Fedora Update for mod_http2 FEDORA-2018-bb9d24c82d
2018-10-21T00:00:00
ID OPENVAS:1361412562310875212 Type openvas Reporter Copyright (C) 2018 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_fedora_2018_bb9d24c82d_mod_http2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $
#
# Fedora Update for mod_http2 FEDORA-2018-bb9d24c82d
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.875212");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2018-10-21 07:23:38 +0200 (Sun, 21 Oct 2018)");
script_cve_id("CVE-2018-11763", "CVE-2018-1302");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_tag(name:"qod_type", value:"package");
script_name("Fedora Update for mod_http2 FEDORA-2018-bb9d24c82d");
script_tag(name:"summary", value:"The remote host is missing an update for the 'mod_http2'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"affected", value:"mod_http2 on Fedora 27");
script_tag(name:"solution", value:"Please install the updated packages.");
script_xref(name:"FEDORA", value:"2018-bb9d24c82d");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZKOG4QPHEZVKLK6QRBCYSXCRPWMZ7GE");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC27");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC27")
{
if ((res = isrpmvuln(pkg:"mod_http2", rpm:"mod_http2~1.11.1~1.fc27", rls:"FC27")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310875212", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for mod_http2 FEDORA-2018-bb9d24c82d", "description": "The remote host is missing an update for the ", "published": "2018-10-21T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875212", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["2018-bb9d24c82d", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZKOG4QPHEZVKLK6QRBCYSXCRPWMZ7GE"], "cvelist": ["CVE-2018-1302", "CVE-2018-11763"], "lastseen": "2019-05-29T18:33:06", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-1302", "CVE-2018-11763"]}, {"type": "f5", "idList": ["F5:K11509465", "F5:K28902827"]}, {"type": "fedora", "idList": ["FEDORA:A2B24616444E", "FEDORA:C63046095B2B", "FEDORA:3898F6076D25", "FEDORA:C4C3B60F756C", "FEDORA:08F4166AED40", "FEDORA:406C9615BA7E", "FEDORA:E8F1960525C8", "FEDORA:7930060A7CB6", "FEDORA:C85E36015F7B", "FEDORA:8C5166149B46"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852123", "OPENVAS:1361412562310874327", "OPENVAS:1361412562310812850", "OPENVAS:1361412562310812845", "OPENVAS:1361412562310875679", "OPENVAS:1361412562310843652", "OPENVAS:1361412562310851964", "OPENVAS:1361412562310814057", "OPENVAS:1361412562310875197", "OPENVAS:1361412562310874396"]}, {"type": "ubuntu", "idList": ["USN-3783-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2018-3101-1.NASL", "FEDORA_2018-0A95BFF197.NASL", "OPENSUSE-2018-1378.NASL", "FEDORA_2018-9CDBB641F9.NASL", "FEDORA_2018-63DE5F3F6B.NASL", "FEDORA_2018-EEC13E2E8D.NASL", "FEDORA_2018-6FFB18592F.NASL", "OPENSUSE-2018-1178.NASL", "UBUNTU_USN-3783-1.NASL", "EULEROS_SA-2020-2016.NASL"]}, {"type": "httpd", "idList": ["HTTPD:53F7D531D201D0209EE31F3FA8829F5B", "HTTPD:A5773ECB3CB67826707B252F21BB80BB", "HTTPD:43E63F90DCA6F418ACF2327C4F88C3D8"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1814-1", "OPENSUSE-SU-2018:3185-1", "OPENSUSE-SU-2018:3713-1", "OPENSUSE-SU-2019:0084-1", "OPENSUSE-SU-2019:1547-1"]}, {"type": "amazon", "idList": ["ALAS-2018-1004", "ALAS-2018-1104", "ALAS2-2019-1155", "ALAS2-2018-1104"]}, {"type": "zdi", "idList": ["ZDI-18-1369"]}, {"type": "freebsd", "idList": ["F38187E7-2F6E-11E8-8F07-B499BAEBFEAF", "E182C076-C189-11E8-A6D2-B499BAEBFEAF"]}, {"type": "redhat", "idList": ["RHSA-2018:3558", "RHSA-2019:0366", "RHSA-2019:0367"]}, {"type": "symantec", "idList": ["SMNTC-1457"]}, {"type": "archlinux", "idList": ["ASA-201804-4"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2019", "ORACLE:CPUJAN2019-5072801", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2019-5072813"]}], "modified": "2019-05-29T18:33:06", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2019-05-29T18:33:06", "rev": 2}, "vulnersScore": 7.6}, "pluginID": "1361412562310875212", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_bb9d24c82d_mod_http2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mod_http2 FEDORA-2018-bb9d24c82d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875212\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-21 07:23:38 +0200 (Sun, 21 Oct 2018)\");\n script_cve_id(\"CVE-2018-11763\", \"CVE-2018-1302\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mod_http2 FEDORA-2018-bb9d24c82d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_http2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mod_http2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-bb9d24c82d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZKOG4QPHEZVKLK6QRBCYSXCRPWMZ7GE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_http2\", rpm:\"mod_http2~1.11.1~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T06:52:25", "description": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.", "edition": 12, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-09-25T21:29:00", "title": "CVE-2018-11763", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11763"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:apache:http_server:2.4.34", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:retail_xstore_point_of_service:7.0", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/a:oracle:instantis_enterprisetrack:17.3", "cpe:/a:oracle:hospitality_guest_access:4.2.0", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:oracle:retail_xstore_point_of_service:7.1", "cpe:/a:oracle:instantis_enterprisetrack:17.2", "cpe:/a:oracle:secure_global_desktop:5.4", "cpe:/a:netapp:storage_automation_store:-", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/a:oracle:hospitality_guest_access:4.2.1", "cpe:/a:oracle:instantis_enterprisetrack:17.1", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2018-11763", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11763", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:52:27", "description": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.", "edition": 9, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-03-26T15:29:00", "title": "CVE-2018-1302", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1302"], "modified": "2019-08-15T09:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:apache:http_server:2.4.29", "cpe:/a:netapp:santricity_cloud_connector:-", "cpe:/a:netapp:clustered_data_ontap:-", "cpe:/a:netapp:storage_automation_store:-", "cpe:/a:netapp:storagegrid:-"], "id": "CVE-2018-1302", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1302", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:40:30", "bulletinFamily": "software", "cvelist": ["CVE-2018-11763"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-10-05T00:18:00", "published": "2018-10-05T00:18:00", "id": "F5:K28902827", "href": "https://support.f5.com/csp/article/K28902827", "title": "Apache mod_http2 vulnerability CVE-2018-11763", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-10T20:29:11", "bulletinFamily": "software", "cvelist": ["CVE-2018-1302"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-04-09T19:56:00", "published": "2018-04-09T19:56:00", "id": "F5:K11509465", "href": "https://support.f5.com/csp/article/K11509465", "title": "Apache mod_http2 vulnerability CVE-2018-1302", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763", "CVE-2018-1302"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2018-10-19T15:51:02", "published": "2018-10-19T15:51:02", "id": "FEDORA:C63046095B2B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mod_http2-1.11.1-1.fc27", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1302"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2018-04-05T23:58:59", "published": "2018-04-05T23:58:59", "id": "FEDORA:C4C3B60F756C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mod_http2-1.10.16-1.fc27", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1302"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2018-04-05T11:50:11", "published": "2018-04-05T11:50:11", "id": "FEDORA:A2B24616444E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mod_http2-1.10.16-1.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1302"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2018-04-27T22:59:57", "published": "2018-04-27T22:59:57", "id": "FEDORA:8C5166149B46", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: mod_http2-1.10.18-1.fc26", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2018-10-30T17:44:04", "published": "2018-10-30T17:44:04", "id": "FEDORA:08F4166AED40", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mod_http2-1.11.1-1.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2018-10-15T10:47:22", "published": "2018-10-15T10:47:22", "id": "FEDORA:3898F6076D25", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mod_http2-1.11.1-1.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763", "CVE-2019-0196"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2019-06-28T22:09:19", "published": "2019-06-28T22:09:19", "id": "FEDORA:406C9615BA7E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mod_http2-1.15.1-1.fc29", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763", "CVE-2018-17189"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2019-03-21T14:42:38", "published": "2019-03-21T14:42:38", "id": "FEDORA:E8F1960525C8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mod_http2-1.14.1-1.fc29", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763", "CVE-2018-17189"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2019-03-23T02:25:44", "published": "2019-03-23T02:25:44", "id": "FEDORA:C85E36015F7B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mod_http2-1.14.1-1.fc28", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763", "CVE-2019-9511", "CVE-2019-9516", "CVE-2019-9517"], "description": "The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. ", "modified": "2019-08-30T00:51:34", "published": "2019-08-30T00:51:34", "id": "FEDORA:7930060A7CB6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mod_http2-1.15.3-2.fc29", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:43:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1333", "CVE-2018-1302", "CVE-2018-11763"], "description": "Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module \nincorrectly destroyed certain streams. A remote attacker could possibly \nuse this issue to cause the server to crash, leading to a denial of \nservice. (CVE-2018-1302)\n\nCraig Young discovered that the Apache HTTP Server HTTP/2 module \nincorrectly handled certain requests. A remote attacker could possibly \nuse this issue to cause the server to consume resources, leading to a \ndenial of service. (CVE-2018-1333)\n\nGal Goldshtein discovered that the Apache HTTP Server HTTP/2 module \nincorrectly handled large SETTINGS frames. A remote attacker could possibly \nuse this issue to cause the server to consume resources, leading to a \ndenial of service. (CVE-2018-11763)", "edition": 3, "modified": "2018-10-03T00:00:00", "published": "2018-10-03T00:00:00", "id": "USN-3783-1", "href": "https://ubuntu.com/security/notices/USN-3783-1", "title": "Apache HTTP Server vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1333", "CVE-2018-1302", "CVE-2018-11763"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-04T00:00:00", "id": "OPENVAS:1361412562310843652", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843652", "type": "openvas", "title": "Ubuntu Update for apache2 USN-3783-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3783_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for apache2 USN-3783-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843652\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-04 08:32:19 +0200 (Thu, 04 Oct 2018)\");\n script_cve_id(\"CVE-2018-1302\", \"CVE-2018-1333\", \"CVE-2018-11763\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for apache2 USN-3783-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is\npresent on the target host.\");\n script_tag(name:\"insight\", value:\"Robert Swiecki discovered that the\nApache HTTP Server HTTP/2 module incorrectly destroyed certain streams.\nA remote attacker could possibly use this issue to cause the server to\ncrash, leading to a denial of service. (CVE-2018-1302)\n\nCraig Young discovered that the Apache HTTP Server HTTP/2 module\nincorrectly handled certain requests. A remote attacker could possibly\nuse this issue to cause the server to consume resources, leading to a\ndenial of service. (CVE-2018-1333)\n\nGal Goldshtein discovered that the Apache HTTP Server HTTP/2 module\nincorrectly handled large SETTINGS frames. A remote attacker could possibly\nuse this issue to cause the server to consume resources, leading to a\ndenial of service. (CVE-2018-11763)\");\n script_tag(name:\"affected\", value:\"apache2 on Ubuntu 18.