Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2009 E-Soft Inc. http://www.securityspace.comOPENVAS:64443
HistoryJul 29, 2009 - 12:00 a.m.

Ubuntu USN-802-1 (apache2)

2009-07-2900:00:00
Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
plugins.openvas.org
14

0.97 High

EPSS

Percentile

99.7%

JSON

The remote host is missing an update to apache2
announced via advisory USN-802-1.

# OpenVAS Vulnerability Test
# $Id: ubuntu_802_1.nasl 7969 2017-12-01 09:23:16Z santu $
# $Id: ubuntu_802_1.nasl 7969 2017-12-01 09:23:16Z santu $
# Description: Auto-generated from advisory USN-802-1 (apache2)
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_solution = "The problem can be corrected by upgrading your system to the
 following package versions:

Ubuntu 6.06 LTS:
  apache2-common                  2.0.55-4ubuntu2.6
  apache2-mpm-perchild            2.0.55-4ubuntu2.6
  apache2-mpm-prefork             2.0.55-4ubuntu2.6
  apache2-mpm-worker              2.0.55-4ubuntu2.6
  libapr0                         2.0.55-4ubuntu2.6

Ubuntu 8.04 LTS:
  apache2-mpm-event               2.2.8-1ubuntu0.10
  apache2-mpm-perchild            2.2.8-1ubuntu0.10
  apache2-mpm-prefork             2.2.8-1ubuntu0.10
  apache2-mpm-worker              2.2.8-1ubuntu0.10
  apache2.2-common                2.2.8-1ubuntu0.10

Ubuntu 8.10:
  apache2-mpm-event               2.2.9-7ubuntu3.2
  apache2-mpm-prefork             2.2.9-7ubuntu3.2
  apache2-mpm-worker              2.2.9-7ubuntu3.2
  apache2.2-common                2.2.9-7ubuntu3.2

Ubuntu 9.04:
  apache2-mpm-event               2.2.11-2ubuntu2.2
  apache2-mpm-prefork             2.2.11-2ubuntu2.2
  apache2-mpm-worker              2.2.11-2ubuntu2.2
  apache2.2-common                2.2.11-2ubuntu2.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-802-1";

tag_insight = "It was discovered that mod_proxy_http did not properly handle a large
amount of streamed data when used as a reverse proxy. A remote attacker
could exploit this and cause a denial of service via memory resource
consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.
(CVE-2009-1890)

It was discovered that mod_deflate did not abort compressing large files
when the connection was closed. A remote attacker could exploit this and
cause a denial of service via CPU resource consumption. (CVE-2009-1891)";
tag_summary = "The remote host is missing an update to apache2
announced via advisory USN-802-1.";

                                                                                


if(description)
{
 script_id(64443);
 script_version("$Revision: 7969 $");
 script_tag(name:"last_modification", value:"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $");
 script_tag(name:"creation_date", value:"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)");
 script_cve_id("CVE-2009-1890", "CVE-2009-1891", "CVE-2008-2327", "CVE-2009-2285", "CVE-2009-2347", "CVE-2009-2295", "CVE-2009-0858", "CVE-2009-2334", "CVE-2009-2335", "CVE-2009-2336", "CVE-2008-0196", "CVE-2009-2360", "CVE-2009-0040", "CVE-2009-0352", "CVE-2009-0353", "CVE-2009-0652", "CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774", "CVE-2009-0776", "CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1307", "CVE-2009-1832", "CVE-2009-1392", "CVE-2009-1836", "CVE-2009-1838", "CVE-2009-1841", "CVE-2009-1185", "CVE-2009-0034", "CVE-2009-0037", "CVE-2009-1422", "CVE-2009-1423", "CVE-2009-1424", "CVE-2009-1425", "CVE-2009-1959");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("Ubuntu USN-802-1 (apache2)");



 script_category(ACT_GATHER_INFO);
 script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-802-1/");

 script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
 script_family("Ubuntu Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"apache2-doc", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-common", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-perchild", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-prefork", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-worker", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-prefork-dev", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-threaded-dev", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-utils", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libapr0-dev", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libapr0", ver:"2.0.55-4ubuntu2.6", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-doc", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-perchild", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-src", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-event", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-prefork", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-worker", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-prefork-dev", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-threaded-dev", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-utils", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.8-1ubuntu0.10", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-doc", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-src", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-event", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-prefork", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-worker", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-prefork-dev", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-suexec-custom", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-suexec", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-threaded-dev", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-utils", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.9-7ubuntu3.2", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-doc", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-src", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-event", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-prefork", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-mpm-worker", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-prefork-dev", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-threaded-dev", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-utils", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2.2-common", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-suexec-custom", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"apache2-suexec", ver:"2.2.11-2ubuntu2.2", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libcamlimages-ocaml-doc", ver:"2.2.0-4+lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libcamlimages-ocaml-dev", ver:"2.2.0-4+lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libcamlimages-ocaml", ver:"2.2.0-4+lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"dnscache-run", ver:"1.05-4+lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"djbdns", ver:"1.05-4+lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"dbndns", ver:"1.05-4+lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"sork-passwd-h3", ver:"3.0-2+lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove", ver:"2.0.0.22-0lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove-dbg", ver:"2.0.0.22-0lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove-gnome-support", ver:"2.0.0.22-0lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"icedove-dev", ver:"2.0.0.22-0lenny1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"irssi-dev", ver:"0.8.10-1ubuntu1.1", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"irssi-text", ver:"0.8.10-1ubuntu1.1", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"irssi", ver:"0.8.10-1ubuntu1.1", rls:"UBUNTU6.06 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"irssi-dev", ver:"0.8.12-3ubuntu3.1", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"irssi", ver:"0.8.12-3ubuntu3.1", rls:"UBUNTU8.04 LTS")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"irssi-dev", ver:"0.8.12-4ubuntu2.1", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"irssi", ver:"0.8.12-4ubuntu2.1", rls:"UBUNTU8.10")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"irssi-dev", ver:"0.8.12-6ubuntu1.1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"irssi", ver:"0.8.12-6ubuntu1.1", rls:"UBUNTU9.04")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

