverse proxy\r\n is configured, does not properly handle an amount of streamed data\r\n that exceeds the Content-Length value, which allows remote attackers\r\n to cause a denial of service &#40;CPU consumption&#41; via crafted requests\r\n &#40;CVE-2009-1890&#41;.\r\n \r\n Fix a potential Denial-of-Service attack against mod_deflate or other\r\n modules, by forcing the server to consume CPU time in compressing a\r\n large file after a client disconnects &#40;CVE-2009-1891&#41;.\r\n \r\n This update provides fixes for these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.1:\r\n 864257e773e8847901aa0f2e7b92e35c 2008.1/i586/apache-base-2.2.8-6.5mdv2008.1.i586.rpm\r\n 2ef1924cb3803af418dcb0e12b05da5a 2008.1/i586/apache-devel-2.2.8-6.5mdv2008.1.i586.rpm\r\n a3ec4a3eda586d7b52e65e0dc715e96b 2008.1/i586/apache-htcacheclean-2.2.8-6.5mdv2008.1.i586.rpm\r\n ad46ee6bd081b35e89bf00b707e34e66 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.5mdv2008.1.i586.rpm\r\n 1500f492f8aa95f82ce8062fb79371bf 2008.1/i586/apache-mod_cache-2.2.8-6.5mdv2008.1.i586.rpm\r\n 0bcf1f2cc7c220a5fcbe212e8d4c791a 2008.1/i586/apache-mod_dav-2.2.8-6.5mdv2008.1.i586.rpm\r\n f50830d873e8a948ebb7435068ac7723 2008.1/i586/apache-mod_dbd-2.2.8-6.5mdv2008.1.i586.rpm\r\n 53e657db85cbbb5a46991b7a7e7ba6eb 2008.1/i586/apache-mod_deflate-2.2.8-6.5mdv2008.1.i586.rpm\r\n 0de02351654d1691aca8027fcd162076 2008.1/i586/apache-mod_disk_cache-2.2.8-6.5mdv2008.1.i586.rpm\r\n 9b8cb72ea384949d1afdb2a458edde43 2008.1/i586/apache-mod_file_cache-2.2.8-6.5mdv2008.1.i586.rpm\r\n b01299df82912bd055e8a4a5107f18ba 2008.1/i586/apache-mod_ldap-2.2.8-6.5mdv2008.1.i586.rpm\r\n de8b3be73e223946bc59267b2b061041 2008.1/i586/apache-mod_mem_cache-2.2.8-6.5mdv2008.1.i586.rpm\r\n f8d35075b25dfa8349e1a4903d17751b 2008.1/i586/apache-mod_proxy-2.2.8-6.5mdv2008.1.i586.rpm\r\n 0c16a26c9c164197211a13c4ffcc3b33 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.5mdv2008.1.i586.rpm\r\n d70ff82e41072270e0f6af937d06ee9b 2008.1/i586/apache-mod_ssl-2.2.8-6.5mdv2008.1.i586.rpm\r\n 05c16bce9cefcb99c1db3834f6853f89 2008.1/i586/apache-modules-2.2.8-6.5mdv2008.1.i586.rpm\r\n 8e3ee38379f1e301a1e41a489a92147b 2008.1/i586/apache-mod_userdir-2.2.8-6.5mdv2008.1.i586.rpm\r\n a3ff073681b969b46638ff46a6313fc6 2008.1/i586/apache-mpm-event-2.2.8-6.5mdv2008.1.i586.rpm\r\n c89bb0192cc036054e3a4367fababce1 2008.1/i586/apache-mpm-itk-2.2.8-6.5mdv2008.1.i586.rpm\r\n 410f034dd2818b264a09a036bd35f9a2 2008.1/i586/apache-mpm-prefork-2.2.8-6.5mdv2008.1.i586.rpm\r\n 476303bf479cc1c249b6fa69f32742d2 2008.1/i586/apache-mpm-worker-2.2.8-6.5mdv2008.1.i586.rpm\r\n 23ef5826c0e49f577d8d04254f61a923 2008.1/i586/apache-source-2.2.8-6.5mdv2008.1.i586.rpm \r\n 5d895c7c364db08fff0372c3654d1ccd 2008.1/SRPMS/apache-2.2.8-6.5mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n ed8541532eb77b813ec71f35bc3b1a7f 2008.1/x86_64/apache-base-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 98000923f5eec7c767dafd94ab0967bc 2008.1/x86_64/apache-devel-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 7c81d6ed41e96370e3c4498a6a082714 2008.1/x86_64/apache-htcacheclean-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 074ce4664eb6fc96f0444de96bdd17cf 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 8306c6084cabfd7e36207a53489093df 2008.1/x86_64/apache-mod_cache-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n eaf9d071b93a0f478e242253b031c2bd 2008.1/x86_64/apache-mod_dav-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n d02221dbdac77e5fa1ee1710f5e946dd 2008.1/x86_64/apache-mod_dbd-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 574bb4b1e11c16210e99be0ce029aa10 2008.1/x86_64/apache-mod_deflate-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n c3196491613788da66c222dfd1d7608e 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 9eeb2a7b68bc178dc7917c362d89b5ff 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 5dfc3a189d4e70dde834a84c3a5141fa 2008.1/x86_64/apache-mod_ldap-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 66696247e7ae1a919e0e80fa43544b92 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 6374972abfd91ab03fe74ac0b9b5fbbd 2008.1/x86_64/apache-mod_proxy-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 6606ff6d4ae5d09716a69938e2b944c6 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 23ba0203d6876a376e1a1e22e887b54c 2008.1/x86_64/apache-mod_ssl-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n b7077a42c6b823d7a744e5ecbe306242 2008.1/x86_64/apache-modules-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n fa1ab5a1c4190191c88fb83bf07d3926 2008.1/x86_64/apache-mod_userdir-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n abb9e82feea59e2d913dab61c0c1be2f 