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3783-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3783-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-bin\", ver:\"2.4.29-1ubuntu4.4\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1302"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310874327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874327", "type": "openvas", "title": "Fedora Update for mod_http2 FEDORA-2018-0a95bff197", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_0a95bff197_mod_http2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mod_http2 FEDORA-2018-0a95bff197\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874327\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-06 10:08:52 +0200 (Fri, 06 Apr 2018)\");\n script_cve_id(\"CVE-2018-1302\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mod_http2 FEDORA-2018-0a95bff197\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_http2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mod_http2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-0a95bff197\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ST7D2LSLFS247SVWQNCCJ3CMFSAYJPA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_http2\", rpm:\"mod_http2~1.10.16~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1302"], "description": "The host is installed with Apache HTTP server\n and is prone to a denial of service vulnerability.", "modified": "2019-05-03T00:00:00", "published": "2018-04-02T00:00:00", "id": "OPENVAS:1361412562310812850", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812850", "type": "openvas", "title": "Apache HTTP Server Denial of Service Vulnerability Apr18 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache HTTP Server Denial of Service Vulnerability Apr18 (Windows)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812850\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-1302\");\n script_bugtraq_id(103528);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 16:48:45 +0530 (Mon, 02 Apr 2018)\");\n script_name(\"Apache HTTP Server Denial of Service Vulnerability Apr18 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Apache HTTP server\n and is prone to a denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists as the Apache HTTP Server\n writes a NULL pointer potentially to an already freed memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to destroy an HTTP/2 stream, resulting in a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP server versions 2.4.17, 2.4.18,\n 2.4.20, 2.4.23 and from 2.4.25 to 2.4.29 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 2.4.30 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_xref(name:\"URL\", value:\"https://httpd.apache.org/download.cgi\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2018/03/24/8\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2018/03/24/2\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Host/runs_windows\", \"apache/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!hport = get_app_port(cpe: CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:hport, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\naffected = make_list(\"2.4.17\", \"2.4.18\", \"2.4.20\", \"2.4.23\", \"2.4.25\", \"2.4.26\", \"2.4.27\", \"2.4.28\", \"2.4.29\");\n\nif(version_in_range(version:vers, test_version:\"2.4.17\", test_version2:\"2.4.29\"))\n{\n foreach version (affected)\n {\n if(vers == version)\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2.4.30\" , install_path:path);\n security_message(port:hport, data:report);\n exit(0);\n }\n }\n}\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1302"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-05-02T00:00:00", "id": "OPENVAS:1361412562310874396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874396", "type": "openvas", "title": "Fedora Update for mod_http2 FEDORA-2018-63de5f3f6b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_63de5f3f6b_mod_http2_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mod_http2 FEDORA-2018-63de5f3f6b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874396\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-02 16:59:03 +0530 (Wed, 02 May 2018)\");\n script_cve_id(\"CVE-2018-1302\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mod_http2 FEDORA-2018-63de5f3f6b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_http2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mod_http2 on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-63de5f3f6b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKKJZY3KR23XVOMRIFSRAKWQCN3B6B7N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_http2\", rpm:\"mod_http2~1.10.18~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1302"], "description": "The host is installed with Apache HTTP server\n and is prone to a denial of service vulnerability.", "modified": "2019-05-03T00:00:00", "published": "2018-04-04T00:00:00", "id": "OPENVAS:1361412562310812845", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812845", "type": "openvas", "title": "Apache HTTP Server Denial of Service Vulnerability Apr18 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache HTTP Server Denial of Service Vulnerability Apr18 (Linux)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812845\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-1302\");\n script_bugtraq_id(103528);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-04 11:31:27 +0530 (Wed, 04 Apr 2018)\");\n script_name(\"Apache HTTP Server Denial of Service Vulnerability Apr18 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Apache HTTP server\n and is prone to a denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists as the Apache HTTP Server\n writes a NULL pointer potentially to an already freed memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to destroy an HTTP/2 stream, resulting in a denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP server versions 2.4.17, 2.4.18,\n 2.4.20, 2.4.23 and from 2.4.25 to 2.4.29 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 2.4.30 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_xref(name:\"URL\", value:\"https://httpd.apache.org/download.cgi\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2018/03/24/8\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2018/03/24/2\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"Host/runs_unixoide\", \"apache/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!hport = get_app_port(cpe: CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:hport, exit_no_version:TRUE)) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\naffected = make_list(\"2.4.17\", \"2.4.18\", \"2.4.20\", \"2.4.23\", \"2.4.25\", \"2.4.26\", \"2.4.27\", \"2.4.28\", \"2.4.29\");\n\nif(version_in_range(version:vers, test_version:\"2.4.17\", test_version2:\"2.4.29\"))\n{\n foreach version (affected)\n {\n if(vers == version)\n {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2.4.30\" , install_path:path);\n security_message(port:hport, data:report);\n exit(0);\n }\n }\n}\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T17:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310851964", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851964", "type": "openvas", "title": "openSUSE: Security Advisory for apache2 (openSUSE-SU-2018:3185-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851964\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-11763\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:23:35 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for apache2 (openSUSE-SU-2018:3185-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3185-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00031.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the openSUSE-SU-2018:3185-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for apache2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-11763: In Apache HTTP Server by sending continuous, large\n SETTINGS frames a client can occupy a connection, server thread and CPU\n time without any connection timeout coming to effect. This affects only\n HTTP/2 connections. (bsc#1109961)\n\n Bug fixes:\n\n - consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation says\n (patch Juergen Gleiss)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1178=1\");\n\n script_tag(name:\"affected\", value:\"apache2 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event\", rpm:\"apache2-event~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event-debuginfo\", rpm:\"apache2-event-debuginfo~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork-debuginfo\", rpm:\"apache2-prefork-debuginfo~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils-debuginfo\", rpm:\"apache2-utils-debuginfo~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker-debuginfo\", rpm:\"apache2-worker-debuginfo~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.4.33~lp150.2.6.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875679", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875679", "type": "openvas", "title": "Fedora Update for mod_http2 FEDORA-2018-9cdbb641f9", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875679\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-11763\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:15:36 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for mod_http2 FEDORA-2018-9cdbb641f9\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9cdbb641f9\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MANB5SVGXYE64XKPFZNMXLUSRA2AGWHQ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_http2'\n package(s) announced via the FEDORA-2018-9cdbb641f9 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on\ntop of libnghttp2 for httpd 2.4 servers.\");\n\n script_tag(name:\"affected\", value:\"'mod_http2' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_http2\", rpm:\"mod_http2~1.11.1~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T17:37:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-11-10T00:00:00", "id": "OPENVAS:1361412562310852123", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852123", "type": "openvas", "title": "openSUSE: Security Advisory for apache2 (openSUSE-SU-2018:3713-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852123\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-11763\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-10 05:59:53 +0100 (Sat, 10 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for apache2 (openSUSE-SU-2018:3713-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3713-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00015.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache2'\n package(s) announced via the openSUSE-SU-2018:3713-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for apache2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-11763: In Apache HTTP Server by sending continuous, large\n SETTINGS frames a client can occupy a connection, server thread and CPU\n time without any connection timeout coming to effect. This affects only\n HTTP/2 connections. (bsc#1109961)\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1378=1\");\n\n script_tag(name:\"affected\", value:\"apache2 on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"apache2\", rpm:\"apache2~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debuginfo\", rpm:\"apache2-debuginfo~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-debugsource\", rpm:\"apache2-debugsource~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-devel\", rpm:\"apache2-devel~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event\", rpm:\"apache2-event~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-event-debuginfo\", rpm:\"apache2-event-debuginfo~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-example-pages\", rpm:\"apache2-example-pages~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork\", rpm:\"apache2-prefork~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-prefork-debuginfo\", rpm:\"apache2-prefork-debuginfo~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils\", rpm:\"apache2-utils~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-utils-debuginfo\", rpm:\"apache2-utils-debuginfo~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker\", rpm:\"apache2-worker~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-worker-debuginfo\", rpm:\"apache2-worker-debuginfo~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"apache2-doc\", rpm:\"apache2-doc~2.4.23~31.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:15:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "description": "This host is running Apache HTTP Server\n and is prone to denial-of-service vulnerability", "modified": "2019-07-05T00:00:00", "published": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310814056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814056", "type": "openvas", "title": "Apache HTTPD HTTP/2 'SETTINGS' Data Processing DoS Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apache HTTPD HTTP/2 'SETTINGS' Data Processing DoS Vulnerability (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:http_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814056\");\n script_version(\"2019-07-05T10:41:31+0000\");\n script_cve_id(\"CVE-2018-11763\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:41:31 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-09-28 11:02:47 +0530 (Fri, 28 Sep 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"Apache HTTPD HTTP/2 'SETTINGS' Data Processing DoS Vulnerability (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache HTTP Server\n and is prone to denial-of-service vulnerability\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper processing of\n specially crafted and continuous SETTINGS data for an ongoing HTTP/2 connection\n to cause the target service to fail to timeout.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service (DoS) condition on a targeted system.