{"id": "RHSA-2007:0746", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:0746) Moderate: httpd security, bug fix, and enhancement update", "description": "The Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites where\na reverse proxy is configured, a remote attacker could send a carefully\ncrafted request that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an attacker\ncould cause a similar crash if a user could be persuaded to visit a\nmalicious site using the proxy. This could lead to a denial of service if\nusing a threaded Multi-Processing Module. (CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs:\n\n* Set-Cookie headers with a status code of 3xx are not forwarded to\nclients when the \"ProxyErrorOverride\" directive is enabled. These\nresponses are overridden at the proxy. Only the responses with status\ncodes of 4xx and 5xx are overridden in these updated packages.\n\n* the default \"/etc/logrotate.d/httpd\" script incorrectly invoked the kill\ncommand, instead of using the \"/sbin/service httpd restart\" command. If you\nconfigured the httpd PID to be in a location other than\n\"/var/run/httpd.pid\", the httpd logs failed to be rotated. This has been\nresolved in these updated packages.\n\n* the \"ProxyTimeout\" directive was not inherited across virtual host\ndefinitions.\n\n* the logresolve utility was unable to read lines longer the 1024 bytes.\n\nThis update adds the following enhancements:\n\n* a new configuration option has been added, \"ServerTokens Full-Release\",\nwhich adds the package release to the server version string, which is\nreturned in the \"Server\" response header.\n\n* a new module has been added, mod_version, which allows configuration\nfiles to be written containing sections, which are evaluated only if the\nversion of httpd used matches a specified condition.\n\nUsers of httpd are advised to upgrade to these updated packages, which\nresolve these issues and add these enhancements.", "published": "2007-11-07T05:00:00", "modified": "2017-09-08T11:55:50", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2007:0746", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-3847"], "lastseen": "2019-08-13T18:47:13", "viewCount": 3, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2019-08-13T18:47:13", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3847"]}, {"type": "httpd", "idList": ["HTTPD:FF19B3CFFB4CA058088B408ABE97CFC2", "HTTPD:B3EEAE0966FD4791ECF0BE8321DEE1A1", "HTTPD:E70448558565C41C8B5E18BEFF066AAF"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231060387", "OPENVAS:1361412562310835080", "OPENVAS:861345", "OPENVAS:58804", "OPENVAS:830196", "OPENVAS:60387", "OPENVAS:1361412562310122642", "OPENVAS:835080", "OPENVAS:1361412562310830196", "OPENVAS:880256"]}, {"type": "osvdb", "idList": ["OSVDB:37051"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2007-0746.NASL", "APACHE_1_3_41.NASL", "CENTOS_RHSA-2007-0747.NASL", "FEDORA_2007-707.NASL", "REDHAT-RHSA-2007-0747.NASL", "MANDRAKE_MDKSA-2007-235.NASL", "SLACKWARE_SSA_2008-045-02.NASL", "SL_20071109_HTTPD_ON_SL5.NASL", "SL_20071115_HTTPD_ON_SL4_X.NASL", "REDHAT-RHSA-2008-0005.NASL"]}, {"type": "redhat", "idList": ["RHSA-2007:0747", "RHSA-2007:0911", "RHSA-2008:0005"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19937", "SECURITYVULNS:DOC:18002", "SECURITYVULNS:VULN:8155", "SECURITYVULNS:VULN:13214"]}, {"type": "centos", "idList": ["CESA-2007:0747", "CESA-2008:0005"]}, {"type": "fedora", "idList": ["FEDORA:L8J2ROS5020550", "FEDORA:L8OKTM4T022913"]}, {"type": "slackware", "idList": ["SSA-2008-045-02"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0747", "ELSA-2008-0005", "ELSA-2007-0746"]}, {"type": "freebsd", "idList": ["C115271D-602B-11DC-898C-001921AB2FA4"]}, {"type": "suse", "idList": ["SUSE-SA:2007:061"]}, {"type": "gentoo", "idList": ["GLSA-200711-06"]}, {"type": "vmware", "idList": ["VMSA-2009-0010"]}, {"type": "ubuntu", "idList": ["USN-575-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUJULY2013-1899826"]}], "modified": "2019-08-13T18:47:13", "rev": 2}, "vulnersScore": 5.2}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "httpd", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-2.2.3-11.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc64", "packageName": "httpd-devel", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-devel-2.2.3-11.el5.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390", "packageName": "httpd-devel", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-devel-2.2.3-11.el5.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "mod_ssl", "packageVersion": "2.2.3-11.el5", "packageFilename": "mod_ssl-2.2.3-11.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "mod_ssl", "packageVersion": "2.2.3-11.el5", "packageFilename": "mod_ssl-2.2.3-11.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "src", "packageName": "httpd", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-2.2.3-11.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "httpd", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-2.2.3-11.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "mod_ssl", "packageVersion": "2.2.3-11.el5", "packageFilename": "mod_ssl-2.2.3-11.