2008.1/x86_64/apache-mpm-event-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n a7e021179bcabb2e6725d7488fac33cf 2008.1/x86_64/apache-mpm-itk-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 64ec4ecc7f6f6557eb95ba61017e00a8 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 5955bfd23bfff88bea08d049bbf1ff88 2008.1/x86_64/apache-mpm-worker-2.2.8-6.5mdv2008.1.x86_64.rpm\r\n 91e233e5e4874e2beaa6eff728d1a8df 2008.1/x86_64/apache-source-2.2.8-6.5mdv2008.1.x86_64.rpm \r\n 5d895c7c364db08fff0372c3654d1ccd 2008.1/SRPMS/apache-2.2.8-6.5mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n d363852286bffcc1f16be74529c16d8e 2009.0/i586/apache-base-2.2.9-12.3mdv2009.0.i586.rpm\r\n 5958b4410e39655375a3fb06704e86cb 2009.0/i586/apache-devel-2.2.9-12.3mdv2009.0.i586.rpm\r\n 0d57fe115977bdb79f5550f68e6f0a7c 2009.0/i586/apache-htcacheclean-2.2.9-12.3mdv2009.0.i586.rpm\r\n 4d3907f8abc34e0398d2a67df9185f1e 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.3mdv2009.0.i586.rpm\r\n 3cf8641644943ef13cff4b6af29cfacb 2009.0/i586/apache-mod_cache-2.2.9-12.3mdv2009.0.i586.rpm\r\n 8adb06cd1b0c1364c30c761c49b50d33 2009.0/i586/apache-mod_dav-2.2.9-12.3mdv2009.0.i586.rpm\r\n a0bfc1e6a7d9f8862c65c69f759cd093 2009.0/i586/apache-mod_dbd-2.2.9-12.3mdv2009.0.i586.rpm\r\n b335c39fe37988f3de26537262dd6b9d 2009.0/i586/apache-mod_deflate-2.2.9-12.3mdv2009.0.i586.rpm\r\n f3e11730ca6381f782f60ea7ad703b33 2009.0/i586/apache-mod_disk_cache-2.2.9-12.3mdv2009.0.i586.rpm\r\n 8ec10efb81f40dd11e744856a30f1a9e 2009.0/i586/apache-mod_file_cache-2.2.9-12.3mdv2009.0.i586.rpm\r\n ca822b5f7ce60c3b2e8ac8ef9c87ea07 2009.0/i586/apache-mod_ldap-2.2.9-12.3mdv2009.0.i586.rpm\r\n 6ef2fe37d9056fd08fe10f17f72eb131 2009.0/i586/apache-mod_mem_cache-2.2.9-12.3mdv2009.0.i586.rpm\r\n 17e4a0cb1a25f1a1dd34d64527cd69ff 2009.0/i586/apache-mod_proxy-2.2.9-12.3mdv2009.0.i586.rpm\r\n f757375865df48bde5fde177bc53f176 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.3mdv2009.0.i586.rpm\r\n afa87773aa3485eb3d08482f6c66b723 2009.0/i586/apache-mod_ssl-2.2.9-12.3mdv2009.0.i586.rpm\r\n b9b4cebe20f782cf6d61de932ae775fe 2009.0/i586/apache-modules-2.2.9-12.3mdv2009.0.i586.rpm\r\n 7caa399d860dce728c05e2a1bbb37b02 2009.0/i586/apache-mod_userdir-2.2.9-12.3mdv2009.0.i586.rpm\r\n 991dcf92749cedff7f2b7ea110cbc26d 2009.0/i586/apache-mpm-event-2.2.9-12.3mdv2009.0.i586.rpm\r\n 6631e8492a2cfb0c294a844d4437896b 2009.0/i586/apache-mpm-itk-2.2.9-12.3mdv2009.0.i586.rpm\r\n 334050ac21bee98ba6cb3275f378c07f 2009.0/i586/apache-mpm-peruser-2.2.9-12.3mdv2009.0.i586.rpm\r\n 616f75510fbf462edf494fdf6456f2f0 2009.0/i586/apache-mpm-prefork-2.2.9-12.3mdv2009.0.i586.rpm\r\n ec4bc21290ccb97b3f4a89fe395f961e 2009.0/i586/apache-mpm-worker-2.2.9-12.3mdv2009.0.i586.rpm\r\n fd5db56435be568aa94e4f256f083640 2009.0/i586/apache-source-2.2.9-12.3mdv2009.0.i586.rpm \r\n befd4b86100340246045938e9668b133 2009.0/SRPMS/apache-2.2.9-12.3mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 12bb10b4fefbe9a41290619b396bbc27 2009.0/x86_64/apache-base-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n f9480a489f5fc7bf6f09601c66786166 2009.0/x86_64/apache-devel-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 194e19c4192104e1ce86ccae92bc3678 2009.0/x86_64/apache-htcacheclean-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 83df7eff4ccf56a27dfab4b7e5e55def 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 7e17cd33c2f77598a55b27de9a1f272f 2009.0/x86_64/apache-mod_cache-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 49b4f14a69e1fe814892d8c1235fff3b 2009.0/x86_64/apache-mod_dav-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 51bf4942dcdfce90ca8d921fcf721d20 2009.0/x86_64/apache-mod_dbd-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 1b95ecf1dd6d8509d764428c2f64f023 2009.0/x86_64/apache-mod_deflate-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 2a269581f79f4261357d78c3a32f5ac9 \r\n2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n b471904247a8663f8894956b02bd3095 \r\n2009.0/x86_64/apache-mod_file_cache-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 2f9667e46b23c991813607a53310e5d8 2009.0/x86_64/apache-mod_ldap-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 184b807180f72d4399a4039f6f08d7d8 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n cfc41078bac18b0512a44756eb31c727 2009.0/x86_64/apache-mod_proxy-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 4d7e1318e9ca104dce782997d94734f3 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n d3613cf215e1617d53761395591c0ee5 2009.0/x86_64/apache-mod_ssl-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 663d9a17a0a131c46ad70aebb9d286a1 