Related

openvas 80
debian 2
osv 2
nessus 48
securityvulns 5
suse 2
packetstorm 1
exploitpack 1
seebug 2
mozilla 1
ubuntu 2
fedora 39
prion 3
cve 3
oraclelinux 2
centos 2
exploitdb 1
redhat 2
vmware 1
openvas
openvas
Ubuntu USN-801-1 (tiff)
2009-07-29 00:00:00
Ubuntu USN-799-1 (dbus)
2009-07-29 00:00:00
Debian Security Advisory DSA 1830-1 (icedove)
2009-07-29 00:00:00
debian
debian
[SECURITY] [DSA 1830-1] New icedove packages fix several vulnerabilities
2009-07-12 11:21:02
[SECURITY] [DSA 1751-1] New xulrunner packages fix several vulnerabilities
2009-03-22 21:30:20
osv
osv
icedove - several vulnerabilities
2009-07-12 00:00:00
xulrunner - several vulnerabilities
2009-03-22 00:00:00
nessus
nessus
Debian DSA-1830-1 : icedove - several vulnerabilities
2010-02-24 00:00:00
Mozilla Thunderbird < 2.0.0.21 Multiple Vulnerabilities
2009-03-20 00:00:00
Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-083-03)
2009-03-25 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBGN02446 SSRT090111 rev.1 - HP ProCurve Threat Management Services zl Module &#40;J9155A&#41;, Remote Unauthorized Access, Denial of Service &#40;DoS&#41;
2009-07-14 00:00:00
HP ProCurve Threat Management Services zl Module multiple security vulnerabilities
2009-07-14 00:00:00
CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
2009-07-09 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-04-20 12:01:40
remote code execution in MozillaFirefox
2009-03-16 14:15:07
packetstorm
packetstorm
Core Security Technologies Advisory 2009.0515
2009-07-08 00:00:00
exploitpack
exploitpack
WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures
2009-07-10 00:00:00
seebug
seebug
WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures
2009-07-09 00:00:00
WordPress Privileges Unchecked in admin.php and Multiple Information
2009-07-10 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.9.0.7) — Mozilla
2009-03-04 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2009-03-19 00:00:00
Firefox and Xulrunner vulnerabilities
2009-03-05 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: thunderbird-2.0.0.21-1.fc10
2009-03-21 01:28:34
[SECURITY] Fedora 9 Update: thunderbird-2.0.0.21-1.fc9
2009-03-21 01:29:45
[SECURITY] Fedora 10 Update: seamonkey-1.1.15-3.fc10
2009-03-31 20:30:56
prion
prion
Design/Logic Flaw
2009-07-14 20:30:00
Design/Logic Flaw
2009-07-14 20:30:00
Design/Logic Flaw
2009-07-14 20:30:00
cve
cve
CVE-2009-1423
2009-07-14 20:30:00
CVE-2009-1424
2009-07-14 20:30:00
CVE-2009-1425
2009-07-14 20:30:00
oraclelinux
oraclelinux
firefox security update
2009-03-05 00:00:00
thunderbird security update
2009-03-24 00:00:00
centos
centos
firefox, xulrunner security update
2009-03-06 22:05:42
thunderbird security update
2009-05-19 14:34:53
exploitdb
exploitdb
WordPress Core / MU / Plugins - &#039;/admin.php&#039; Privileges Unchecked / Multiple Information Disclosures
2009-07-10 00:00:00
redhat
redhat
(RHSA-2009:0315) Critical: firefox security update
2009-03-04 00:00:00
(RHSA-2009:0258) Moderate: thunderbird security update
2009-03-24 00:00:00
vmware
vmware
ESX Service Console updates for udev, sudo, and curl
2009-07-10 00:00:00

0.97 High

EPSS

Percentile

99.7%

JSON
Related for OPENVAS:64443
openvas80debian2osv2nessus48securityvulns5suse2packetstorm1exploitpack1seebug2mozilla1ubuntu2fedora39prion3cve3oraclelinux2centos2exploitdb1redhat2vmware1