Lucene search
Copyright (c) 2011 Greenbone Networks GmbHOPENVAS:831491HistoryNov 11, 2011 - 12:00 a.m.
Mandriva Update for apache MDVSA-2011:168 (apache)
2011-11-1100:00:00
Copyright (c) 2011 Greenbone Networks GmbH
plugins.openvas.org
22
0.966 High
EPSS
Percentile
99.5%
Check for the Version of apache
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for apache MDVSA-2011:168 (apache)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "A vulnerability has been discovered and corrected in apache:
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21,
when used with mod_proxy_balancer in certain configurations, allows
remote attackers to cause a denial of service (temporary error state
in the backend server) via a malformed HTTP request (CVE-2011-3348).
The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory
introduced regressions in the way httpd handled certain Range HTTP
header values.
The updated packages have been patched to correct these issues.";
tag_solution = "Please Install the Updated Packages.";
tag_affected = "apache on Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2011-11/msg00009.php");
script_id(831491);
script_version("$Revision: 6570 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $");
script_tag(name:"creation_date", value:"2011-11-11 10:03:14 +0530 (Fri, 11 Nov 2011)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_xref(name: "MDVSA", value: "2011:168");
script_cve_id("CVE-2011-3348", "CVE-2011-3192");
script_name("Mandriva Update for apache MDVSA-2011:168 (apache)");
script_summary("Check for the Version of apache");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_mes5")
{
if ((res = isrpmvuln(pkg:"apache-base", rpm:"apache-base~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-devel", rpm:"apache-devel~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-htcacheclean", rpm:"apache-htcacheclean~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_authn_dbd", rpm:"apache-mod_authn_dbd~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_cache", rpm:"apache-mod_cache~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_dav", rpm:"apache-mod_dav~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_dbd", rpm:"apache-mod_dbd~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_deflate", rpm:"apache-mod_deflate~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_disk_cache", rpm:"apache-mod_disk_cache~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_file_cache", rpm:"apache-mod_file_cache~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_ldap", rpm:"apache-mod_ldap~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_mem_cache", rpm:"apache-mod_mem_cache~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_proxy", rpm:"apache-mod_proxy~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_proxy_ajp", rpm:"apache-mod_proxy_ajp~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_ssl", rpm:"apache-mod_ssl~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-modules", rpm:"apache-modules~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_userdir", rpm:"apache-mod_userdir~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-event", rpm:"apache-mpm-event~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-itk", rpm:"apache-mpm-itk~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-peruser", rpm:"apache-mpm-peruser~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-prefork", rpm:"apache-mpm-prefork~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-worker", rpm:"apache-mpm-worker~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-source", rpm:"apache-source~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache", rpm:"apache~2.2.9~12.14mdvmes5.2", rls:"MNDK_mes5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2010.1")
{
if ((res = isrpmvuln(pkg:"apache-base", rpm:"apache-base~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-devel", rpm:"apache-devel~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-htcacheclean", rpm:"apache-htcacheclean~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_authn_dbd", rpm:"apache-mod_authn_dbd~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_cache", rpm:"apache-mod_cache~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_dav", rpm:"apache-mod_dav~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_dbd", rpm:"apache-mod_dbd~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_deflate", rpm:"apache-mod_deflate~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_disk_cache", rpm:"apache-mod_disk_cache~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_file_cache", rpm:"apache-mod_file_cache~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_ldap", rpm:"apache-mod_ldap~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_mem_cache", rpm:"apache-mod_mem_cache~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_proxy", rpm:"apache-mod_proxy~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_proxy_ajp", rpm:"apache-mod_proxy_ajp~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_proxy_scgi", rpm:"apache-mod_proxy_scgi~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_reqtimeout", rpm:"apache-mod_reqtimeout~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_ssl", rpm:"apache-mod_ssl~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-modules", rpm:"apache-modules~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mod_userdir", rpm:"apache-mod_userdir~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-event", rpm:"apache-mpm-event~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-itk", rpm:"apache-mpm-itk~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-peruser", rpm:"apache-mpm-peruser~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-prefork", rpm:"apache-mpm-prefork~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-mpm-worker", rpm:"apache-mpm-worker~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache-source", rpm:"apache-source~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"apache", rpm:"apache~2.2.15~3.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