2009.0/x86_64/apache-modules-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 4b88b69bb42109d60ed86b3aa0cf6cf0 2009.0/x86_64/apache-mod_userdir-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n c0212892e5ccc905bf9c8c27c0fc55a4 2009.0/x86_64/apache-mpm-event-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 845a766d32686438a04562898d658f66 2009.0/x86_64/apache-mpm-itk-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n d841f9b7e7898e99f16ecc668a829890 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 55bb3d32f6ad363872d9c27e6eab04a6 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n 2ace6623bedb6f5d29d8b79505361ef1 2009.0/x86_64/apache-mpm-worker-2.2.9-12.3mdv2009.0.x86_64.rpm\r\n aa3f27740d94b8d2ada54592b3c1deb2 2009.0/x86_64/apache-source-2.2.9-12.3mdv2009.0.x86_64.rpm \r\n befd4b86100340246045938e9668b133 2009.0/SRPMS/apache-2.2.9-12.3mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 43de323093117584b6f981e3440893d9 2009.1/i586/apache-base-2.2.11-10.4mdv2009.1.i586.rpm\r\n e4a751411c51ebf3db63c5a70ba555ee 2009.1/i586/apache-devel-2.2.11-10.4mdv2009.1.i586.rpm\r\n b013be5a696f29cdd2c0c6da0799dd08 2009.1/i586/apache-htcacheclean-2.2.11-10.4mdv2009.1.i586.rpm\r\n 672318a22cff862b606d6f1721650a9b 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.4mdv2009.1.i586.rpm\r\n cd318fc1bf8be7106f1c92f0e23f2faa 2009.1/i586/apache-mod_cache-2.2.11-10.4mdv2009.1.i586.rpm\r\n f8354758215da0db366c942bde4465fe 2009.1/i586/apache-mod_dav-2.2.11-10.4mdv2009.1.i586.rpm\r\n d04f091350b5737c35217b3963cdba21 2009.1/i586/apache-mod_dbd-2.2.11-10.4mdv2009.1.i586.rpm\r\n 94ba7bfec4c32d194a157ae285cbfbe6 2009.1/i586/apache-mod_deflate-2.2.11-10.4mdv2009.1.i586.rpm\r\n fed83efa0e9315b5f6060535424046fd 2009.1/i586/apache-mod_disk_cache-2.2.11-10.4mdv2009.1.i586.rpm\r\n 1b9b91a3a25036edfebe5bcd7f603fd5 2009.1/i586/apache-mod_file_cache-2.2.11-10.4mdv2009.1.i586.rpm\r\n f9b090f9e1d5303171884ef6972232e7 2009.1/i586/apache-mod_ldap-2.2.11-10.4mdv2009.1.i586.rpm\r\n 7af5d73ac41cf7d8f54251e0d14a6eed 2009.1/i586/apache-mod_mem_cache-2.2.11-10.4mdv2009.1.i586.rpm\r\n 509e9bedb5f91343a676045f90bef558 2009.1/i586/apache-mod_proxy-2.2.11-10.4mdv2009.1.i586.rpm\r\n 0c68c2755ad96c79f85a155bc079dd74 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.4mdv2009.1.i586.rpm\r\n fdd37129c8ce847680456f5c08550968 2009.1/i586/apache-mod_ssl-2.2.11-10.4mdv2009.1.i586.rpm\r\n 7549e14f72e5c8d3d6b408d52ef8a38c 2009.1/i586/apache-modules-2.2.11-10.4mdv2009.1.i586.rpm\r\n bc066f7e9cd881dfc170953094dc8319 2009.1/i586/apache-mod_userdir-2.2.11-10.4mdv2009.1.i586.rpm\r\n d32db804ae96533ca4c7b245eda01f98 2009.1/i586/apache-mpm-event-2.2.11-10.4mdv2009.1.i586.rpm\r\n 868f2aaa6ef53c7c60b376202944e2aa 2009.1/i586/apache-mpm-itk-2.2.11-10.4mdv2009.1.i586.rpm\r\n 681854ce611a93ec864c58785ab541f5 2009.1/i586/apache-mpm-peruser-2.2.11-10.4mdv2009.1.i586.rpm\r\n 8e71ace64ffd0c8c37c83a0a12e1afbe 2009.1/i586/apache-mpm-prefork-2.2.11-10.4mdv2009.1.i586.rpm\r\n 5e88459f25f50a6c3cde05a445b32594 2009.1/i586/apache-mpm-worker-2.2.11-10.4mdv2009.1.i586.rpm\r\n 611db0cf3570f9f0377586bda61e59b0 2009.1/i586/apache-source-2.2.11-10.4mdv2009.1.i586.rpm \r\n 6e8db38ec06bfd8756037dec8ea71ca4 2009.1/SRPMS/apache-2.2.11-10.4mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n f140d32d2a4083fb5ee324b7572279f2 2009.1/x86_64/apache-base-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 383bab22e1d9a9c61baeb10c3972443d 2009.1/x86_64/apache-devel-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 007f4193dc68dcd34d48ab58bfd615ed 2009.1/x86_64/apache-htcacheclean-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 428b7be1ac06755588bb28dc90b914ae \r\n2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 82158b3767bdb31fea07f5a442fcebd4 2009.1/x86_64/apache-mod_cache-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 085eb05ff541f4699b0d2764b24c023a 2009.1/x86_64/apache-mod_dav-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 7b831282bf0889312f8198c358393332 2009.1/x86_64/apache-mod_dbd-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n f78e3d86a7b6af8b46c1864fcabd5455 2009.1/x86_64/apache-mod_deflate-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n b985d6447095085c7713902a7253dc07 \r\n2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 26e49e2067e11ea114dc8ddcac3d51c6 \r\n2009.1/x86_64/apache-mod_file_cache-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n e4395af2defe1b01229fe1c4887a5e3b 2009.1/x86_64/apache-mod_ldap-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 08c9824c79e51e956619dd1c1f5b2391 \r\n2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 125634357057ef66b5a96c3f6d59f887 