\");\n\n script_tag(name:\"affected\", value:\"Apache HTTP Server versions 2.4.34, 2.4.33,\n 2.4.30, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apache HTTP Server 2.4.35 or\n later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://securitytracker.com/id/1041713\");\n script_xref(name:\"URL\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_apache_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"apache/installed\", \"Host/runs_unixoide\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!httpd_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:httpd_port, exit_no_version:TRUE)) exit(0);\nhttpd_ver = infos['version'];\npath = infos['location'];\n\nif(httpd_ver =~ \"^2\\.4\")\n{\n foreach affected_version (make_list(\"2.4.18\", \"2.4.20\", \"2.4.23\", \"2.4.25\",\n \"2.4.26\", \"2.4.27\", \"2.4.28\", \"2.4.29\", \"2.4.30\", \"2.4.33\", \"2.4.34\"))\n {\n if(affected_version == httpd_ver)\n {\n report = report_fixed_ver(installed_version:httpd_ver, fixed_version:\"2.4.35\", install_path:path);\n security_message(data:report, port:httpd_port);\n exit(0);\n }\n }\n}\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-10-16T00:00:00", "id": "OPENVAS:1361412562310875197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875197", "type": "openvas", "title": "Fedora Update for mod_http2 FEDORA-2018-6ffb18592f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6ffb18592f_mod_http2_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mod_http2 FEDORA-2018-6ffb18592f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875197\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-16 06:36:26 +0200 (Tue, 16 Oct 2018)\");\n script_cve_id(\"CVE-2018-11763\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mod_http2 FEDORA-2018-6ffb18592f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_http2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"mod_http2 on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6ffb18592f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43RBG56YBQC5XCF2HBPODC6HQMZITLU3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_http2\", rpm:\"mod_http2~1.11.1~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-02-01T07:27:47", "description": "Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module\nincorrectly destroyed certain streams. A remote attacker could\npossibly use this issue to cause the server to crash, leading to a\ndenial of service. (CVE-2018-1302)\n\nCraig Young discovered that the Apache HTTP Server HTTP/2 module\nincorrectly handled certain requests. A remote attacker could possibly\nuse this issue to cause the server to consume resources, leading to a\ndenial of service. (CVE-2018-1333)\n\nGal Goldshtein discovered that the Apache HTTP Server HTTP/2 module\nincorrectly handled large SETTINGS frames. A remote attacker could\npossibly use this issue to cause the server to consume resources,\nleading to a denial of service. (CVE-2018-11763).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-10-04T00:00:00", "title": "Ubuntu 18.04 LTS : apache2 vulnerabilities (USN-3783-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1333", "CVE-2018-1302", "CVE-2018-11763"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:apache2-bin", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3783-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117916", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3783-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117916);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2018-11763\", \"CVE-2018-1302\", \"CVE-2018-1333\");\n script_xref(name:\"USN\", value:\"3783-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : apache2 vulnerabilities (USN-3783-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robert Swiecki discovered that the Apache HTTP Server HTTP/2 module\nincorrectly destroyed certain streams. A remote attacker could\npossibly use this issue to cause the server to crash, leading to a\ndenial of service. (CVE-2018-1302)\n\nCraig Young discovered that the Apache HTTP Server HTTP/2 module\nincorrectly handled certain requests. A remote attacker could possibly\nuse this issue to cause the server to consume resources, leading to a\ndenial of service. (CVE-2018-1333)\n\nGal Goldshtein discovered that the Apache HTTP Server HTTP/2 module\nincorrectly handled large SETTINGS frames. A remote attacker could\npossibly use this issue to cause the server to consume resources,\nleading to a denial of service. (CVE-2018-11763).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3783-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-bin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:apache2-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"apache2-bin\", pkgver:\"2.4.29-1ubuntu4.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-bin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:12", "description": "According to the version of the mod_http2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - When an HTTP/2 stream was destroyed after being\n handled, the Apache HTTP Server prior to version 2.4.30\n could have written a NULL pointer potentially to an\n already freed memory. The memory pools maintained by\n the server make this vulnerability hard to trigger in\n usual configurations, the reporter and the team could\n not reproduce it outside debug builds, so it is\n classified as low risk.(CVE-2018-1302)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-09-29T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : mod_http2 (EulerOS-SA-2020-2016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1302"], "modified": "2020-09-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mod_http2", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-2016.NASL", "href": "https://www.tenable.com/plugins/nessus/140964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140964);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1302\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : mod_http2 (EulerOS-SA-2020-2016)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the mod_http2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - When an HTTP/2 stream was destroyed after being\n handled, the Apache HTTP Server prior to version 2.4.30\n could have written a NULL pointer potentially to an\n already freed memory. The memory pools maintained by\n the server make this vulnerability hard to trigger in\n usual configurations, the reporter and the team could\n not reproduce it outside debug builds, so it is\n classified as low risk.(CVE-2018-1302)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2016\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d8a26732\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mod_http2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"mod_http2-1.10.20-2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_http2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:22:14", "description": "This update includes the latest upstream release of mod_http2, version\n1.10.16. This includes a security fix (CVE-2018-1302) :\n\nWhen an HTTP/2 stream was destroyed after being handled, mod_http2\ncould have written a NULL pointer potentially to an already freed\nmemory.\n\nThe memory pools maintained by the server make this vulnerabilty hard\nto trigger in usual configurations, the reporter and the team could\nnot reproduce it outside debug builds, so it is classified as low\nrisk.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 11, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : mod_http2 (2018-eec13e2e8d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1302"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mod_http2", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-EEC13E2E8D.NASL", "href": "https://www.tenable.com/plugins/nessus/120888", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-eec13e2e8d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120888);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1302\");\n script_xref(name:\"FEDORA\", value:\"2018-eec13e2e8d\");\n\n script_name(english:\"Fedora 28 : mod_http2 (2018-eec13e2e8d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest upstream release of mod_http2, version\n1.10.16. This includes a security fix (CVE-2018-1302) :\n\nWhen an HTTP/2 stream was destroyed after being handled, mod_http2\ncould have written a NULL pointer potentially to an already freed\nmemory.\n\nThe memory pools maintained by the server make this vulnerabilty hard\nto trigger in usual configurations, the reporter and the team could\nnot reproduce it outside debug builds, so it is classified as low\nrisk.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-eec13e2e8d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_http2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"mod_http2-1.10.16-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_http2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:15:55", "description": "This update includes the latest upstream release of mod_http2, version\n1.10.16. This includes a security fix (CVE-2018-1302) :\n\nWhen an HTTP/2 stream was destroyed after being handled, mod_http2\ncould have written a NULL pointer potentially to an already freed\nmemory.\n\nThe memory pools maintained by the server make this vulnerabilty hard\nto trigger in usual configurations, the reporter and the team could\nnot reproduce it outside debug builds, so it is classified as low\nrisk.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 22, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-04-06T00:00:00", "title": "Fedora 27 : mod_http2 (2018-0a95bff197)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1302"], "modified": "2018-04-06T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:mod_http2"], "id": "FEDORA_2018-0A95BFF197.NASL", "href": "https://www.tenable.com/plugins/nessus/108855", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-0a95bff197.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108855);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1302\");\n script_xref(name:\"FEDORA\", value:\"2018-0a95bff197\");\n\n script_name(english:\"Fedora 27 : mod_http2 (2018-0a95bff197)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest upstream release of mod_http2, version\n1.10.16. This includes a security fix (CVE-2018-1302) :\n\nWhen an HTTP/2 stream was destroyed after being handled, mod_http2\ncould have written a NULL pointer potentially to an already freed\nmemory.\n\nThe memory pools maintained by the server make this vulnerabilty hard\nto trigger in usual configurations, the reporter and the team could\nnot reproduce it outside debug builds, so it is classified as low\nrisk.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0a95bff197\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_http2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mod_http2-1.10.16-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_http2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:18:35", "description": "This release includes the latest stable upstream release of mod_http2.\nThe changes since the last update are :\n\n - fixes a race condition where aborting streams triggers\n an unnecessary timeout.\n\n - accurate reporting of h2 data input/output per request\n via mod_logio. Fixes an issue where output sizes where\n counted n-times on reused slave connections. See [issue\n #158](https://github.com/icing/mod_h2/issues/158).\n\n - normalized connection prefix logging when trace2 is\n enabled for direct h2 connection detection.\n\n----\n\nThis update includes the latest upstream release of mod_http2, version\n1.10.16. This includes a security fix (CVE-2018-1302) :\n\nWhen an HTTP/2 stream was destroyed after being handled, mod_http2\ncould have written a NULL pointer potentially to an already freed\nmemory.\n\nThe memory pools maintained by the server make this vulnerabilty hard\nto trigger in usual configurations, the reporter and the team could\nnot reproduce it outside debug builds, so it is classified as low\nrisk.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-04-30T00:00:00", "title": "Fedora 26 : mod_http2 (2018-63de5f3f6b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1302"], "modified": "2018-04-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mod_http2", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-63DE5F3F6B.NASL", "href": "https://www.tenable.com/plugins/nessus/109417", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-63de5f3f6b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109417);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1302\");\n script_xref(name:\"FEDORA\", value:\"2018-63de5f3f6b\");\n\n script_name(english:\"Fedora 26 : mod_http2 (2018-63de5f3f6b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This release includes the latest stable upstream release of mod_http2.\nThe changes since the last update are :\n\n - fixes a race condition where aborting streams triggers\n an unnecessary timeout.\n\n - accurate reporting of h2 data input/output per request\n via mod_logio. Fixes an issue where output sizes where\n counted n-times on reused slave connections. See [issue\n #158](https://github.com/icing/mod_h2/issues/158).\n\n - normalized connection prefix logging when trace2 is\n enabled for direct h2 connection detection.\n\n----\n\nThis update includes the latest upstream release of mod_http2, version\n1.10.16. This includes a security fix (CVE-2018-1302) :\n\nWhen an HTTP/2 stream was destroyed after being handled, mod_http2\ncould have written a NULL pointer potentially to an already freed\nmemory.\n\nThe memory pools maintained by the server make this vulnerabilty hard\nto trigger in usual configurations, the reporter and the team could\nnot reproduce it outside debug builds, so it is classified as low\nrisk.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-63de5f3f6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_http2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"mod_http2-1.10.18-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_http2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-29T09:19:54", "description": "According to its banner, the version of Apache running on the remote\nhost is 2.4.x prior to 2.4.35. It is, therefore, affected by the\nfollowing vulnerability:\n\n - By sending continuous SETTINGS frames of maximum size an ongoing \n HTTP/2 connection could be kept busy and would never time out. This \n can be abused for a DoS on the server. This only affect a server \n that has enabled the h2 protocol.