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "httpd-devel", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-devel-2.2.3-11.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "httpd-devel", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-devel-2.2.3-11.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "httpd-devel", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-devel-2.2.3-11.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "httpd-manual", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-manual-2.2.3-11.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "httpd", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-2.2.3-11.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "httpd-manual", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-manual-2.2.3-11.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "httpd", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-2.2.3-11.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "httpd-devel", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-devel-2.2.3-11.el5.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "httpd-manual", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-manual-2.2.3-11.el5.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "mod_ssl", "packageVersion": "2.2.3-11.el5", "packageFilename": "mod_ssl-2.2.3-11.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "httpd", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-2.2.3-11.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "httpd-devel", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-devel-2.2.3-11.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "httpd-manual", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-manual-2.2.3-11.el5.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "mod_ssl", "packageVersion": "2.2.3-11.el5", "packageFilename": "mod_ssl-2.2.3-11.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "httpd-manual", "packageVersion": "2.2.3-11.el5", "packageFilename": "httpd-manual-2.2.3-11.el5.x86_64.rpm", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T05:31:25", "description": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", "edition": 6, "cvss3": {}, "published": "2007-08-23T22:17:00", "title": "CVE-2007-3847", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3847"], "modified": "2018-10-15T21:31:00", "cpe": ["cpe:/a:apache:http_server:2.3.0"], "id": "CVE-2007-3847", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3847", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:*"]}], "httpd": [{"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "cvelist": ["CVE-2007-3847"], "description": "\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites where\na reverse proxy is configured, a remote attacker could send a carefully\ncrafted request that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an attacker\ncould cause a similar crash if a user could be persuaded to visit a\nmalicious site using the proxy. This could lead to a denial of service if\nusing a threaded Multi-Processing Module.", "edition": 1, "modified": "2007-09-07T00:00:00", "published": "2006-12-10T00:00:00", "id": "HTTPD:B3EEAE0966FD4791ECF0BE8321DEE1A1", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.2.6: mod_proxy crash", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T21:39:37", "bulletinFamily": "software", "cvelist": ["CVE-2007-3847"], "description": "\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites where\na reverse proxy is configured, a remote attacker could send a carefully\ncrafted request that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an attacker\ncould cause a similar crash if a user could be persuaded to visit a\nmalicious site using the proxy. This could lead to a denial of service if\nusing a threaded Multi-Processing Module.", "edition": 1, "modified": "2007-09-07T00:00:00", "published": "2006-12-10T00:00:00", "id": "HTTPD:E70448558565C41C8B5E18BEFF066AAF", "href": "https://httpd.apache.org/security_report.html", "type": "httpd", "title": "Apache Httpd < 2.0.61: mod_proxy crash", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-12-24T14:26:51", "bulletinFamily": "software", "cvelist": ["CVE-2007-3847"], "description": "\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites where\na reverse proxy is configured, a remote attacker could send a carefully\ncrafted request that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an attacker\ncould cause a similar crash if a user could be persuaded to visit a\nmalicious site using the proxy. This could lead to a denial of service if\nusing a threaded Multi-Processing Module.", "edition": 5, "modified": "2006-12-10T00:00:00", "published": "2006-12-10T00:00:00", "id": "HTTPD:FF19B3CFFB4CA058088B408ABE97CFC2", "href": "https://httpd.apache.org/security_report.html", "title": "Apache Httpd < None: mod_proxy crash", "type": "httpd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:25:11", "description": "Updated httpd packages that fix a security issue, various bugs, and\nadd enhancements are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n* the default '/etc/logrotate.d/httpd' script incorrectly invoked the\nkill command, instead of using the '/sbin/service httpd restart'\ncommand. If you configured the httpd PID to be in a location other\nthan '/var/run/httpd.pid', the httpd logs failed to be rotated. This\nhas been resolved in these updated packages.