2009.1/x86_64/apache-mod_proxy-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 48f5cce6d04c185bc8f74e9440d42d49 \r\n2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n f5353fee0655a944233e95dc542475fc 2009.1/x86_64/apache-mod_ssl-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 181766999217f26744e0b2a7179f074c 2009.1/x86_64/apache-modules-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 9c75cd439b962a013d0a12be52eac839 2009.1/x86_64/apache-mod_userdir-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 5ff7131c77436bd966c50618a23fac1f 2009.1/x86_64/apache-mpm-event-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 2df4ee8eff3152a1c12fdfec6d09a4c7 2009.1/x86_64/apache-mpm-itk-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 3e2e9c63c293ac81654e2792d941a8e5 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n db758092a06528c21fe8cb89dc72e44a 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n fbd4fa29c8e7fab05e6cd9ee73061e53 2009.1/x86_64/apache-mpm-worker-2.2.11-10.4mdv2009.1.x86_64.rpm\r\n 2a3aa46f4a5ef9eb0f4fc60b8688b6d4 2009.1/x86_64/apache-source-2.2.11-10.4mdv2009.1.x86_64.rpm \r\n 6e8db38ec06bfd8756037dec8ea71ca4 2009.1/SRPMS/apache-2.2.11-10.4mdv2009.1.src.rpm\r\n\r\n Corporate 3.0:\r\n efc4dd61f307ba7ca3e78b702d14766a corporate/3.0/i586/apache2-2.0.48-6.21.C30mdk.i586.rpm\r\n 85ef73c40780432a49b5b52eaa10174c corporate/3.0/i586/apache2-common-2.0.48-6.21.C30mdk.i586.rpm\r\n f8668cb4d5d5a7aeeec18ac9089ce224 corporate/3.0/i586/apache2-devel-2.0.48-6.21.C30mdk.i586.rpm\r\n 9c7411c194f42dc2dda22e73b87871ac corporate/3.0/i586/apache2-manual-2.0.48-6.21.C30mdk.i586.rpm\r\n addfed70aa6f5b9b95423166a9d9d2d0 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.21.C30mdk.i586.rpm\r\n 23d16c62736006e63f2290c6474a3c3f corporate/3.0/i586/apache2-mod_dav-2.0.48-6.21.C30mdk.i586.rpm\r\n 4c91c64f68bf7ee1381ba571363ff18b \r\ncorporate/3.0/i586/apache2-mod_deflate-2.0.48-6.21.C30mdk.i586.rpm\r\n 2e62901ddf70ec979ac1c31965817d5b \r\ncorporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.21.C30mdk.i586.rpm\r\n c98277bc893e194a4cfcc6ee2efddcb9 \r\ncorporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.21.C30mdk.i586.rpm\r\n 76a73eae916527a461e48f535ac92cff corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.21.C30mdk.i586.rpm\r\n e2b217645c51bcecb6bade3230a2eda2 \r\ncorporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.21.C30mdk.i586.rpm\r\n f0ba56775f6d0a1cdc99c897d0b0a619 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.21.C30mdk.i586.rpm\r\n 29e2b0644b85e489935f195334820f61 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.21.C30mdk.i586.rpm\r\n 77836bdb2fca0e05208e44dc7ad8742e corporate/3.0/i586/apache2-modules-2.0.48-6.21.C30mdk.i586.rpm\r\n 74ba9e4ba64d33c863919363ab295e62 corporate/3.0/i586/apache2-source-2.0.48-6.21.C30mdk.i586.rpm\r\n 943e2a0c5fcff6dfc142ff52ba3286eb corporate/3.0/i586/libapr0-2.0.48-6.21.C30mdk.i586.rpm \r\n b7bdb08234711c39badc0dc000ca3d20 corporate/3.0/SRPMS/apache2-2.0.48-6.21.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n b857a73720d5645127010c91e039a630 corporate/3.0/x86_64/apache2-2.0.48-6.21.C30mdk.x86_64.rpm\r\n e6e5eca1cadb862b47804cc09a3bd2b4 corporate/3.0/x86_64/apache2-common-2.0.48-6.21.C30mdk.x86_64.rpm\r\n f99582e97f0987e4b0be6add27723183 corporate/3.0/x86_64/apache2-devel-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 44072cb59097737b3c00f5e8298ed89b corporate/3.0/x86_64/apache2-manual-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 2d333f222f65952cae96754f7f21b604 \r\ncorporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 0f5fa126d97dd1edc543a5b5de96c6e7 \r\ncorporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 555b2aedd6de7fb706995fb59fa6b4f3 \r\ncorporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 1541273d263d9bda5e5eafeba7861e0c \r\ncorporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 295ef0b46ea5949fa0af116042936556 \r\ncorporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 0dd4ae154c12f557a71448b5bdb42479 \r\ncorporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.21.C30mdk.x86_64.rpm\r\n b93220ceeae20d88f4ae73182b9e72e6 \r\ncorporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 97dc6100022a85442ac7dd7da01fae34 \r\ncorporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.21.C30mdk.x86_64.rpm\r\n acb4b5e5955d42cca93d1ebec2328b23 \r\ncorporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 1af23190753541fe7d24f9bd85f57b1d \r\ncorporate/3.0/x86_64/apache2-modules-2.0.48-6.21.C30mdk.x86_64.rpm\r\n 305ee3ac2af4c6ef4db046ecb3dd98ec corporate/3.0/x86_64/apache2-source-2.0.48-6.21.C30mdk.x86_64.rpm\r\n e35e16fc12456a824a9e85dcfc9dbf0c corporate/3.0/x86_64/lib64apr0-2.0.48-6.21.C30mdk.x86_64.rpm \r\n b7bdb08234711c39badc0dc000ca3d20 corporate/3.0/SRPMS/apache2-2.0.48-6.21.