Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114202133351HistoryOct 13, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2021:3335-1)
2021-10-1300:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
4
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2021.3335.1");
script_cve_id("CVE-2021-33193", "CVE-2021-34798", "CVE-2021-36160", "CVE-2021-39275", "CVE-2021-40438");
script_tag(name:"creation_date", value:"2021-10-13 06:29:00 +0000 (Wed, 13 Oct 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-09-30 15:20:22 +0000 (Thu, 30 Sep 2021)");
script_name("SUSE: Security Advisory (SUSE-SU-2021:3335-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0|SLES15\.0SP1)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2021:3335-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2021/suse-su-20213335-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'apache2' package(s) announced via the SUSE-SU-2021:3335-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for apache2 fixes the following issues:
CVE-2021-40438: Fixed a SRF via a crafted request uri-path. (bsc#1190703)
CVE-2021-36160: Fixed an out-of-bounds read via a crafted request
uri-path. (bsc#1190702)
CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes() via
malicious input. (bsc#1190666)
CVE-2021-34798: Fixed a NULL pointer dereference via malformed requests.
(bsc#1190669)
CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and
mod_proxy. (bsc#1189387)");
script_tag(name:"affected", value:"'apache2' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0") {
if(!isnull(res = isrpmvuln(pkg:"apache2", rpm:"apache2~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-debuginfo", rpm:"apache2-debuginfo~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-debugsource", rpm:"apache2-debugsource~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-devel", rpm:"apache2-devel~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-doc", rpm:"apache2-doc~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-prefork", rpm:"apache2-prefork~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-prefork-debuginfo", rpm:"apache2-prefork-debuginfo~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-utils", rpm:"apache2-utils~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-utils-debuginfo", rpm:"apache2-utils-debuginfo~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-worker", rpm:"apache2-worker~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-worker-debuginfo", rpm:"apache2-worker-debuginfo~2.4.33~3.55.1", rls:"SLES15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"apache2", rpm:"apache2~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-debuginfo", rpm:"apache2-debuginfo~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-debugsource", rpm:"apache2-debugsource~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-devel", rpm:"apache2-devel~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-doc", rpm:"apache2-doc~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-prefork", rpm:"apache2-prefork~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-prefork-debuginfo", rpm:"apache2-prefork-debuginfo~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-utils", rpm:"apache2-utils~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-utils-debuginfo", rpm:"apache2-utils-debuginfo~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-worker", rpm:"apache2-worker~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"apache2-worker-debuginfo", rpm:"apache2-worker-debuginfo~2.4.33~3.55.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
SUSE SLES15 Security Update : apache2 (SUSE-SU-2021:3335-1)
2021-10-13 00:00:00
osv
osv
apache2 vulnerabilities
2021-09-27 14:06:45
apache2 regression
2021-09-28 15:05:47
apache2 regression
2021-09-28 13:28:37
slackware
slackware
[slackware-security] httpd
2021-09-17 04:22:20
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.49-alt1
2021-09-23 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.49-alt1
2021-10-04 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5090-3)
2021-09-29 00:00:00
Ubuntu: Security Advisory (USN-5090-4)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-5090-1)
2021-09-28 00:00:00
kaspersky
kaspersky
KLA12370 Multiple vulnerabilities in Apache HTTP Server
2021-09-16 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2021-09-27 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
Apache HTTP Server regression
2021-09-28 00:00:00
mageia
mageia
Updated apache packages fix security vulnerability
2021-09-23 07:49:29
freebsd
freebsd
Apache httpd -- multiple vulnerabilities
2021-09-16 00:00:00
cisco
cisco
suse
suse
Security update for apache2 (important)
2021-11-02 00:00:00
Security update for apache2 (important)
2021-10-26 00:00:00
Security update for apache2 (important)
2021-09-07 00:00:00
debian
debian
[SECURITY] [DSA 4982-1] apache2 security update
2021-10-08 20:56:04
[SECURITY] [DLA 2776-1] apache2 security update
2021-10-02 16:07:56
[SECURITY] [DLA 2768-2] uwsgi regression update
2021-10-20 18:04:40
ibm
ibm
ics
ics
Siemens Apache HTTP Server (Update A)
2022-10-13 12:00:00
amazon
amazon
Important: httpd
2021-10-15 07:57:00
Important: httpd24
2021-10-15 07:52:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0437
2021-10-01 00:00:00
Critical Photon OS Security Update - PHSA-2021-0309
2021-10-01 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0309
2021-10-02 00:00:00
oraclelinux
oraclelinux
httpd:2.4 security update
2022-03-16 00:00:00
httpd security update
2021-12-16 00:00:00
httpd:2.4 security update
2022-01-06 00:00:00
attackerkb
attackerkb
CVE-2021-40438
2021-09-16 00:00:00
redhat
redhat
(RHSA-2022:0891) Moderate: httpd:2.4 security update
2022-03-15 09:10:44
(RHSA-2022:7143) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
2022-10-26 20:05:14
(RHSA-2022:1915) Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
almalinux
almalinux
Moderate: httpd:2.4 security update
2022-03-15 09:10:44
Moderate: httpd:2.4 security and bug fix update
2022-05-10 08:07:40
rocky
rocky
httpd:2.4 security update
2022-03-15 09:10:44
httpd:2.4 security and bug fix update
2022-05-10 08:07:40
fedora
fedora
[SECURITY] Fedora 34 Update: httpd-2.4.49-1.fc34
2021-09-20 13:58:04
[SECURITY] Fedora 35 Update: httpd-2.4.49-1.fc35
2021-09-24 20:56:12
rosalinux
rosalinux
Advisory ROSA-SA-2023-2158
2023-04-25 11:30:17
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2022-01-25 17:31:14
cbl_mariner
cbl_mariner
CVE-2021-33193 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
CVE-2021-33193 affecting package httpd 2.4.46-6
2021-09-09 15:02:57
CVE-2021-36160 affecting package httpd 2.4.46-6
2021-10-15 04:46:31
debiancve
debiancve
prion
prion
Input validation
2021-08-16 08:15:00
Design/Logic Flaw
2021-09-16 15:15:00
redhatcve
redhatcve
CVE-2021-33193
2021-08-12 02:03:43
CVE-2021-36160
2021-09-16 21:58:07
cve
cve
CVE-2021-33193
2021-08-16 08:15:00
CVE-2021-36160
2021-09-16 15:15:00
veracode
veracode
Privilege Escalation
2021-08-13 01:56:49
Denial Of Service (DoS)
2021-09-20 05:04:34
ubuntucve
ubuntucve
CVE-2021-36160
2021-09-16 00:00:00
CVE-2021-33193
2021-08-16 00:00:00
f5
f5
K94828628 : Apache mod_proxy HTTP/2 vulnerability CVE-2021-33193
2021-09-13 00:00:00
K13401920 : Apache HTTPD vulnerability CVE-2021-36160
2021-10-20 00:00:00
hackerone
hackerone
Internet Bug Bounty: Request line injection via HTTP/2 in Apache mod_proxy
2021-11-04 13:39:46
alpinelinux
alpinelinux
CVE-2021-33193
2021-08-16 08:15:00
httpd
httpd
cnvd
cnvd
Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)
2021-09-18 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Related for OPENVAS:13614125623114202133351