\n\n* Set-Cookie headers with a status code of 3xx are not forwarded to\nclients when the 'ProxyErrorOverride' directive is enabled. These\nresponses are overridden at the proxy. Only the responses with status\ncodes of 4xx and 5xx are overridden in these updated packages.\n\n* mod_proxy did not correctly handle percent-encoded characters (ie\n%20) when configured as a reverse proxy.\n\n* invalid HTTP status codes could be logged if output filters returned\nerrors.\n\n* the 'ProxyTimeout' directive was not inherited across virtual host\ndefinitions.\n\n* in some cases the Content-Length header was dropped from HEAD\nresponses. This resulted in certain sites not working correctly with\nmod_proxy, such as www.windowsupdate.com.\n\nThis update adds the following enhancements :\n\n* a new configuration option has been added, 'ServerTokens\nFull-Release', which adds the package release to the server version\nstring, which is returned in the 'Server' response header.\n\n* a new module has been added, mod_version, which allows configuration\nfiles to be written containing sections, which are evaluated only if\nthe version of httpd used matches a specified condition.\n\nUsers of httpd are advised to upgrade to these updated packages, which\nresolve these issues and add these enhancements.", "edition": 26, "published": "2013-06-29T00:00:00", "title": "CentOS 4 : httpd (CESA-2007:0747)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3847"], "modified": "2013-06-29T00:00:00", "cpe": ["p-cpe:/a:centos:centos:httpd-suexec", "p-cpe:/a:centos:centos:mod_ssl", "p-cpe:/a:centos:centos:httpd-manual", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:httpd", "p-cpe:/a:centos:centos:httpd-devel"], "id": "CENTOS_RHSA-2007-0747.NASL", "href": "https://www.tenable.com/plugins/nessus/67056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0747 and \n# CentOS Errata and Security Advisory 2007:0747 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67056);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-3847\");\n script_bugtraq_id(25489);\n script_xref(name:\"RHSA\", value:\"2007:0747\");\n\n script_name(english:\"CentOS 4 : httpd (CESA-2007:0747)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix a security issue, various bugs, and\nadd enhancements are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n* the default '/etc/logrotate.d/httpd' script incorrectly invoked the\nkill command, instead of using the '/sbin/service httpd restart'\ncommand. If you configured the httpd PID to be in a location other\nthan '/var/run/httpd.pid', the httpd logs failed to be rotated. This\nhas been resolved in these updated packages.\n\n* Set-Cookie headers with a status code of 3xx are not forwarded to\nclients when the 'ProxyErrorOverride' directive is enabled. These\nresponses are overridden at the proxy. Only the responses with status\ncodes of 4xx and 5xx are overridden in these updated packages.\n\n* mod_proxy did not correctly handle percent-encoded characters (ie\n%20) when configured as a reverse proxy.\n\n* invalid HTTP status codes could be logged if output filters returned\nerrors.\n\n* the 'ProxyTimeout' directive was not inherited across virtual host\ndefinitions.\n\n* in some cases the Content-Length header was dropped from HEAD\nresponses. This resulted in certain sites not working correctly with\nmod_proxy, such as www.windowsupdate.com.\n\nThis update adds the following enhancements :\n\n* a new configuration option has been added, 'ServerTokens\nFull-Release', which adds the package release to the server version\nstring, which is returned in the 'Server' response header.\n\n* a new module has been added, mod_version, which allows configuration\nfiles to be written containing sections, which are evaluated only if\nthe version of httpd used matches a specified condition.\n\nUsers of httpd are advised to upgrade to these updated packages, which\nresolve these issues and add these enhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-November/014456.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?13a2fa8b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"httpd-2.0.52-38.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"httpd-devel-2.0.52-38.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"httpd-manual-2.0.52-38.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"httpd-suexec-2.0.52-38.ent.centos4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"mod_ssl-2.0.52-38.ent.centos4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:52", "description": "Updated httpd packages that fix a security issue, various bugs, and\nadd enhancements are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n* the default '/etc/logrotate.d/httpd' script incorrectly invoked the\nkill command, instead of using the '/sbin/service httpd restart'\ncommand. If you configured the httpd PID to be in a location other\nthan '/var/run/httpd.pid', the httpd logs failed to be rotated. This\nhas been resolved in these updated packages.