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 24, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-09-27T00:00:00", "title": "Apache 2.4.x < 2.4.35 DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "modified": "2018-09-27T00:00:00", "cpe": ["cpe:/a:apache:httpd", "cpe:/a:apache:http_server"], "id": "APACHE_2_4_35.NASL", "href": "https://www.tenable.com/plugins/nessus/117807", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117807);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/28\");\n\n script_cve_id(\"CVE-2018-11763\");\n\n script_name(english:\"Apache 2.4.x < 2.4.35 DoS\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache running on the remote\nhost is 2.4.x prior to 2.4.35. It is, therefore, affected by the\nfollowing vulnerability:\n\n - By sending continuous SETTINGS frames of maximum size an ongoing \n HTTP/2 connection could be kept busy and would never time out. This \n can be abused for a DoS on the server. This only affect a server \n that has enabled the h2 protocol.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_2.4.35\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpd.apache.org/security/vulnerabilities_24.html#2.4.35\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 2.4.35 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-11763\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:httpd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\", \"apache_http_server_nix_installed.nbin\", \"apache_httpd_win_installed.nbin\");\n script_require_keys(\"installed_sw/Apache\");\n\n exit(0);\n\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\n\napp_info = vcf::apache_http_server::combined_get_app_info(app:'Apache');\n\nconstraints = [\n { \"min_version\" : \"2.4\", \"fixed_version\" : \"2.4.35\" }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:21:03", "description": "Security update for CVE-2018-11763\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-10-22T00:00:00", "title": "Fedora 27 : mod_http2 (2018-bb9d24c82d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "modified": "2018-10-22T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:mod_http2"], "id": "FEDORA_2018-BB9D24C82D.NASL", "href": "https://www.tenable.com/plugins/nessus/118242", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-bb9d24c82d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118242);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-11763\");\n script_xref(name:\"FEDORA\", value:\"2018-bb9d24c82d\");\n\n script_name(english:\"Fedora 27 : mod_http2 (2018-bb9d24c82d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security update for CVE-2018-11763\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-bb9d24c82d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_http2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_http2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mod_http2-1.11.1-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_http2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T02:56:59", "description": "The Apache httpd project reports :\n\nlow: DoS for HTTP/2 connections by continuous SETTINGS\n\nBy sending continous SETTINGS frames of maximum size an ongoing HTTP/2\nconnection could be kept busy and would never time out. This can be\nabused for a DoS on the server. This only affect a server that has\nenabled the h2 protocol.", "edition": 23, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-09-27T00:00:00", "title": "FreeBSD : Apache -- Denial of service vulnerability in HTTP/2 (e182c076-c189-11e8-a6d2-b499baebfeaf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:apache24"], "id": "FREEBSD_PKG_E182C076C18911E8A6D2B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/117724", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117724);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/24 17:08:06\");\n\n script_cve_id(\"CVE-2018-11763\");\n\n script_name(english:\"FreeBSD : Apache -- Denial of service vulnerability in HTTP/2 (e182c076-c189-11e8-a6d2-b499baebfeaf)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache httpd project reports :\n\nlow: DoS for HTTP/2 connections by continuous SETTINGS\n\nBy sending continous SETTINGS frames of maximum size an ongoing HTTP/2\nconnection could be kept busy and would never time out. This can be\nabused for a DoS on the server. This only affect a server that has\nenabled the h2 protocol.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://httpd.apache.org/security/vulnerabilities_24.html\"\n );\n # https://vuxml.freebsd.org/freebsd/e182c076-c189-11e8-a6d2-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?726f0f45\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache24\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache24<2.4.35\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-18T03:02:43", "description": "This update for apache2 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-11763: In Apache HTTP Server by sending continuous, large\nSETTINGS frames a client can occupy a connection, server thread and\nCPU time without any connection timeout coming to effect. This affects\nonly HTTP/2 connections. (bsc#1109961)\n\nBug fixes: consider also patterns in APACHE_CONF_INCLUDE_DIRS as\ndocumentation says (patch Juergen Gleiss)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLES15 Security Update : apache2 (SUSE-SU-2018:3101-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:apache2-worker", "p-cpe:/a:novell:suse_linux:apache2-devel", "p-cpe:/a:novell:suse_linux:apache2-prefork", "p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:apache2-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo", "p-cpe:/a:novell:suse_linux:apache2-utils", "p-cpe:/a:novell:suse_linux:apache2-debugsource", "p-cpe:/a:novell:suse_linux:apache2"], "id": "SUSE_SU-2018-3101-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3101-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120127);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/16\");\n\n script_cve_id(\"CVE-2018-11763\");\n\n script_name(english:\"SUSE SLES15 Security Update : apache2 (SUSE-SU-2018:3101-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for apache2 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-11763: In Apache HTTP Server by sending continuous, large\nSETTINGS frames a client can occupy a connection, server thread and\nCPU time without any connection timeout coming to effect. This affects\nonly HTTP/2 connections. (bsc#1109961)\n\nBug fixes: consider also patterns in APACHE_CONF_INCLUDE_DIRS as\ndocumentation says (patch Juergen Gleiss)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11763/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183101-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9159c8e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2018-2201=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-prefork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:apache2-worker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-2.4.33-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-debuginfo-2.4.33-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-debugsource-2.4.33-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-devel-2.4.33-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-prefork-2.4.33-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-prefork-debuginfo-2.4.33-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-utils-2.4.33-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-utils-debuginfo-2.4.33-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-worker-2.4.33-3.6.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"apache2-worker-debuginfo-2.4.33-3.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-03T22:46:55", "description": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large\nSETTINGS frames a client can occupy a connection, server thread and\nCPU time without any connection timeout coming to effect. This affects\nonly HTTP/2 connections. A possible mitigation is to not enable the h2\nprotocol. (CVE-2018-11763)", "edition": 12, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-12-17T00:00:00", "title": "Amazon Linux AMI : httpd24 (ALAS-2018-1104)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11763"], "modified": "2018-12-17T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mod24_ssl", "p-cpe:/a:amazon:linux:httpd24-manual", "p-cpe:/a:amazon:linux:mod24_ldap", "p-cpe:/a:amazon:linux:mod24_proxy_html", "p-cpe:/a:amazon:linux:httpd24-tools", "p-cpe:/a:amazon:linux:httpd24-debuginfo", "p-cpe:/a:amazon:linux:mod24_md", "p-cpe:/a:amazon:linux:mod24_session", "p-cpe:/a:amazon:linux:httpd24-devel", "p-cpe:/a:amazon:linux:httpd24", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1104.NASL", "href": "https://www.tenable.com/plugins/nessus/119687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1104.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119687);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/02\");\n\n script_cve_id(\"CVE-2018-11763\");\n script_xref(name:\"ALAS\", value:\"2018-1104\");\n\n script_name(english:\"Amazon Linux AMI : httpd24 (ALAS-2018-1104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large\nSETTINGS frames a client can occupy a connection, server thread and\nCPU time without any connection timeout coming to effect. This affects\nonly HTTP/2 connections. A possible mitigation is to not enable the h2\nprotocol. (CVE-2018-11763)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1104.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd24' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd24-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_md\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_proxy_html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-2.4.37-1.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-debuginfo-2.4.37-1.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-devel-2.4.37-1.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-manual-2.4.37-1.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd24-tools-2.4.37-1.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ldap-2.4.37-1.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_md-2.4.37-1.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_proxy_html-2.4.37-1.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_session-2.4.37-1.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_ssl-2.4.37-1.83.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd24 / httpd24-debuginfo / httpd24-devel / httpd24-manual / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "httpd": [{"lastseen": "2020-12-24T14:26:49", "bulletinFamily": "software", "cvelist": ["CVE-2018-1302"], "description": "\nWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server\nprior to version 2.4.33 could have written a NULL pointer potentially to an\nalready freed memory.\nThe memory pools maintained by the server make this\nvulnerabilty hard to trigger in usual configurations, the reporter and the team\ncould not reproduce it outside debug builds, so it is classified as low risk.\n", "edition": 7, "modified": "2018-03-21T00:00:00", "published": "2018-01-23T00:00:00", "id": "HTTPD:A5773ECB3CB67826707B252F21BB80BB", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: Possible write of after free on HTTP/2 stream shutdown", "type": "httpd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-03-26T01:36:27", "bulletinFamily": "software", "cvelist": ["CVE-2018-1302"], "description": "\nWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server\nprior to version 2.4.30 could have written a NULL pointer potentially to an\nalready freed memory.\nThe memory pools maintained by the server make this\nvulnerabilty hard to trigger in usual configurations, the reporter and the team\ncould not reproduce it outside debug builds, so it is classified as low risk.\n", "edition": 1, "modified": "2018-03-21T00:00:00", "published": "2018-01-23T00:00:00", "href": "https://httpd.apache.org/security_report.html", "id": "HTTPD:53F7D531D201D0209EE31F3FA8829F5B", "type": "httpd", "title": "Apache Httpd < 2.4.30: Possible write of after free on HTTP/2 stream shutdown", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-12-24T14:26:49", "bulletinFamily": "software", "cvelist": ["CVE-2018-11763"], "description": "\nBy sending continous SETTINGS frames of maximum size an ongoing HTTP/2\nconnection could be kept busy and would never time out. This can be abused\nfor a DoS on the server. This only affect a server that has enabled the h2\nprotocol.