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n b9d526a415d82322c308912f97e4f1ae corporate/4.0/i586/apache-base-2.2.3-1.7.20060mlcs4.i586.rpm\r\n a31613a66362403a6352d52047836e30 corporate/4.0/i586/apache-devel-2.2.3-1.7.20060mlcs4.i586.rpm\r\n dce72691c79bba01ee313fc378b36eb9 \r\ncorporate/4.0/i586/apache-htcacheclean-2.2.3-1.7.20060mlcs4.i586.rpm\r\n b7937f4ef06f280f749c1fe5b7af10d2 \r\ncorporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.7.20060mlcs4.i586.rpm\r\n 24ead4ff2d81737dcac9d625cdd5aaae corporate/4.0/i586/apache-mod_cache-2.2.3-1.7.20060mlcs4.i586.rpm\r\n e1f31a31c845ef295ad5122a78ea3650 corporate/4.0/i586/apache-mod_dav-2.2.3-1.7.20060mlcs4.i586.rpm\r\n 5ab10d768e463ae55838d347ec245102 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.7.20060mlcs4.i586.rpm\r\n 9b6b94cdeb55e147c7634297761990a0 \r\ncorporate/4.0/i586/apache-mod_deflate-2.2.3-1.7.20060mlcs4.i586.rpm\r\n b1690a889bf2babfc911a2d600eb5081 \r\ncorporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.7.20060mlcs4.i586.rpm\r\n 7f6bf2cfb1500cc55c3a195cc2b87a84 \r\ncorporate/4.0/i586/apache-mod_file_cache-2.2.3-1.7.20060mlcs4.i586.rpm\r\n 6a57c241fab6d850ba46fc232132b2e0 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.7.20060mlcs4.i586.rpm\r\n cf6a260d57b93c8e9bfe6fcbb97cb69a \r\ncorporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.7.20060mlcs4.i586.rpm\r\n 6a92e7840ff05818cca56ed1ee96df62 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.7.20060mlcs4.i586.rpm\r\n f179ca37d885c3aaca4669a6173eb0c0 \r\ncorporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.7.20060mlcs4.i586.rpm\r\n 52a7784816d6b4808a21e87990b40c70 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.7.20060mlcs4.i586.rpm\r\n cdc4728fba27771d29728f1b1678d309 corporate/4.0/i586/apache-modules-2.2.3-1.7.20060mlcs4.i586.rpm\r\n cc4ca804e4fa51f7c4131ad16902ab9d \r\ncorporate/4.0/i586/apache-mod_userdir-2.2.3-1.7.20060mlcs4.i586.rpm\r\n bdee23bef1375ecbd47aeab1bdc9ed91 \r\ncorporate/4.0/i586/apache-mpm-prefork-2.2.3-1.7.20060mlcs4.i586.rpm\r\n 449dfc068e06df184de8d36159b84765 \r\ncorporate/4.0/i586/apache-mpm-worker-2.2.3-1.7.20060mlcs4.i586.rpm\r\n b5bd6a5ed078c35805b4ec2d9a788a79 corporate/4.0/i586/apache-source-2.2.3-1.7.20060mlcs4.i586.rpm \r\n f206539ed9c3497f21f26a758d3403b4 corporate/4.0/SRPMS/apache-2.2.3-1.7.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 15ae114c8d2959ef5c6486029404f689 corporate/4.0/x86_64/apache-base-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 5198dcd3060de93577812740087fbc8d corporate/4.0/x86_64/apache-devel-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 93d6afa11a57e157a53716ccf16cf0ef \r\ncorporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n bc92cde6ea8b747d34f0a6ad5ac9e680 \r\ncorporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 7d08b4692a1e5ba32ffef6d734b96bcc \r\ncorporate/4.0/x86_64/apache-mod_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 87fc6d219c07f01a7f201f6bf413ff67 \r\ncorporate/4.0/x86_64/apache-mod_dav-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n feecfa18e01f0f03a262ea490fb0830f \r\ncorporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 85a108666e4130d3a6b4fa0fed100aba \r\ncorporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n a2d85bb6cd3d31c0d96f0fec454f2576 \r\ncorporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n e4027426a6dbfab2cb26e71266609ad3 \r\ncorporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 29df20ff497abe06723103fb5bdf5411 \r\ncorporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n fcae351832eaa3be0ee81bd1032a0ad2 \r\ncorporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 704b87767aa6fbb279cc8f755650af82 \r\ncorporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 544cf4f5cc0a9fafb62acb6808f44540 \r\ncorporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n b39cdcbc90bedfa443356c37451808c0 \r\ncorporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n f3d517adf5a4ce033d8d067fc6b14955 \r\ncorporate/4.0/x86_64/apache-modules-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n c6c9c109cb6a41d52e702807e9704929 \r\ncorporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 3bf40c38ea6c6afb5d75b02e9425cbfc \r\ncorporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 737c7f37638e53faf7cc269d6f197c2d \r\ncorporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.7.20060mlcs4.x86_64.rpm\r\n 9c793d83ccec6978fc1de8106ad05595 \r\ncorporate/4.0/x86_64/apache-source-2.2.3-1.7.20060mlcs4.x86_64.rpm \r\n f206539ed9c3497f21f26a758d3403b4 corporate/4.0/SRPMS/apache-2.2.3-1.7.20060mlcs4.src.rpm\r\n\r\n