threatpost
threatpost
Apache Releases Version 2.2.21 With New Fix For Range Header Flaw
2011-09-14 15:29:14
Apache Fixes Range Header DoS Flaw
2011-08-31 10:30:00
nessus
nessus
Mandriva Linux Security Advisory : apache (MDVSA-2011:168)
2011-11-10 00:00:00
Fedora 15 : httpd-2.2.21-1.fc15 (2011-12715)
2011-09-16 00:00:00
SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5344)
2011-12-13 00:00:00
securityvulns
securityvulns
Multiple HTTP servers DoS
2011-10-20 00:00:00
openvas
openvas
Fedora Update for httpd FEDORA-2011-12715
2011-09-16 00:00:00
Slackware: Security Advisory (SSA:2011-284-01)
2012-09-10 00:00:00
Mandriva Update for apache MDVSA-2011:168 (apache)
2011-11-11 00:00:00
slackware
slackware
[slackware-security] httpd
2011-10-14 23:59:50
[slackware-security] httpd
2011-09-09 14:05:46
fedora
fedora
[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15
2011-09-16 01:58:28
[SECURITY] Fedora 16 Update: httpd-2.2.21-1.fc16
2011-09-30 19:07:35
suse
suse
Security update for Apache2 (important)
2011-11-04 09:08:25
apache2: Fixed several security issues (important)
2011-11-04 09:08:34
Security update for Apache (important)
2011-09-06 18:08:19
redhat
redhat
(RHSA-2011:1391) Moderate: httpd security and bug fix update
2011-10-20 00:00:00
(RHSA-2011:1369) Important: httpd security update
2011-10-13 00:00:00
oraclelinux
oraclelinux
httpd security and bug fix update
2011-10-20 00:00:00
httpd security update
2011-08-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTPD mod_proxy_ajp Denial Of Service (CVE-2011-3348)
2014-11-12 00:00:00
Preemptive Protection against Apache HTTPD mod_proxy_ajp Denial of Service (CVE-2011-3348)
2011-12-06 00:00:00
Apache HTTPD Ranges Header Field Denial of Service (CVE-2011-3192)
2011-09-14 00:00:00
seebug
seebug
Apache HTTP Server mod_proxy_ajp拒绝服务漏洞
2011-09-18 00:00:00
Apache Range Header Denial Of Service
2011-12-09 00:00:00
Apache HTTP Server Denial of Service
2014-07-01 00:00:00
httpd
httpd
Apache Httpd < 2.2.21 : mod_proxy_ajp remote DoS
2011-09-07 00:00:00
Apache Httpd < 2.2.20 : Range header remote DoS
2011-08-20 00:00:00
Apache Httpd < 2.0.65 : Range header remote DoS
2011-08-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.21-alt1
2011-09-20 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.21-alt1
2011-09-20 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.21-alt1
2011-09-20 00:00:00
debiancve
debiancve
CVE-2011-3348
2011-09-20 05:55:00
CVE-2011-3192
2011-08-29 15:55:00
prion
prion
Design/Logic Flaw
2011-09-20 05:55:00
Code injection
2011-08-29 15:55:00
Race condition
2023-09-08 03:15:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:06
Denial Of Service (DoS)
2020-04-10 01:02:22
debian
debian
[BSA-058] Security Update for apache2
2011-11-14 04:20:22
[BSA-049] Security Update for apache2
2011-09-06 02:06:51
[SECURITY] [DSA 2298-2] apache2 regression fix
2011-09-05 19:20:44
ubuntucve
ubuntucve
CVE-2011-3348
2011-09-20 00:00:00
CVE-2011-3192
2011-08-29 00:00:00
cve
cve
f5
f5
K13114 : Apache Range header vulnerability - CVE-2011-3192
2013-09-12 00:00:00
SOL13114 - Apache Range header vulnerability - CVE-2011-3192
2011-10-06 00:00:00
amazon
amazon
Medium: httpd
2011-09-27 22:46:00
Medium: httpd
2011-10-31 18:19:00
hackerone
hackerone
ownCloud: Apache Range Header Denial of Service Attack (Confirmed PoC)
2015-09-14 22:55:12
Gratipay: grtp.co is vulnerable to http-vuln-cve2011-3192
2016-01-25 13:01:41
U.S. Dept Of Defense: Out-of-date Version (Apache)
2016-11-24 15:09:27
ibm
ibm
cert
cert
Apache HTTPD 1.3/2.x Range header DoS vulnerability
2011-08-26 00:00:00
exploitpack
exploitpack
Apache - Denial of Service
2011-12-09 00:00:00
freebsd
freebsd
apache -- Range header DoS vulnerability
2011-08-24 00:00:00
packetstorm
packetstorm
Obehotel CMS Denial Of Service / SQL Injection
2013-08-26 00:00:00
Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
2013-10-07 00:00:00
ProtonMail.ch Header Injection / CSRF
2014-05-30 00:00:00
checkpoint_security
checkpoint_security
cisa
cisa
Oracle Releases Security Alert for Oracle HTTP Server Products
2011-09-19 00:00:00
zdt
zdt
Obehotel CMS SQL Injection Vulnerability
2013-08-27 00:00:00
centos
centos
httpd, mod_ssl security update
2011-09-01 11:41:08
httpd, mod_ssl security update
2011-10-20 21:19:56
ubuntu
ubuntu
Apache vulnerability
2011-09-01 00:00:00
Apache vulnerabilities
2011-11-11 00:00:00
osv
osv
apache2 - denial of service
2011-09-05 00:00:00
jvn
jvn
JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)
2014-10-16 00:00:00
nmap
nmap
http-vuln-cve2011-3192 NSE Script
2011-08-29 21:42:57
attackerkb
attackerkb
CVE-2011-3192
2011-08-29 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
kaspersky
kaspersky
KLA10065 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00