\n", "edition": 4, "modified": "2018-09-25T00:00:00", "published": "2018-07-18T00:00:00", "id": "HTTPD:43E63F90DCA6F418ACF2327C4F88C3D8", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: DoS for HTTP/2 connections by continuous SETTINGS", "type": "httpd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2018-10-17T08:31:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763"], "description": "This update for apache2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-11763: In Apache HTTP Server by sending continuous, large\n SETTINGS frames a client can occupy a connection, server thread and CPU\n time without any connection timeout coming to effect. This affects only\n HTTP/2 connections. (bsc#1109961)\n\n Bug fixes:\n\n - consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation says\n (patch Juergen Gleiss)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-10-17T06:14:48", "published": "2018-10-17T06:14:48", "id": "OPENSUSE-SU-2018:3185-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00031.html", "title": "Security update for apache2 (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-10T02:37:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763"], "description": "This update for apache2 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-11763: In Apache HTTP Server by sending continuous, large\n SETTINGS frames a client can occupy a connection, server thread and CPU\n time without any connection timeout coming to effect. This affects only\n HTTP/2 connections. (bsc#1109961)\n\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2018-11-10T00:25:46", "published": "2018-11-10T00:25:46", "id": "OPENSUSE-SU-2018:3713-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00015.html", "title": "Security update for apache2 (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-06-11T22:41:42", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2520", "CVE-2019-2509", "CVE-2019-2451", "CVE-2019-2501", "CVE-2019-2525", "CVE-2019-2521", "CVE-2018-0734", "CVE-2019-2448", "CVE-2019-2553", "CVE-2019-2506", "CVE-2019-2511", "CVE-2019-2554", "CVE-2019-2527", "CVE-2019-2552", "CVE-2019-2504", "CVE-2019-2523", "CVE-2019-2500", "CVE-2019-2555", "CVE-2018-11763", "CVE-2019-2548", "CVE-2018-3309", "CVE-2019-2522", "CVE-2018-11784", "CVE-2019-2450", "CVE-2019-2524", "CVE-2019-2556", "CVE-2019-2526", "CVE-2019-2508", "CVE-2019-2446", "CVE-2019-2505"], "description": "This update for virtualbox to version 5.2.24 fixes the following issues:\n\n Multiple security issues fixed:\n\n CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309,\n CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526,\n CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509,\n CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554,\n CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446,\n CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506,\n and CVE-2019-2553 (bsc#1122212).\n\n Other issues fixed:\n\n - Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel,\n contributed by Robert Conde\n - USB: fixed a problem causing failures attaching SuperSpeed devices which\n report USB version 3.1 (rather than 3.0) on Windows hosts\n - Audio: added support for surround speaker setups used by Windows 10\n Build 1809\n - Linux hosts: fixed conflict between Debian and Oracle build desktop files\n - Linux guests: fixed building drivers on SLES 12.4\n - Linux guests: fixed building shared folder driver with older kernels\n\n", "edition": 1, "modified": "2019-06-11T21:10:22", "published": "2019-06-11T21:10:22", "id": "OPENSUSE-SU-2019:1547-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html", "title": "Security update for virtualbox (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-01-28T00:05:09", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2520", "CVE-2019-2509", "CVE-2019-2451", "CVE-2019-2501", "CVE-2019-2525", "CVE-2019-2521", "CVE-2018-0734", "CVE-2019-2448", "CVE-2019-2553", "CVE-2019-2506", "CVE-2019-2511", "CVE-2019-2554", "CVE-2019-2527", "CVE-2019-2552", "CVE-2019-2504", "CVE-2019-2523", "CVE-2019-2500", "CVE-2019-2555", "CVE-2018-11763", "CVE-2019-2548", "CVE-2018-3309", "CVE-2019-2522", "CVE-2018-11784", "CVE-2019-2450", "CVE-2019-2524", "CVE-2019-2556", "CVE-2019-2526", "CVE-2019-2508", "CVE-2019-2446", "CVE-2019-2505"], "description": "This update for virtualbox version 5.2.24 fixes the following issues:\n\n Update fixes multiple vulnerabilities:\n\n CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309,\n CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526,\n CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509,\n CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554,\n CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446,\n CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506,\n and CVE-2019-2553 (boo#1122212).\n\n Non-security issues fixed:\n\n - Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel,\n contributed by Robert Conde\n - USB: fixed a problem causing failures attaching SuperSpeed devices which\n report USB version 3.1 (rather than 3.0) on Windows hosts\n - Audio: added support for surround speaker setups used by Windows 10\n Build 1809\n - Linux hosts: fixed conflict between Debian and Oracle build desktop files\n - Linux guests: fixed building drivers on SLES 12.4\n - Linux guests: fixed building shared folder driver with older kernels\n\n", "edition": 1, "modified": "2019-01-25T15:10:43", "published": "2019-01-25T15:10:43", "id": "OPENSUSE-SU-2019:0084-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html", "title": "Security update for virtualbox (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-07-30T19:43:34", "bulletinFamily": "unix", "cvelist": ["CVE-2019-2509", "CVE-2019-2679", "CVE-2019-2451", "CVE-2019-2678", "CVE-2019-2867", "CVE-2018-3297", "CVE-2019-2525", "CVE-2019-2703", "CVE-2019-2574", "CVE-2018-3294", "CVE-2018-0734", "CVE-2018-3293", "CVE-2018-3292", "CVE-2019-2448", "CVE-2019-2850", "CVE-2019-2511", "CVE-2019-2722", "CVE-2018-3291", "CVE-2018-3298", "CVE-2019-2877", "CVE-2019-2554", "CVE-2019-2848", "CVE-2019-1543", "CVE-2019-2527", "CVE-2018-3290", "CVE-2019-2865", "CVE-2019-2656", "CVE-2019-2866", "CVE-2019-2723", "CVE-2018-3296", "CVE-2018-3288", "CVE-2019-2555", "CVE-2019-2696", "CVE-2019-2875", "CVE-2018-11763", "CVE-2019-2859", "CVE-2019-2721", "CVE-2018-11784", "CVE-2019-2450", "CVE-2019-2657", "CVE-2018-3295", "CVE-2019-2873", "CVE-2019-2690", "CVE-2018-3289", "CVE-2019-2864", "CVE-2019-2556", "CVE-2019-2876", "CVE-2019-2680", "CVE-2019-2508", "CVE-2019-2446", "CVE-2019-2874", "CVE-2019-2863"], "description": "This update for virtualbox to version 6.0.10 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-2859 CVE-2019-2867 CVE-2019-2866 CVE-2019-2864 CVE-2019-2865\n CVE-2019-1543 CVE-2019-2863 CVE-2019-2848 CVE-2019-2877 CVE-2019-2873\n CVE-2019-2874 CVE-2019-2875 CVE-2019-2876 CVE-2019-2850 (boo#1141801)\n\n", "edition": 1, "modified": "2019-07-30T18:11:48", "published": "2019-07-30T18:11:48", "id": "OPENSUSE-SU-2019:1814-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html", "title": "Security update for virtualbox (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763"], "description": "**Issue Overview:**\n\nIn Apache HTTP Server, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.([CVE-2018-11763 __](<https://access.redhat.com/security/cve/CVE-2018-11763>))\n\n \n**Affected Packages:** \n\n\nmod_http2\n\n \n**Issue Correction:** \nRun _yum update mod_http2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod_http2-1.11.1-1.amzn2.i686 \n mod_http2-debuginfo-1.11.1-1.amzn2.i686 \n \n src: \n mod_http2-1.11.1-1.amzn2.src \n \n x86_64: \n mod_http2-1.11.1-1.amzn2.x86_64 \n mod_http2-debuginfo-1.11.1-1.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2018-11-07T22:11:00", "published": "2018-11-07T22:11:00", "id": "ALAS2-2018-1104", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1104.html", "title": "Medium: mod_http2", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:37:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763"], "description": "**Issue Overview:**\n\nIn Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. ([CVE-2018-11763 __](<https://access.redhat.com/security/cve/CVE-2018-11763>))\n\n \n**Affected Packages:** \n\n\nhttpd24\n\n \n**Issue Correction:** \nRun _yum update httpd24_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n httpd24-tools-2.4.37-1.83.amzn1.i686 \n mod24_proxy_html-2.4.37-1.83.amzn1.i686 \n httpd24-debuginfo-2.4.37-1.83.amzn1.i686 \n httpd24-2.4.37-1.83.amzn1.i686 \n mod24_md-2.4.37-1.83.amzn1.i686 \n mod24_session-2.4.37-1.83.amzn1.i686 \n mod24_ldap-2.4.37-1.83.amzn1.i686 \n httpd24-devel-2.4.37-1.83.amzn1.i686 \n mod24_ssl-2.4.37-1.83.amzn1.i686 \n \n noarch: \n httpd24-manual-2.4.37-1.83.amzn1.noarch \n \n src: \n httpd24-2.4.37-1.83.amzn1.src \n \n x86_64: \n httpd24-tools-2.4.37-1.83.amzn1.x86_64 \n httpd24-2.4.37-1.83.amzn1.x86_64 \n httpd24-debuginfo-2.4.37-1.83.amzn1.x86_64 \n mod24_session-2.4.37-1.83.amzn1.x86_64 \n mod24_md-2.4.37-1.83.amzn1.x86_64 \n mod24_ssl-2.4.37-1.83.amzn1.x86_64 \n httpd24-devel-2.4.37-1.83.amzn1.x86_64 \n mod24_ldap-2.4.37-1.83.amzn1.x86_64 \n mod24_proxy_html-2.4.37-1.83.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2018-12-13T17:29:00", "published": "2018-12-13T17:29:00", "id": "ALAS-2018-1104", "href": "https://alas.aws.amazon.com/ALAS-2018-1104.html", "title": "Medium: httpd24", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:36:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763"], "description": "**Issue Overview:**\n\nIn Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.([CVE-2018-11763 __](<https://access.redhat.com/security/cve/CVE-2018-11763>))\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n httpd-2.4.37-1.amzn2.0.1.aarch64 \n httpd-devel-2.4.37-1.amzn2.0.1.aarch64 \n httpd-tools-2.4.37-1.amzn2.0.1.aarch64 \n mod_ssl-2.4.37-1.amzn2.0.1.aarch64 \n mod_md-2.4.37-1.amzn2.0.1.aarch64 \n mod_proxy_html-2.4.37-1.amzn2.0.1.aarch64 \n mod_ldap-2.4.37-1.amzn2.0.1.aarch64 \n mod_session-2.4.37-1.amzn2.0.1.aarch64 \n httpd-debuginfo-2.4.37-1.amzn2.0.1.aarch64 \n \n i686: \n httpd-2.4.37-1.amzn2.0.1.i686 \n httpd-devel-2.4.37-1.amzn2.0.1.i686 \n httpd-tools-2.4.37-1.amzn2.0.1.i686 \n mod_ssl-2.4.37-1.amzn2.0.1.i686 \n mod_md-2.4.37-1.amzn2.0.1.i686 \n mod_proxy_html-2.4.37-1.amzn2.0.1.i686 \n mod_ldap-2.4.37-1.amzn2.0.1.i686 \n mod_session-2.4.37-1.amzn2.0.1.i686 \n httpd-debuginfo-2.4.37-1.amzn2.0.1.i686 \n \n noarch: \n httpd-manual-2.4.37-1.amzn2.0.1.noarch \n httpd-filesystem-2.4.37-1.amzn2.0.1.noarch \n \n src: \n httpd-2.4.37-1.amzn2.0.1.src \n \n x86_64: \n httpd-2.4.37-1.amzn2.0.1.x86_64 \n httpd-devel-2.4.37-1.amzn2.0.1.x86_64 \n httpd-tools-2.4.37-1.amzn2.0.1.x86_64 \n mod_ssl-2.4.37-1.amzn2.0.1.x86_64 \n mod_md-2.4.37-1.amzn2.0.1.x86_64 \n mod_proxy_html-2.4.37-1.amzn2.0.1.x86_64 \n mod_ldap-2.4.37-1.amzn2.0.1.x86_64 \n mod_session-2.4.37-1.amzn2.0.1.x86_64 \n httpd-debuginfo-2.4.37-1.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2019-01-23T23:31:00", "published": "2019-01-23T23:31:00", "id": "ALAS2-2019-1155", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1155.html", "title": "Medium: httpd", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:36:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1301", "CVE-2018-1302", "CVE-2018-1312", "CVE-2017-15710", "CVE-2017-15715", "CVE-2018-1303", "CVE-2018-1283"], "description": "**Issue Overview:**\n\nUse-after-free on HTTP/2 stream shutdown \nWhen an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. ([CVE-2018-1302 __](<https://access.redhat.com/security/cve/CVE-2018-1302>))\n\nBypass with a trailing newline in the file name \nIn Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. ([CVE-2017-15715 __](<https://access.redhat.com/security/cve/CVE-2017-15715>))\n\nOut of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service \nA specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. ([CVE-2018-1303 __](<https://access.redhat.com/security/cve/CVE-2018-1303>))\n\nImproper handling of headers in mod_session can allow a remote user to modify session data for CGI applications \nIt has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header. ([CVE-2018-1283 __](<https://access.redhat.com/security/cve/CVE-2018-1283>))\n\nOut of bound write in mod_authnz_ldap when using too small Accept-Language values \nIn Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. ([CVE-2017-15710 __](<https://access.redhat.com/security/cve/CVE-2017-15710>))\n\nOut of bound access after failure in reading the HTTP request \nA specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. ([CVE-2018-1301 __](<https://access.redhat.com/security/cve/CVE-2018-1301>))\n\nWeak Digest auth nonce generation in mod_auth_digest \nIn Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. ([CVE-2018-1312 __](<https://access.redhat.com/security/cve/CVE-2018-1312>))\n\n \n**Affected Packages:** \n\n\nhttpd24\n\n \n**Issue Correction:** \nRun _yum update httpd24_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n httpd24-debuginfo-2.4.33-2.78.amzn1.i686 \n httpd24-2.4.33-2.78.amzn1.i686 \n mod24_session-2.4.33-2.78.amzn1.i686 \n mod24_md-2.4.33-2.78.amzn1.i686 \n mod24_ssl-2.4.33-2.78.amzn1.i686 \n httpd24-devel-2.4.33-2.78.amzn1.i686 \n httpd24-tools-2.4.33-2.78.amzn1.i686 \n mod24_proxy_html-2.4.33-2.78.amzn1.i686 \n mod24_ldap-2.4.33-2.78.amzn1.i686 \n \n noarch: \n httpd24-manual-2.4.33-2.78.amzn1.noarch \n \n src: \n httpd24-2.4.33-2.78.amzn1.src \n \n x86_64: \n httpd24-devel-2.4.33-2.78.amzn1.x86_64 \n httpd24-2.4.33-2.78.amzn1.x86_64 \n mod24_ssl-2.4.33-2.78.amzn1.x86_64 \n httpd24-debuginfo-2.4.33-2.78.amzn1.x86_64 \n mod24_ldap-2.4.33-2.78.amzn1.x86_64 \n mod24_proxy_html-2.4.33-2.78.amzn1.x86_64 \n mod24_session-2.4.33-2.78.amzn1.x86_64 \n mod24_md-2.4.33-2.78.amzn1.x86_64 \n httpd24-tools-2.4.33-2.78.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2018-05-03T16:29:00", "published": "2018-05-03T16:29:00", "id": "ALAS-2018-1004", "href": "https://alas.aws.amazon.com/ALAS-2018-1004.html", "title": "Medium: httpd24", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdi": [{"lastseen": "2020-06-22T11:41:48", "bulletinFamily": "info", "cvelist": ["CVE-2018-11763"], "description": "This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP2 headers. A crafted HTTP2 request can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.", "edition": 1, "modified": "2018-06-22T00:00:00", "published": "2018-12-10T00:00:00", "id": "ZDI-18-1369", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-1369/", "title": "Apache2 mod_http2 header Denial of Service Vulnerability", "type": "zdi", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-11763"], "description": "\nThe Apache httpd project reports:\n\nlow: DoS for HTTP/2 connections by continuous SETTINGS\nBy sending continous SETTINGS frames of maximum size an ongoing\n\t HTTP/2 connection could be kept busy and would never time out. This\n\t can be abused for a DoS on the server. This only affect a server\n\t that has enabled the h2 protocol.