Multi Network Firewall 2.0:\r\n 55005338af9c4480caac9ffa86623264 mnf/2.0/i586/apache2-2.0.48-6.21.C30mdk.i586.rpm\r\n 1263d183c09bcf57234a8f91de009e6b mnf/2.0/i586/apache2-common-2.0.48-6.21.C30mdk.i586.rpm\r\n a5650d1b998d0e5b383d5ce47aa55433 mnf/2.0/i586/apache2-devel-2.0.48-6.21.C30mdk.i586.rpm\r\n d8b95b26cb53876fc299a64f1262b7db mnf/2.0/i586/apache2-manual-2.0.48-6.21.C30mdk.i586.rpm\r\n 69ac5aeed2fd42c52ce4f09fc5b70d62 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.21.C30mdk.i586.rpm\r\n b6748d917602b92ea097129b317a5366 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.21.C30mdk.i586.rpm\r\n 950d5f9f1710a0b3f9071cd4adfaa28b mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.21.C30mdk.i586.rpm\r\n 4885836db49da3bbcb31f1b1769c14d4 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.21.C30mdk.i586.rpm\r\n cf58f6eb5f73b9ea4f9d11132cda42db mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.21.C30mdk.i586.rpm\r\n 06d5bb0f4c027b27642ff5c5eade19a2 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.21.C30mdk.i586.rpm\r\n 4c76e76cea72d3449aceaf8ce91c6f44 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.21.C30mdk.i586.rpm\r\n 7b47e45702c799d496524b58b1128aaf mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.21.C30mdk.i586.rpm\r\n 19f0e35da2f28563cb11136ea7dfeee7 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.21.C30mdk.i586.rpm\r\n 940dbdedd9567b10414164a0d06e9898 mnf/2.0/i586/apache2-modules-2.0.48-6.21.C30mdk.i586.rpm\r\n 3fac4349b9d5c061a0f83c16935eef8c mnf/2.0/i586/apache2-source-2.0.48-6.21.C30mdk.i586.rpm\r\n 1306a508a996ed429b1f022dca2890ec mnf/2.0/i586/libapr0-2.0.48-6.21.C30mdk.i586.rpm \r\n 0640552aaad9af58f8f0dc97a2aaf6e9 mnf/2.0/SRPMS/apache2-2.0.48-6.21.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFKVfgomqjQ0CJFipgRAuG7AJwNjHQS8BRukgf6jx7cwo7hVBjiFACgx/bp\r\ncfmKStVOUmNQurlGpWWJe3I=\r\n=g8pO\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2009-07-09T00:00:00", "title": "[ MDVSA-2009:149 ] apache", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-1890", "CVE-2009-1891"], "modified": "2009-07-09T00:00:00", "id": "SECURITYVULNS:DOC:22148", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22148", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:46:14", "description": "128 vulnerabilities in different application.", "edition": 2, "cvss3": {}, "published": "2013-05-04T00:00:00", "title": "Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2013-2377", "CVE-2013-1529", "CVE-2013-0408", "CVE-2013-2395", "CVE-2013-1545", "CVE-2013-1521", "CVE-2013-1530", "CVE-2013-1517", "CVE-2013-0405", "CVE-2013-1567", "CVE-2013-1543", "CVE-2013-1532", "CVE-2013-1514", "CVE-2013-2392", "CVE-2012-4303", "CVE-2013-1536", "CVE-2009-1955", "CVE-2013-1501", "CVE-2012-5614", "CVE-2013-1538", "CVE-2009-2699", "CVE-2013-2397", "CVE-2013-1526", "CVE-2013-1516", "CVE-2013-2380", "CVE-2013-1568", "CVE-2013-1544", "CVE-2013-2411", "CVE-2012-2751", "CVE-2013-2409", "CVE-2013-1504", "CVE-2013-1523", "CVE-2013-1506", "CVE-2013-1503", "CVE-2013-1507", "CVE-2013-2393", "CVE-2013-1565", "CVE-2013-1560", "CVE-2013-2382", "CVE-2012-0568", "CVE-2013-1533", "CVE-2013-2379", "CVE-2010-2791", "CVE-2013-1552", "CVE-2013-1555", "CVE-2013-1539", "CVE-2013-2402", "CVE-2013-2401", "CVE-2013-1550", "CVE-2010-0408", "CVE-2013-1525", "CVE-2013-1497", "CVE-2013-2408", "CVE-2013-0416", "CVE-2013-2381", "CVE-2013-2388", "CVE-2013-2405", "CVE-2013-1542", "CVE-2013-1551", "CVE-2013-1512", "CVE-2013-1499", "CVE-2013-1513", "CVE-2013-2404", "CVE-2013-1535", "CVE-2013-0410", "CVE-2013-2399", "CVE-2013-2391", "CVE-2013-2441", "CVE-2013-1496", "CVE-2009-1890", "CVE-2013-1556", "CVE-2010-2068", "CVE-2013-1570", "CVE-2013-1495", "CVE-2013-1515", "CVE-2013-1509", "CVE-2013-1554", "CVE-2013-1534", "CVE-2013-2413", "CVE-2009-0023", "CVE-2013-1528", "CVE-2013-1547", "CVE-2013-0413", "CVE-2013-1566", "CVE-2013-1527", "CVE-2013-1511", "CVE-2013-1562", "CVE-2013-0412", "CVE-2013-2410", "CVE-2013-1502", "CVE-2013-1519", "CVE-2013-1541", "CVE-2013-1505", "CVE-2013-1524", "CVE-2013-0406", "CVE-2013-2390", "CVE-2013-1548", "CVE-2013-1531", "CVE-2009-1956", "CVE-2013-2375", "CVE-2007-1862", "CVE-2013-2374", "CVE-2013-0403", "CVE-2013-1498", "CVE-2013-2389", "CVE-2013-1559", "CVE-2012-0841", "CVE-2013-1553", "CVE-2013-1520", "CVE-2013-2387", "CVE-2013-1546", "CVE-2013-0411", "CVE-2013-2378", "CVE-2013-2403", "CVE-2013-1522", "CVE-2013-1549", "CVE-2013-2406", "CVE-2013-2386", "CVE-2013-1510", "CVE-2013-2385", "CVE-2013-2398", "CVE-2013-1508", "CVE-2013-2376", "CVE-2013-2396", "CVE-2013-0404", "CVE-2012-0570", "CVE-2013-1494"], "modified": "2013-05-04T00:00:00", "id": "SECURITYVULNS:VULN:13017", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13017", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "cvss3": {}, "published": "2009-08-31T23:39:38", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: httpd-2.2.13-1.fc11", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891"], "modified": "2009-08-31T23:39:38", "id": "FEDORA:8669910F899", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HDAUO26TVJMBOKEUXVTBPHR53KPHEYPM/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:14:14", "description": "### Background\n\nThe Apache HTTP server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Apache HTTP server: \n\n * Jonathan Peatfield reported that the \"Options=IncludesNoEXEC\" argument to the \"AllowOverride\" directive is not processed properly (CVE-2009-1195).\n * Sander de Boer discovered that the AJP proxy module (mod_proxy_ajp) does not correctly handle POST requests that do not contain a request body (CVE-2009-1191).\n * The vendor reported that the HTTP proxy module (mod_proxy_http), when being used as a reverse proxy, does not properly handle requests containing more data as stated in the \"Content-Length\" header (CVE-2009-1890).\n * Francois Guerraz discovered that mod_deflate does not abort the compression of large files even when the requesting connection is closed prematurely (CVE-2009-1891).\n\n### Impact\n\nA local attacker could circumvent restrictions put up by the server administrator and execute arbitrary commands with the privileges of the user running the Apache server. A remote attacker could send multiple requests to a server with the AJP proxy module, possibly resulting in the disclosure of a request intended for another client, or cause a Denial of Service by sending specially crafted requests to servers running mod_proxy_http or mod_deflate. \n\n### Workaround\n\nRemove \"include\", \"proxy_ajp\", \"proxy_http\" and \"deflate\" from APACHE2_MODULES in make.conf and rebuild Apache, or disable the aforementioned modules in the Apache configuration. \n\n### Resolution\n\nAll Apache users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.2.11-r2\"", "cvss3": {}, "published": "2009-07-12T00:00:00", "type": "gentoo", "title": "Apache: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891"], "modified": "2009-07-12T00:00:00", "id": "GLSA-200907-04", "href": "https://security.gentoo.org/glsa/200907-04", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:33:55", "description": "The Apache web server was updated to fix various security issues: - the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195) - mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891) - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2009-10-26T13:21:56", "type": "suse", "title": "potential code execution in apache2,libapr1", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-3094", "CVE-2009-1890", "CVE-2009-3095", "CVE-2009-2412", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2009-10-26T13:21:56", "id": "SUSE-SA:2009:050", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nApache ChangeLog reports:\n\nCVE-2009-1891: Fix a potential Denial-of-Service attack against mod_deflate or other modules.\nCVE-2009-1195: Prevent the \"Includes\" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it.\nCVE-2009-1890: Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration.\nCVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body.\nCVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules (was already fixed in 2.2.11_5).\n\n\n", "cvss3": {}, "published": "2009-07-28T00:00:00", "type": "freebsd", "title": "apache22 -- several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956"], "modified": "2009-07-28T00:00:00", "id": "E15F2356-9139-11DE-8F42-001AA0166822", "href": "https://vuxml.freebsd.org/freebsd/e15f2356-9139-11de-8f42-001aa0166822.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:37:13", "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/httpd-2.2.12-i486-1_slack12.2.tgz: Upgraded.\n This update fixes some security issues (from the CHANGES file):\n *) SECURITY: CVE-2009-1891 (cve.mitre.org)\n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects. PR 39605.\n [Joe Orton, Ruediger Pluem]\n *) SECURITY: CVE-2009-1195 (cve.mitre.org)\n Prevent the &quot;Includes&quot; Option from being enabled in an .htaccess\n file if the AllowOverride restrictions do not permit it.\n [Jonathan Peatfield &lt;j.s.peatfield damtp.cam.ac.uk&gt;, Joe Orton,\n Ruediger Pluem, Jeff Trawick]\n *) SECURITY: CVE-2009-1890 (cve.mitre.org)\n Fix a potential Denial-of-Service attack against mod_proxy in a\n reverse proxy configuration, where a remote attacker can force a\n proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]\n *) SECURITY: CVE-2009-1191 (cve.mitre.org)\n mod_proxy_ajp: Avoid delivering content from a previous request which\n failed to send a request body. PR 46949 [Ruediger Pluem]\n *) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)\n The bundled copy of the APR-util library has been updated, fixing three\n different security issues which may affect particular configurations\n and third-party modules.\n These last three CVEs were addressed in Slackware previously with an\n update to new system apr and apr-util packages.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.12-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.12-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.12-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.12-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.12-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n1ef7c8d65f8d7398abfcde3dd46aed7f httpd-2.2.12-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n349f4437fb4c2573a134c3485dda0265 httpd-2.2.12-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n253406ed8801276a635008d7749db55f httpd-2.2.12-i486-1_slack12.2.tgz\n\nSlackware -current package:\n4a2ffd0ef9184fed93f651b83f6eaf6a httpd-2.2.12-i486-1.txz\n\nSlackware64 -current package:\n560b607f09a934a46fc3112a2659b06b httpd-2.2.12-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg httpd-2.2.12-i486-1_slack12.2.tgz\n\nThen, restart the httpd server.", "cvss3": {}, "published": "2009-08-02T15:33:03", "type": "slackware", "title": "httpd", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2009-1955", "CVE-2009-1890", "CVE-2009-0023", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "modified": "2009-08-02T15:33:03", "id": "SSA-2009-214-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.566124", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2021-06-08T18:46:13", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 128 new security fixes across the product families listed below.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "cvss3": {}, "published": "2013-04-16T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update - April 2013", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-1191", "CVE-2013-2377", "CVE-2013-1529", "CVE-2013-2415", "CVE-2013-0408", "CVE-2013-2395", "CVE-2013-1545", "CVE-2013-1521", "CVE-2013-1530", "CVE-2013-1517", "CVE-2013-0405", "CVE-2013-1567", "CVE-2013-1543", "CVE-2013-1532", "CVE-2013-1514", "CVE-2013-2392", "CVE-2012-4303", "CVE-2013-1536", "CVE-2009-1955", "CVE-2013-1501", "CVE-2012-5614", "CVE-2013-1538", "CVE-2009-2699", "CVE-2013-2397", "CVE-2013-1526", "CVE-2013-1516", "CVE-2013-2380", "CVE-2013-1568", "CVE-2013-1544", "CVE-2013-2411", "CVE-2012-2751", "CVE-2013-2409", "CVE-2013-1504", "CVE-2013-1523", "CVE-2013-1506", "CVE-2013-1503", "CVE-2013-1507", "CVE-2013-2393", "CVE-2013-1565", "CVE-2013-1560", "CVE-2013-2382", "CVE-2012-0568", "CVE-2013-1533", "CVE-2013-2379", "CVE-2010-2791", "CVE-2013-1552", "CVE-2013-1555", "CVE-2013-1539", "CVE-2013-2402", "CVE-2013-2401", "CVE-2013-1550", "CVE-2010-0408", "CVE-2013-1525", "CVE-2013-1497", "CVE-2013-2408", "CVE-2013-0416", "CVE-2013-1537", "CVE-2013-2381", "CVE-2013-2388", "CVE-2013-2405", "CVE-2013-1542", "CVE-2013-1551", "CVE-2013-1512", "CVE-2013-1499", "CVE-2013-1513", "CVE-2013-2404", "CVE-2013-1535", "CVE-2013-0410", "CVE-2013-2399", "CVE-2013-2391", "CVE-2013-2441", "CVE-2013-1496", "CVE-2009-1890", "CVE-2013-1556", "CVE-2010-2068", "CVE-2013-1570", "CVE-2013-1495", "CVE-2013-1515", "CVE-2013-1509", "CVE-2013-1554", "CVE-2013-1534", "CVE-2013-2413", "CVE-2009-0023", "CVE-2013-1528", "CVE-2013-1547", "CVE-2013-0413", "CVE-2013-1566", "CVE-2013-1527", "CVE-2013-1511", "CVE-2013-1562", "CVE-2013-0412", "CVE-2013-2410", "CVE-2013-1502", "CVE-2013-1519", "CVE-2013-1541", "CVE-2013-1505", "CVE-2013-1524", "CVE-2013-0406", "CVE-2013-2390", "CVE-2013-1548", "CVE-2013-1531", "CVE-2009-1956", "CVE-2013-2375", "CVE-2007-1862", "CVE-2013-2374", "CVE-2013-0403", "CVE-2013-1498", "CVE-2013-2389", "CVE-2013-1559", "CVE-2012-0841", "CVE-2013-1553", "CVE-2013-1520", "CVE-2013-2387", "CVE-2013-1546", "CVE-2013-0411", "CVE-2013-2378", "CVE-2013-2403", "CVE-2013-1522", "CVE-2013-1549", "CVE-2013-2406", "CVE-2013-2386", "CVE-2013-1510", "CVE-2013-2385", "CVE-2013-2398", "CVE-2013-1508", "CVE-2013-2376", "CVE-2013-2396", "CVE-2013-0404", "CVE-2012-0570", "CVE-2013-1494"], "modified": "2013-04-16T00:00:00", "id": "ORACLE:CPUAPR2013-1899555", "href": "https://www.oracle.com/security-alerts/cpuapr2013.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}