\n\n", "edition": 3, "modified": "2018-09-25T00:00:00", "published": "2018-09-25T00:00:00", "id": "E182C076-C189-11E8-A6D2-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/e182c076-c189-11e8-a6d2-b499baebfeaf.html", "title": "Apache -- Denial of service vulnerability in HTTP/2", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:31:57", "bulletinFamily": "unix", "cvelist": ["CVE-2018-1301", "CVE-2018-1302", "CVE-2018-1312", "CVE-2017-15710", "CVE-2017-15715", "CVE-2018-1303", "CVE-2018-1283"], "description": "\nThe Apache httpd reports:\n\nOut of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig\n\t enabled (CVE-2017-15710)\nmod_session: CGI-like applications that intend to read from\n\t mod_session's 'SessionEnv ON' could be fooled into reading\n\t user-supplied data instead. (CVE-2018-1283)\nmod_cache_socache: Fix request headers parsing to avoid a possible\n\t crash with specially crafted input data. (CVE-2018-1303)\ncore: Possible crash with excessively long HTTP request headers.\n\t Impractical to exploit with a production build and production\n\t LogLevel. (CVE-2018-1301)\ncore: Configure the regular expression engine to match '$' to the\n\t end of the input string only, excluding matching the end of any\n\t embedded newline characters. Behavior can be changed with new\n\t directive 'RegexDefaultOptions'. (CVE-2017-15715)\nmod_auth_digest: Fix generation of nonce values to prevent replay\n\t attacks across servers using a common Digest domain. This change\n\t may cause problems if used with round robin load balancers.\n\t (CVE-2018-1312)\nmod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)\n\n", "edition": 7, "modified": "2018-03-27T00:00:00", "published": "2018-03-23T00:00:00", "id": "F38187E7-2F6E-11E8-8F07-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/f38187e7-2f6e-11e8-8f07-b499baebfeaf.html", "title": "apache -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:35", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15710", "CVE-2017-15715", "CVE-2018-0739", "CVE-2018-1000168", "CVE-2018-11759", "CVE-2018-11763", "CVE-2018-1283", "CVE-2018-1301", "CVE-2018-1302", "CVE-2018-1303", "CVE-2018-1312", "CVE-2018-1333"], "description": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section.\n\nSecurity Fixes:\n\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)\n\n* httpd: Weak Digest auth nonce generation in mod_auth_digest\n(CVE-2018-1312)\n\n* httpd: Out of bound access after failure in reading the HTTP request\n(CVE-2018-1301)\n\n* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)\n\n* httpd: <FilesMatch> bypass with a trailing newline in the file name\n(CVE-2017-15715)\n\n* httpd: Out of bound write in mod_authnz_ldap when using too small\nAccept-Language values (CVE-2017-15710)\n\n* httpd: Out of bounds read in mod_cache_socache can allow a remote\nattacker to cause a denial of service (CVE-2018-1303)\n\n* httpd: Improper handling of headers in mod_session can allow a remote\nuser to modify session data for CGI applications (CVE-2018-1283)\n\n* httpd: mod_http2: too much time allocated to workers, possibly leading to\nDoS (CVE-2018-1333)\n\n* mod_jk: connector path traversal due to mishandled HTTP requests in httpd\n(CVE-2018-11759)\n\n* nghttp2: Null pointer dereference when too large ALTSVC frame is received\n(CVE-2018-1000168)\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack\noverflow and resulting denial of service (CVE-2018-0739)\n\nDetails around each issue, including information about the CVE, severity of\nthe issue, and the CVSS score, can be found on the CVE pages listed in the\nReference section below.", "modified": "2019-02-18T21:49:34", "published": "2019-02-18T21:47:10", "id": "RHSA-2019:0367", "href": "https://access.redhat.com/errata/RHSA-2019:0367", "type": "redhat", "title": "(RHSA-2019:0367) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10140", "CVE-2017-15710", "CVE-2017-15715", "CVE-2018-0739", "CVE-2018-1000168", "CVE-2018-11759", "CVE-2018-11763", "CVE-2018-1283", "CVE-2018-1301", "CVE-2018-1302", "CVE-2018-1303", "CVE-2018-1312", "CVE-2018-1333"], "description": "This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.29, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* db4: libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140)\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)\n* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)\n* httpd: Out of bound access after failure in reading the HTTP request (CVE-2018-1301)\n* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)\n* httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)\n* httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)\n* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service (CVE-2018-1303)\n* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)\n* httpd: mod_http2: too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)\n* mod_jk: connector path traversal due to mishandled HTTP requests in httpd (CVE-2018-11759)\n* nghttp2: Null pointer dereference when too large ALTSVC frame is received (CVE-2018-1000168)\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe CVE-2018-1000168 issue was discovered by The Nghttp2 Project.", "modified": "2019-02-18T21:45:48", "published": "2019-02-18T21:45:31", "id": "RHSA-2019:0366", "href": "https://access.redhat.com/errata/RHSA-2019:0366", "type": "redhat", "title": "(RHSA-2019:0366) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-9586", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-15710", "CVE-2017-15715", "CVE-2017-7407", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301", "CVE-2018-11763", "CVE-2018-1283", "CVE-2018-1301", "CVE-2018-1303", "CVE-2018-1312", "CVE-2018-1333", "CVE-2018-14618"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nThe following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.34), httpd24-curl (7.61.1). (BZ#1590833, BZ#1648928)\n\nSecurity Fix(es):\n\n* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)\n\n* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303)\n\n* httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)\n\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763)\n\n* httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)\n\n* httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)\n\n* httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301)\n\n* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)\n\n* curl: Multiple security issues were fixed in httpd24-curl (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301, CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Curl project for reporting CVE-2017-8816, CVE-2017-8817, CVE-2017-1000254, CVE-2017-1000257, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-1000301, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2018-14618, and CVE-2018-1000121. Upstream acknowledges Alex Nichols as the original reporter of CVE-2017-8816; the OSS-Fuzz project as the original reporter of CVE-2017-8817 and CVE-2018-1000301; Max Dymond as the original reporter of CVE-2017-1000254 and CVE-2018-1000122; Brian Carpenter and the OSS-Fuzz project as the original reporters of CVE-2017-1000257; Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Even Rouault as the original reporter of CVE-2017-1000100; Brian Carpenter as the original reporter of CVE-2017-1000101; Zhaoyang Wu as the original reporter of CVE-2018-14618; and Dario Weisser as the original reporter of CVE-2018-1000121.\n\nBug Fix(es):\n\n* Previously, the Apache HTTP Server from the httpd24 Software Collection was unable to handle situations when static content was repeatedly requested in a browser by refreshing the page. As a consequence, HTTP/2 connections timed out and httpd became unresponsive. This bug has been fixed, and HTTP/2 connections now work as expected in the described scenario. (BZ#1518737)\n\nEnhancement(s):\n\n* This update adds the mod_md module to the httpd24 Software Collection. This module enables managing domains across virtual hosts and certificate provisioning using the Automatic Certificate Management Environment (ACME) protocol. The mod_md module is available only for Red Hat Enterprise Linux 7. (BZ#1640722)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Software Collections 3.2 Release Notes linked from the References section.", "modified": "2018-11-13T13:04:35", "published": "2018-11-13T13:00:33", "id": "RHSA-2018:3558", "href": "https://access.redhat.com/errata/RHSA-2018:3558", "type": "redhat", "title": "(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2021-02-18T18:40:47", "bulletinFamily": "software", "cvelist": ["CVE-2017-12171", "CVE-2017-15710", "CVE-2017-15715", "CVE-2017-9788", "CVE-2017-9789", "CVE-2017-9798", "CVE-2018-11763", "CVE-2018-1283", "CVE-2018-1301", "CVE-2018-1302", "CVE-2018-1303", "CVE-2018-1312", "CVE-2018-1333", "CVE-2018-8011"], "description": "### SUMMARY \n\nSymantec Network Protection products using affected versions of Apache httpd are susceptible to multiple security vulnerabilities. A remote attacker can obtain sensitive information, bypass intended security restrictions, modify session information in CGI applications, replay authenticated HTTP requests, and cause denial of service.\n\n \n\n### AFFECTED PRODUCTS \n\n**Content Analysis (CA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-9788 | 1.3, 2.1 | Not vulnerable \n2.2 | Upgrade to later version with fixes. \n2.3 and later | Not vulnerable, fixed in 2.3.1.1 \nCVE-2018-1301, CVE-2018-1303 | 1.3, 2.1 | Not vulnerable \n2.2, 2.3 | Upgrade to later version with fixes. \n2.4, 3.0, 3.1 | Not available at this time \n \n \n\nDirector \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2017-9788, CVE-2017-9798, \nCVE-2017-15710, CVE-2018-1301, \nCVE-2018-1302, CVE-2018-1303, \nCVE-2018-1312 | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\n**Malware Analysis (MA)** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-1301 | 4.2 | Upgrade to 4.2.12. \n \n \n\nSecurity Analytics (SA) \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2018-1301 | 7.1, 7.3, 8.0 | Upgrade to later version with fixes. \n7.2 | Not available at this time \n8.1 | Not vulnerable, fixed in 8.1.1 \nCVE-2018-1303 | 7.1, 7.2 | Not vulnerable \n7.3, 8.0 | Upgrade to later version with fixes. \n8.1 | Not vulnerable, fixed in 8.1.1 \n \n \n\n### ADDITIONAL PRODUCT INFORMATION \n\nThe following products are not vulnerable: \n**Advanced Secure Gateway \nAuthConnector \nBCAAA \nCacheFlow \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nGeneral Auth Connector Login Application \nHSM Agent for the Luna SP \nIntelligenceCenter \nIntelligenceCenter Data Collector \nMail Threat Defense \nManagement Center \nNorman Shark Industrial Control System Protection \nPacketShaper \nPacketShaper S-Series \nPolicyCenter \nPolicyCenter S-Series \nProxyAV \nProxyAV ConLog and ConLogXP \nProxySG \nReporter \nSSL Visibility \nUnified Agent \nWeb Isolation \nWSS Mobile Agent \nX-Series XOS**\n\n \n\n### ISSUES\n\nCVE-2017-9788 \n--- \n**Severity / CVSSv3** | Critical / 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n**References** | SecurityFocus: [BID 99569](<https://www.securityfocus.com/bid/99569>) / NVD: [CVE-2017-9788](<https://nvd.nist.gov/vuln/detail/CVE-2017-9788>) \n**Impact** | Denial of service \n**Description** | A flaw in authorization header handling allows a remote attacker to send HTTP requests with crafted authorization headers and obtain sensitive information from server memory or cause denial of service. \n \n \n\nCVE-2017-9789 \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 99568](<https://www.securityfocus.com/bid/99568>) / NVD: [CVE-2017-9789](<https://nvd.nist.gov/vuln/detail/CVE-2017-9789>) \n**Impact** | Unspecified \n**Description** | A flaw in HTTP/2 handling allows a remote attacker to cause the server, while closing many connections under stress, to behave erratically and have unspecified impact. \n \n \n\nCVE-2017-9798 \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 100872](<https://www.securityfocus.com/bid/100872>) / NVD: [CVE-2017-9798](<https://nvd.nist.gov/vuln/detail/CVE-2017-9798>) \n**Impact** | Denial of service \n**Description** | A flaw in HTTP method handling allows a remote attacker to send OPTIONS requests and obtain sensitive information from server memory or cause denial of service. \n \n \n\nCVE-2017-12171 \n--- \n**Severity / CVSSv3** | Medium / 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n**References** | SecurityFocus: [BID 101516](<https://www.securityfocus.com/bid/101516>) / NVD: [CVE-2017-12171](<https://nvd.nist.gov/vuln/detail/CVE-2017-12171>) \n**Impact** | Information disclosure \n**Description** | A flaw in configuration parsing allows a web administrator to unintentionally grant access to a restricted HTTP resource to any client. \n \n \n\nCVE-2017-15710 \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 103512](<https://www.securityfocus.com/bid/103512>) / NVD: [CVE-2017-15710](<https://nvd.nist.gov/vuln/detail/CVE-2017-15710>) \n**Impact** | Denial of service \n**Description** | A flaw in request handling allows a remote attacker to send HTTP requests with crafted Accept-Language headers and cause denial-of-service. \n \n \n\nCVE-2017-15715 \n--- \n**Severity / CVSSv3** | High / 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n**References** | SecurityFocus: [BID 103525](<https://www.securityfocus.com/bid/103525>) / NVD: [CVE-2017-15715](<https://nvd.nist.gov/vuln/detail/CVE-2017-15715>) \n**Impact** | Security control bypass \n**Description** | A flaw in filename matching allows a remote attacker to upload files with crafted filenames and bypass intended security restrictions. \n \n \n\nCVE-2018-1283 \n--- \n**Severity / CVSSv3** | Medium / 5.3 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N) \n**References** | SecurityFocus: [BID 103520](<https://www.securityfocus.com/bid/103520>) / NVD: [CVE-2018-1283](<https://nvd.nist.gov/vuln/detail/CVE-2018-1283>) \n**Impact** | Unauthorized modification of information \n**Description** | A flaw in request header handling that allows a remote attacker to modify session information shared from mod_session to CGI applications. \n \n \n\nCVE-2018-1301 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 103515](<https://www.securityfocus.com/bid/103515>) / NVD: [CVE-2018-1301](<https://nvd.nist.gov/vuln/detail/CVE-2018-1301>) \n**Impact** | Denial of service \n**Description** | A flaw in request header handling that allows a remote attacker to send crafted HTTP requests and cause an application crash, resulting in denial of service. \n \n \n\nCVE-2018-1302 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 103528](<https://www.securityfocus.com/bid/103528>) / NVD: [CVE-2018-1302](<https://nvd.nist.gov/vuln/detail/CVE-2018-1302>) \n**Impact** | Denial of service \n**Description** | A flaw in HTTP/2 connection handling allows a remote attacker to send HTTP/2 requests and cause an application crash, resulting in denial of service. \n \n \n\nCVE-2018-1303 \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 103522](<https://www.securityfocus.com/bid/103522>) / NVD: [CVE-2018-1303](<https://nvd.nist.gov/vuln/detail/CVE-2018-1303>) \n**Impact** | Denial of service \n**Description** | A flaw in HTTP request handling allows a remote attacker to send crafted HTTP requests and cause an application crash, resulting in denial of service. \n \n \n\nCVE-2018-1312 \n--- \n**Severity / CVSSv3** | Critical / 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n**References** | SecurityFocus: [BID 103524](<https://www.securityfocus.com/bid/103524>) / NVD: [CVE-2018-1312](<https://nvd.nist.gov/vuln/detail/CVE-2018-1312>) \n**Impact** | Authentication bypass \n**Description** | A flaw in nonce generation for HTTP Digest authentication challenges allows a remote attacker to replay HTTP requests between servers in the same cluster. \n \n \n\nCVE-2018-1333 \n--- \n**Severity / CVSSv3** | High / 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | NVD: [CVE-2018-1333](<https://nvd.nist.gov/vuln/detail/CVE-2018-1333>) \n**Impact** | Denial of service \n**Description** | A flaw in worker allocation allows a remote attacker to send crafted HTTP/2 requests and cause worker exhaustion, resulting in denial of service. \n \n \n\nCVE-2018-8011 \n--- \n**Severity / CVSSv3** | High / 7.5 ( AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | NVD: [CVE-2018-8011](<https://nvd.nist.gov/vuln/detail/CVE-2018-8011>) \n**Impact** | Denial of service \n**Description** | A flaw in request handling allows a remote attacker to send crafted HTTP requests and cause denial-of-service. \n \n \n\nCVE-2018-11763 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n**References** | SecurityFocus: [BID 105414](<https://www.securityfocus.com/bid/105414>) / NVD: [CVE-2018-11763](<https://nvd.nist.gov/vuln/detail/CVE-2018-11763>) \n**Impact** | Denial of service \n**Description** | A flaw in HTTP/2 connection handling allows a remote attacker to send continuous large SETTINGS frames and cause denial-of-service. \n \n \n\n### REFERENCES\n\nApache HTTP Server 2.2 vulnerabilities - <https://httpd.apache.org/security/vulnerabilities_22.html> \nApache HTTP Server 2.4 vulnerabilities - <https://httpd.apache.org/security/vulnerabilities_24.html>\n\n \n\n### REVISION \n\n2021-02-18 A fix for CA 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-18 A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. \n2020-11-12 Content Analysis 3.1 is vulnerable to CVE-2018-1301 and CVE-2018-1303. \n2020-04-08 Content Analysis 2.4 and 3.0 are vulnerable to CVE-2018-1301 and CVE-2018-1303. Security Analytics 8.1 is not vulnerable because a fix is available in 8.1.1. \n2020-01-19 A fix for MA 4.2 is available in 4.2.12. \n2019-10-03 Web Isolation is not vulnerable. \n2019-09-04 Security Analytics 7.3 and 8.0 are vulnerable to CVE-2018-1303. IntelligenceCenter and IntelligenceCenter Data Collector are not vulnerable. \n2019-02-04 A fix for CA 2.2 will not be provided. Please upgrade to a later version with the vulnerability fixes. Added remaining CVSS v3 base scores from NVD. \n2019-01-21 Security Analytics 8.0 is vulnerable to CVE-2018-1301. \n2018-11-14 Security Analytics 7.1, 7.2, and 7.3 are vulnerable to CVE-2018-1301. \n2018-11-07 initial public release\n", "modified": "2021-02-18T18:03:27", "published": "2018-11-07T08:01:01", "id": "SMNTC-1457", "href": "", "type": "symantec", "title": "Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-15710", "CVE-2017-15715", "CVE-2018-1283", "CVE-2018-1301", "CVE-2018-1302", "CVE-2018-1303", "CVE-2018-1312"], "description": "Arch Linux Security Advisory ASA-201804-4\n=========================================\n\nSeverity: Medium\nDate : 2018-04-04\nCVE-ID : CVE-2017-15710 CVE-2017-15715 CVE-2018-1283 CVE-2018-1301\nCVE-2018-1302 CVE-2018-1303 CVE-2018-1312\nPackage : apache\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-664\n\nSummary\n=======\n\nThe package apache before version 2.4.33-1 is vulnerable to multiple\nissues including session hijacking, access restriction bypass, content\nspoofing and denial of service.\n\nResolution\n==========\n\nUpgrade to 2.4.33-1.\n\n# pacman -Syu \"apache>=2.4.33-1\"\n\nThe problems have been fixed upstream in version 2.4.33.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-15710 (denial of service)\n\nIn Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29,\nmod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the\nAccept-Language header value to lookup the right charset encoding when\nverifying the user's credentials. If the header value is not present in\nthe charset conversion table, a fallback mechanism is used to truncate\nit to a two characters value to allow a quick retry (for example, 'en-\nUS' is truncated to 'en'). A header value of less than two characters\nforces an out of bound write of one NUL byte to a memory location that\nis not part of the string. In the worst case, quite unlikely, the\nprocess would crash which could be used as a Denial of Service attack.\nIn the more likely case, this memory is already reserved for future use\nand the issue has no effect at all.\n\n- CVE-2017-15715 (access restriction bypass)\n\nIn Apache httpd 2.4.0 before 2.4.30, the expression specified in\n<FilesMatch> could match '$' to a newline character in a malicious\nfilename, rather than matching only the end of the filename. This could\nbe exploited in environments where uploads of some files are externally\nblocked, but only by matching the trailing portion of the filename.\n\n- CVE-2018-1283 (session hijacking)\n\nIn Apache httpd 2.2.0 before 2.4.30, when mod_session is configured to\nforward its session data to CGI applications (SessionEnv on, not the\ndefault), a remote user may influence their content by using a\n\"Session\" header. This comes from the \"HTTP_SESSION\" variable name used\nby mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is\nalso used by the Apache HTTP Server to pass HTTP header fields, per CGI\nspecifications.\n\n- CVE-2018-1301 (denial of service)\n\nA specially crafted request could have crashed the Apache HTTP Server\nprior to version 2.4.30, due to an out of bound access after a size\nlimit is reached by reading the HTTP header. This vulnerability is\nconsidered very hard if not impossible to trigger in non-debug mode\n(both log and build level), so it is classified as low risk for common\nserver usage.\n\n- CVE-2018-1302 (denial of service)\n\nWhen an HTTP/2 stream was destroyed after being handled, the Apache\nHTTP Server prior to version 2.4.30 could have written a NULL pointer\npotentially to an already freed memory. The memory pools maintained by\nthe server make this vulnerability hard to trigger in usual\nconfigurations, the reporter and the team could not reproduce it\noutside debug builds, so it is classified as low risk.\n\n- CVE-2018-1303 (denial of service)\n\nA specially crafted HTTP request header could have crashed the Apache\nHTTP Server prior to version 2.4.30 due to an out of bound read while\npreparing data to be cached in shared memory. It could be used as a\nDenial of Service attack against users of mod_cache_socache.\n\n- CVE-2018-1312 (content spoofing)\n\nIn Apache httpd 2.2.0 before 2.4.30, when generating an HTTP Digest\nauthentication challenge, the nonce sent to prevent reply attacks was\nnot correctly generated using a pseudo-random seed. In a cluster of\nservers using a common Digest authentication configuration, HTTP\nrequests could be replayed across servers by an attacker without\ndetection.\n\nImpact\n======\n\nA remote attacker is able to crash a server, hijack a user session,\nupload arbitrary files or spoof requests by providing a crafted\nrequest.\n\nReferences\n==========\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html\nhttps://security.archlinux.org/CVE-2017-15710\nhttps://security.archlinux.org/CVE-2017-15715\nhttps://security.archlinux.org/CVE-2018-1283\nhttps://security.archlinux.org/CVE-2018-1301\nhttps://security.archlinux.org/CVE-2018-1302\nhttps://security.archlinux.org/CVE-2018-1303\nhttps://security.archlinux.org/CVE-2018-1312", "modified": "2018-04-04T00:00:00", "published": "2018-04-04T00:00:00", "id": "ASA-201804-4", "href": "https://security.archlinux.org/ASA-201804-4", "type": "archlinux", "title": "[ASA-201804-4] apache: multiple issues", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2020-10-04T21:15:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-0114", "CVE-2015-0852", "CVE-2015-1832", "CVE-2015-4760", "CVE-2015-7940", "CVE-2015-8965", "CVE-2015-9251", "CVE-2016-0635", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-4000", "CVE-2016-5684", "CVE-2016-6814", "CVE-2016-9389", "CVE-2016-9392", "CVE-2016-9583", "CVE-2017-0379", "CVE-2017-13745", "CVE-2017-14229", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-7525", "CVE-2017-7658", "CVE-2017-9526", "CVE-2017-9798", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000180", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-10933", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11212", "CVE-2018-11307", "CVE-2018-11763", "CVE-2018-11775", "CVE-2018-11776", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1313", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-3125", "CVE-2018-3147", "CVE-2018-3246", "CVE-2018-3303", "CVE-2018-3304", "CVE-2018-3305", "CVE-2018-3309", "CVE-2018-3311", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5390", "CVE-2018-5407", "CVE-2018-6922", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-9206", "CVE-2019-2395", "CVE-2019-2396", "CVE-2019-2397", "CVE-2019-2398", "CVE-2019-2399", "CVE-2019-2400", "CVE-2019-2401", "CVE-2019-2402", "CVE-2019-2403", "CVE-2019-2404", "CVE-2019-2405", "CVE-2019-2406", "CVE-2019-2407", "CVE-2019-2408", "CVE-2019-2409", "CVE-2019-2410", "CVE-2019-2411", "CVE-2019-2412", "CVE-2019-2413", "CVE-2019-2414", "CVE-2019-2415", "CVE-2019-2416", "CVE-2019-2417", "CVE-2019-2418", "CVE-2019-2419", "CVE-2019-2420", "CVE-2019-2421", "CVE-2019-2422", "CVE-2019-2423", "CVE-2019-2425", "CVE-2019-2426", "CVE-2019-2427", "CVE-2019-2429", "CVE-2019-2430", "CVE-2019-2431", "CVE-2019-2432", "CVE-2019-2433", "CVE-2019-2434", "CVE-2019-2435", "CVE-2019-2436", "CVE-2019-2437", "CVE-2019-2438", "CVE-2019-2439", "CVE-2019-2440", "CVE-2019-2441", "CVE-2019-2442", "CVE-2019-2443", "CVE-2019-2444", "CVE-2019-2445", "CVE-2019-2446", "CVE-2019-2447", "CVE-2019-2448", "CVE-2019-2449", "CVE-2019-2450", "CVE-2019-2451", "CVE-2019-2452", "CVE-2019-2453", "CVE-2019-2455", "CVE-2019-2456", "CVE-2019-2457", "CVE-2019-2458", "CVE-2019-2459", "CVE-2019-2460", "CVE-2019-2461", "CVE-2019-2462", "CVE-2019-2463", "CVE-2019-2464", "CVE-2019-2465", "CVE-2019-2466", "CVE-2019-2467", "CVE-2019-2468", "CVE-2019-2469", "CVE-2019-2470", "CVE-2019-2471", "CVE-2019-2472", "CVE-2019-2473", "CVE-2019-2474", "CVE-2019-2475", "CVE-2019-2476", "CVE-2019-2477", "CVE-2019-2478", "CVE-2019-2479", "CVE-2019-2480", "CVE-2019-2481", "CVE-2019-2482", "CVE-2019-2485", "CVE-2019-2486", "CVE-2019-2487", "CVE-2019-2488", "CVE-2019-2489", "CVE-2019-2490", "CVE-2019-2491", "CVE-2019-2492", "CVE-2019-2493", "CVE-2019-2494", "CVE-2019-2495", "CVE-2019-2496", "CVE-2019-2497", "CVE-2019-2498", "CVE-2019-2499", "CVE-2019-2500", "CVE-2019-2501", "CVE-2019-2502", "CVE-2019-2503", "CVE-2019-2504", "CVE-2019-2505", "CVE-2019-2506", "CVE-2019-2507", "CVE-2019-2508", "CVE-2019-2509", "CVE-2019-2510", "CVE-2019-2511", "CVE-2019-2512", "CVE-2019-2513", "CVE-2019-2519", "CVE-2019-2520", "CVE-2019-2521", "CVE-2019-2522", "CVE-2019-2523", "CVE-2019-2524", "CVE-2019-2525", "CVE-2019-2526", "CVE-2019-2527", "CVE-2019-2528", "CVE-2019-2529", "CVE-2019-2530", "CVE-2019-2531", "CVE-2019-2532", "CVE-2019-2533", "CVE-2019-2534", "CVE-2019-2535", "CVE-2019-2536", "CVE-2019-2537", "CVE-2019-2538", "CVE-2019-2539", "CVE-2019-2540", "CVE-2019-2541", "CVE-2019-2543", "CVE-2019-2544", "CVE-2019-2545", "CVE-2019-2546", "CVE-2019-2547", "CVE-2019-2548", "CVE-2019-2549", "CVE-2019-2550", "CVE-2019-2552", "CVE-2019-2553", "CVE-2019-2554", "CVE-2019-2555", "CVE-2019-2556"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 284 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at January 2019 Critical Patch Update: Executive Summary and Analysis.\n", "modified": "2020-02-13T00:00:00", "published": "2019-01-15T00:00:00", "id": "ORACLE:CPUJAN2019", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:20:54", "bulletinFamily": "software", "cvelist": ["CVE-2019-2520", "CVE-2019-2509", "CVE-2015-9251", "CVE-2019-2451", "CVE-2017-9798", "CVE-2019-2488", "CVE-2019-2395", "CVE-2019-2470", "CVE-2015-8965", "CVE-2018-1000120", "CVE-2018-0732", "CVE-2019-2444", "CVE-2018-1000180", "CVE-2019-2427", "CVE-2019-2501", "CVE-2019-2400", "CVE-2019-2529", "CVE-2019-2412", "CVE-2019-2525", "CVE-2019-2532", "CVE-2018-3311", "CVE-2019-2512", "CVE-2019-2471", "CVE-2019-2521", "CVE-2018-9206", "CVE-2019-2419", "CVE-2018-1275", "CVE-2019-2496", "CVE-2018-7489", "CVE-2019-2416", "CVE-2019-2474", "CVE-2019-2494", "CVE-2018-0734", "CVE-2019-2460", "CVE-2019-2531", "CVE-2018-5407", "CVE-2019-2437", "CVE-2017-3735", "CVE-2017-7658", "CVE-2019-2489", "CVE-2019-2448", "CVE-2019-2439", "CVE-2018-1271", "CVE-2019-2490", "CVE-2019-2447", "CVE-2018-14719", "CVE-2019-2547", "CVE-2019-2553", "CVE-2018-3246", "CVE-2019-2528", "CVE-2018-1000121", "CVE-2019-2423", "CVE-2019-2549", "CVE-2018-11039", "CVE-2019-2434", "CVE-2019-2541", "CVE-2019-2410", "CVE-2019-2449", "CVE-2018-11307", "CVE-2019-2543", "CVE-2019-2425", "CVE-2019-2544", "CVE-2018-3304", "CVE-2018-14720", "CVE-2015-1832", "CVE-2019-2445", "CVE-2018-10933", "CVE-2019-2506", "CVE-2016-0635", "CVE-2019-2466", "CVE-2019-2438", "CVE-2019-2546", "CVE-2019-2407", "CVE-2019-2417", "CVE-2019-2511", "CVE-2019-2486", "CVE-2018-14718", "CVE-2019-2482", "CVE-2019-2402", "CVE-2019-2406", "CVE-2018-12022", "CVE-2019-2456", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2530", "CVE-2015-0852", "CVE-2019-2396", "CVE-2019-2554", "CVE-2018-1000122", "CVE-2019-2465", "CVE-2019-2415", "CVE-2018-3303", "CVE-2019-2472", "CVE-2019-2399", "CVE-2019-2519", "CVE-2019-2497", "CVE-2019-2452", "CVE-2017-9526", "CVE-2019-2513", "CVE-2019-2414", "CVE-2019-2420", "CVE-2018-11776", "CVE-2018-3646", "CVE-2018-11775", "CVE-2018-0735", "CVE-2019-2493", "CVE-2019-2527", "CVE-2019-2479", "CVE-2018-1257", "CVE-2019-2473", "CVE-2019-2536", "CVE-2019-2461", "CVE-2018-14721", "CVE-2019-2552", "CVE-2018-1000300", "CVE-2019-2537", "CVE-2019-2504", "CVE-2019-2477", "CVE-2018-11212", "CVE-2019-2397", "CVE-2014-0114", "CVE-2019-2523", "CVE-2019-2443", "CVE-2019-2421", "CVE-2019-2485", "CVE-2019-2442", "CVE-2019-2401", "CVE-2018-0739", "CVE-2019-2539", "CVE-2019-2426", "CVE-2019-2462", "CVE-2019-2436", "CVE-2019-2534", "CVE-2019-2491", "CVE-2019-2510", "CVE-2019-2411", "CVE-2019-2502", "CVE-2018-1313", "CVE-2018-1000613", "CVE-2019-2535", "CVE-2018-8013", "CVE-2019-2432", "CVE-2019-2487", "CVE-2016-9583", "CVE-2019-2463", "CVE-2019-2469", "CVE-2018-1272", "CVE-2017-7525", "CVE-2019-2545", "CVE-2019-2538", "CVE-2019-2500", "CVE-2019-2398", "CVE-2019-2453", "CVE-2018-3147", "CVE-2019-2498", "CVE-2018-1270", "CVE-2017-13745", "CVE-2019-2555", "CVE-2019-2413", "CVE-2016-9389", "CVE-2018-11763", "CVE-2019-2476", "CVE-2018-0733", "CVE-2019-2404", "CVE-2016-5684", "CVE-2016-1181", "CVE-2017-14735", "CVE-2017-3738", "CVE-2019-2548", "CVE-2019-2507", "CVE-2019-2409", "CVE-2019-2533", "CVE-2018-1000632", "CVE-2019-2503", "CVE-2019-2464", "CVE-2019-2435", "CVE-2018-3309", "CVE-2016-9392", "CVE-2019-2522", "CVE-2018-11784", "CVE-2019-2431", "CVE-2017-5645", "CVE-2019-2405", "CVE-2019-2450", "CVE-2019-2478", "CVE-2019-2429", "CVE-2019-2540", "CVE-2019-2467", "CVE-2018-6922", "CVE-2018-5390", "CVE-2015-7940", "CVE-2016-4000", "CVE-2017-3736", "CVE-2019-2524", "CVE-2019-2556", "CVE-2017-0379", "CVE-2019-2495", "CVE-2019-2480", "CVE-2019-2418", "CVE-2018-0737", "CVE-2019-2433", "CVE-2019-2468", "CVE-2019-2457", "CVE-2019-2526", "CVE-2019-2440", "CVE-2017-15095", "CVE-2018-11040", "CVE-2019-2508", "CVE-2019-2422", "CVE-2019-2550", "CVE-2018-3125", "CVE-2016-6814", "CVE-2017-14229", "CVE-2019-2459", "CVE-2016-1000031", "CVE-2019-2481", "CVE-2018-3639", "CVE-2019-2408", "CVE-2019-2446", "CVE-2018-1000301", "CVE-2018-12023", "CVE-2018-3305", "CVE-2015-4760", "CVE-2019-2458", "CVE-2019-2505", "CVE-2019-2430", "CVE-2019-2492", "CVE-2019-2441", "CVE-2019-2403", "CVE-2019-2475", "CVE-2019-2499", "CVE-2019-2455"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 284 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2489117.1>).\n", "modified": "2019-04-18T00:00:00", "published": "2019-01-15T00:00:00", "id": "ORACLE:CPUJAN2019-5072801", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:21:11", "bulletinFamily": "software", "cvelist": ["CVE-2019-2663", "CVE-2019-2688", "CVE-2019-2679", "CVE-2018-19362", "CVE-2017-5533", "CVE-2018-11218", "CVE-2015-9251", "CVE-2019-2634", "CVE-2019-2592", "CVE-2019-2606", "CVE-2019-2677", "CVE-2019-2655", "CVE-2019-2678", "CVE-2019-2617", "CVE-2017-9798", "CVE-2019-2582", "CVE-2019-2618", "CVE-2019-2685", "CVE-2018-3693", "CVE-2018-0732", "CVE-2016-7103", "CVE-2019-2683", "CVE-2017-5753", "CVE-2019-2612", "CVE-2017-5754", "CVE-2018-1000180", "CVE-2019-2726", "CVE-2014-7923", "CVE-2018-1304", "CVE-2019-2616", "CVE-2017-8287", "CVE-2019-2704", "CVE-2019-2565", "CVE-2019-2587", "CVE-2019-2639", "CVE-2019-2703", "CVE-2018-1000004", "CVE-2019-2647", "CVE-2019-2574", "CVE-2019-2706", "CVE-2019-2598", "CVE-2019-2614", "CVE-2018-2880", "CVE-2018-7566", "CVE-2018-12384", "CVE-2015-5922", "CVE-2018-7489", "CVE-2018-19361", "CVE-2019-2689", "CVE-2019-2596", "CVE-2017-15265", "CVE-2018-0734", "CVE-2019-2700", "CVE-2019-2695", "CVE-2019-2624", "CVE-2019-2651", "CVE-2017-7867", "CVE-2019-2611", "CVE-2018-5407", "CVE-2019-0190", "CVE-2018-0495", "CVE-2019-2595", "CVE-2019-2681", "CVE-2017-3735", "CVE-2019-2603", "CVE-2019-2660", "CVE-2019-2580", "CVE-2018-15756", "CVE-2018-14719", "CVE-2019-3823", "CVE-2017-0861", "CVE-2019-2697", "CVE-2019-2517", "CVE-2019-2662", "CVE-2016-3092", "CVE-2019-2709", "CVE-2018-11039", "CVE-2018-11761", "CVE-2018-12539", "CVE-2019-2579", "CVE-2018-11307", "CVE-2019-2566", "CVE-2019-2576", "CVE-2019-2551", "CVE-2014-7940", "CVE-2018-14720", "CVE-2018-16865", "CVE-2019-2571", "CVE-2019-2664", "CVE-2015-1832", "CVE-2016-0635", "CVE-2019-2558", "CVE-2019-2686", "CVE-2018-3120", "CVE-2018-14718", "CVE-2019-2602", "CVE-2019-2722", "CVE-2019-2573", "CVE-2016-7055", "CVE-2019-2605", "CVE-2018-16864", "CVE-2018-10901", "CVE-2014-9515", "CVE-2019-2633", "CVE-2015-3253", "CVE-2017-3731", "CVE-2014-9654", "CVE-2019-2583", "CVE-2019-2601", "CVE-2019-2673", "CVE-2019-2650", "CVE-2019-2687", "CVE-2018-12022", "CVE-2019-2682", "CVE-2018-20685", "CVE-2016-1182", "CVE-2018-1258", "CVE-2019-2621", "CVE-2019-2640", "CVE-2019-2642", "CVE-2019-2567", "CVE-2018-1305", "CVE-2017-17484", "CVE-2019-2713", "CVE-2018-11219", "CVE-2019-2645", "CVE-2018-16890", "CVE-2018-12404", "CVE-2019-2623", "CVE-2019-2701", "CVE-2018-3646", "CVE-2018-11237", "CVE-2018-11775", "CVE-2019-2572", "CVE-2019-2720", "CVE-2018-0735", "CVE-2019-2692", "CVE-2019-2581", "CVE-2019-2589", "CVE-2018-6485", "CVE-2018-1257", "CVE-2019-2691", "CVE-2014-8147", "CVE-2019-2698", "CVE-2019-2712", "CVE-2017-8105", "CVE-2019-2646", "CVE-2018-14721", "CVE-2018-8088", "CVE-2019-3772", "CVE-2019-2694", "CVE-2018-3314", "CVE-2019-2619", "CVE-2014-0114", "CVE-2019-2630", "CVE-2017-3732", "CVE-2019-2613", "CVE-2019-2629", "CVE-2018-0739", "CVE-2019-2670", "CVE-2019-2636", "CVE-2019-2564", "CVE-2019-2693", "CVE-2019-2609", "CVE-2019-2577", "CVE-2018-8034", "CVE-2019-2631", "CVE-2019-2649", "CVE-2019-2578", "CVE-2019-2684", "CVE-2019-2699", "CVE-2019-2656", "CVE-2019-2653", "CVE-2019-2591", "CVE-2018-1000613", "CVE-2014-9911", "CVE-2019-2570", "CVE-2018-8013", "CVE-2016-7415", "CVE-2019-2648", "CVE-2019-2707", "CVE-2018-3620", "CVE-2019-2632", "CVE-2019-2628", "CVE-2018-0161", "CVE-2019-2641", "CVE-2018-11236", "CVE-2014-8146", "CVE-2017-7525", "CVE-2019-2723", "CVE-2019-2635", "CVE-2018-3123", "CVE-2019-2615", "CVE-2019-2638", "CVE-2019-2597", "CVE-2016-6293", "CVE-2018-3312", "CVE-2014-7926", "CVE-2019-2676", "CVE-2017-3733", "CVE-2017-5664", "CVE-2019-2696", "CVE-2018-19360", "CVE-2018-11763", "CVE-2018-0733", "CVE-2019-2654", "CVE-2019-2643", "CVE-2019-2644", "CVE-2018-17199", "CVE-2016-1181", "CVE-2019-2627", "CVE-2019-2708", "CVE-2019-2665", "CVE-2019-2658", "CVE-2016-8735", "CVE-2019-2424", "CVE-2018-17189", "CVE-2019-2516", "CVE-2017-3738", "CVE-2019-2607", "CVE-2019-2671", "CVE-2019-2705", "CVE-2019-2721", "CVE-2019-2588", "CVE-2019-2675", "CVE-2019-1559", "CVE-2019-2604", "CVE-2017-7868", "CVE-2019-2594", "CVE-2019-2669", "CVE-2018-11784", "CVE-2017-5645", "CVE-2019-2586", "CVE-2019-2661", "CVE-2019-2657", "CVE-2017-12617", "CVE-2019-3822", "CVE-2019-2620", "CVE-2019-2593", "CVE-2019-2568", "CVE-2019-2690", "CVE-2019-2610", "CVE-2016-4000", "CVE-2017-3736", "CVE-2019-2702", "CVE-2019-2622", "CVE-2019-2626", "CVE-2019-2637", "CVE-2019-2518", "CVE-2018-0737", "CVE-2017-14952", "CVE-2014-0107", "CVE-2019-2674", "CVE-2019-2575", "CVE-2019-2652", "CVE-2019-2584", "CVE-2016-2141", "CVE-2019-2557", "CVE-2019-2719", "CVE-2019-2680", "CVE-2018-11040", "CVE-2017-3730", "CVE-2019-2659", "CVE-2019-2585", "CVE-2019-2625", "CVE-2016-1000031", "CVE-2019-2590", "CVE-2018-12023", "CVE-2018-1656", "CVE-2019-2600", "CVE-2019-2608"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 297 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2494878.1>).\n", "modified": "2019-05-28T00:00:00", "published": "2019-04-16T00:00:00", "id": "ORACLE:CPUAPR2019-5072813", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - April 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-0107", "CVE-2014-0114", "CVE-2014-7923", "CVE-2014-7926", "CVE-2014-7940", "CVE-2014-8146", "CVE-2014-8147", "CVE-2014-9515", "CVE-2014-9654", "CVE-2014-9911", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-5922", "CVE-2015-9251", "CVE-2016-0635", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2141", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-6293", "CVE-2016-7055", "CVE-2016-7103", "CVE-2016-7415", "CVE-2016-8735", "CVE-2017-0861", "CVE-2017-12617", "CVE-2017-14952", "CVE-2017-15265", "CVE-2017-17484", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3733", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3738", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5664", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7525", "CVE-2017-7867", "CVE-2017-7868", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9798", "CVE-2018-0161", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0734", "CVE-2018-0735", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000004", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-10901", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11218", "CVE-2018-11219", "CVE-2018-11236", "CVE-2018-11237", "CVE-2018-11307", "CVE-2018-11761", "CVE-2018-11763", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12384", "CVE-2018-12404", "CVE-2018-12539", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-1656", "CVE-2018-16864", "CVE-2018-16865", "CVE-2018-16890", "CVE-2018-17189", "CVE-2018-17199", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-20685", "CVE-2018-2880", "CVE-2018-3120", "CVE-2018-3123", "CVE-2018-3312", "CVE-2018-3314", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-3693", "CVE-2018-5407", "CVE-2018-6485", "CVE-2018-7489", "CVE-2018-7566", "CVE-2018-8013", "CVE-2018-8034", "CVE-2018-8088", "CVE-2019-0190", "CVE-2019-1559", "CVE-2019-2424", "CVE-2019-2516", "CVE-2019-2517", "CVE-2019-2518", "CVE-2019-2551", "CVE-2019-2557", "CVE-2019-2558", "CVE-2019-2564", "CVE-2019-2565", "CVE-2019-2566", "CVE-2019-2567", "CVE-2019-2568", "CVE-2019-2570", "CVE-2019-2571", "CVE-2019-2572", "CVE-2019-2573", "CVE-2019-2574", "CVE-2019-2575", "CVE-2019-2576", "CVE-2019-2577", "CVE-2019-2578", "CVE-2019-2579", "CVE-2019-2580", "CVE-2019-2581", "CVE-2019-2582", "CVE-2019-2583", "CVE-2019-2584", "CVE-2019-2585", "CVE-2019-2586", "CVE-2019-2587", "CVE-2019-2588", "CVE-2019-2589", "CVE-2019-2590", "CVE-2019-2591", "CVE-2019-2592", "CVE-2019-2593", "CVE-2019-2594", "CVE-2019-2595", "CVE-2019-2596", "CVE-2019-2597", "CVE-2019-2598", "CVE-2019-2600", "CVE-2019-2601", "CVE-2019-2602", "CVE-2019-2603", "CVE-2019-2604", "CVE-2019-2605", "CVE-2019-2606", "CVE-2019-2607", "CVE-2019-2608", "CVE-2019-2609", "CVE-2019-2610", "CVE-2019-2611", "CVE-2019-2612", "CVE-2019-2613", "CVE-2019-2614", "CVE-2019-2615", "CVE-2019-2616", "CVE-2019-2617", "CVE-2019-2618", "CVE-2019-2619", "CVE-2019-2620", "CVE-2019-2621", "CVE-2019-2622", "CVE-2019-2623", "CVE-2019-2624", "CVE-2019-2625", "CVE-2019-2626", "CVE-2019-2627", "CVE-2019-2628", "CVE-2019-2629", "CVE-2019-2630", "CVE-2019-2631", "CVE-2019-2632", "CVE-2019-2633", "CVE-2019-2634", "CVE-2019-2635", "CVE-2019-2636", "CVE-2019-2637", "CVE-2019-2638", "CVE-2019-2639", "CVE-2019-2640", "CVE-2019-2641", "CVE-2019-2642", "CVE-2019-2643", "CVE-2019-2644", "CVE-2019-2645", "CVE-2019-2646", "CVE-2019-2647", "CVE-2019-2648", "CVE-2019-2649", "CVE-2019-2650", "CVE-2019-2651", "CVE-2019-2652", "CVE-2019-2653", "CVE-2019-2654", "CVE-2019-2655", "CVE-2019-2656", "CVE-2019-2657", "CVE-2019-2658", "CVE-2019-2659", "CVE-2019-2660", "CVE-2019-2661", "CVE-2019-2662", "CVE-2019-2663", "CVE-2019-2664", "CVE-2019-2665", "CVE-2019-2669", "CVE-2019-2670", "CVE-2019-2671", "CVE-2019-2673", "CVE-2019-2674", "CVE-2019-2675", "CVE-2019-2676", "CVE-2019-2677", "CVE-2019-2678", "CVE-2019-2679", "CVE-2019-2680", "CVE-2019-2681", "CVE-2019-2682", "CVE-2019-2683", "CVE-2019-2684", "CVE-2019-2685", "CVE-2019-2686", "CVE-2019-2687", "CVE-2019-2688", "CVE-2019-2689", "CVE-2019-2690", "CVE-2019-2691", "CVE-2019-2692", "CVE-2019-2693", "CVE-2019-2694", "CVE-2019-2695", "CVE-2019-2696", "CVE-2019-2697", "CVE-2019-2698", "CVE-2019-2699", "CVE-2019-2700", "CVE-2019-2701", "CVE-2019-2702", "CVE-2019-2703", "CVE-2019-2704", "CVE-2019-2705", "CVE-2019-2706", "CVE-2019-2707", "CVE-2019-2708", "CVE-2019-2709", "CVE-2019-2712", "CVE-2019-2713", "CVE-2019-2719", "CVE-2019-2720", "CVE-2019-2721", "CVE-2019-2722", "CVE-2019-2723", "CVE-2019-2726", "CVE-2019-3772", "CVE-2019-3822", "CVE-2019-3823"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 297 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2019 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2494878.1>).\n", "modified": "2019-05-28T00:00:00", "published": "2019-04-16T00:00:00", "id": "ORACLE:CPUAPR2019", "href": "", "type": "oracle", "title": " Oracle Critical Patch Update Advisory - April 2019", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