\n\n* Set-Cookie headers with a status code of 3xx are not forwarded to\nclients when the 'ProxyErrorOverride' directive is enabled. These\nresponses are overridden at the proxy. Only the responses with status\ncodes of 4xx and 5xx are overridden in these updated packages.\n\n* mod_proxy did not correctly handle percent-encoded characters (ie\n%20) when configured as a reverse proxy.\n\n* invalid HTTP status codes could be logged if output filters returned\nerrors.\n\n* the 'ProxyTimeout' directive was not inherited across virtual host\ndefinitions.\n\n* in some cases the Content-Length header was dropped from HEAD\nresponses. This resulted in certain sites not working correctly with\nmod_proxy, such as www.windowsupdate.com.\n\nThis update adds the following enhancements :\n\n* a new configuration option has been added, 'ServerTokens\nFull-Release', which adds the package release to the server version\nstring, which is returned in the 'Server' response header.\n\n* a new module has been added, mod_version, which allows configuration\nfiles to be written containing sections, which are evaluated only if\nthe version of httpd used matches a specified condition.\n\nUsers of httpd are advised to upgrade to these updated packages, which\nresolve these issues and add these enhancements.", "edition": 27, "published": "2007-11-16T00:00:00", "title": "RHEL 4 : httpd (RHSA-2007:0747)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3847"], "modified": "2007-11-16T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:httpd-suexec", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2007-0747.NASL", "href": "https://www.tenable.com/plugins/nessus/28240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0747. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28240);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3847\");\n script_bugtraq_id(25489);\n script_xref(name:\"RHSA\", value:\"2007:0747\");\n\n script_name(english:\"RHEL 4 : httpd (RHSA-2007:0747)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix a security issue, various bugs, and\nadd enhancements are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n* the default '/etc/logrotate.d/httpd' script incorrectly invoked the\nkill command, instead of using the '/sbin/service httpd restart'\ncommand. If you configured the httpd PID to be in a location other\nthan '/var/run/httpd.pid', the httpd logs failed to be rotated. This\nhas been resolved in these updated packages.\n\n* Set-Cookie headers with a status code of 3xx are not forwarded to\nclients when the 'ProxyErrorOverride' directive is enabled. These\nresponses are overridden at the proxy. Only the responses with status\ncodes of 4xx and 5xx are overridden in these updated packages.\n\n* mod_proxy did not correctly handle percent-encoded characters (ie\n%20) when configured as a reverse proxy.\n\n* invalid HTTP status codes could be logged if output filters returned\nerrors.\n\n* the 'ProxyTimeout' directive was not inherited across virtual host\ndefinitions.\n\n* in some cases the Content-Length header was dropped from HEAD\nresponses. This resulted in certain sites not working correctly with\nmod_proxy, such as www.windowsupdate.com.\n\nThis update adds the following enhancements :\n\n* a new configuration option has been added, 'ServerTokens\nFull-Release', which adds the package release to the server version\nstring, which is returned in the 'Server' response header.\n\n* a new module has been added, mod_version, which allows configuration\nfiles to be written containing sections, which are evaluated only if\nthe version of httpd used matches a specified condition.\n\nUsers of httpd are advised to upgrade to these updated packages, which\nresolve these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0747\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0747\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-2.0.52-38.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-devel-2.0.52-38.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-manual-2.0.52-38.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"httpd-suexec-2.0.52-38.ent\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"mod_ssl-2.0.52-38.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:43:48", "description": "A flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n - the default '/etc/logrotate.d/httpd' script incorrectly\n invoked the kill command, instead of using the\n '/sbin/service httpd restart' command. If you configured\n the httpd PID to be in a location other than\n '/var/run/httpd.pid', the httpd logs failed to be\n rotated. This has been resolved in these updated\n packages.\n\n - Set-Cookie headers with a status code of 3xx are not\n forwarded to clients when the 'ProxyErrorOverride'\n directive is enabled. These responses are overridden at\n the proxy. Only the responses with status codes of 4xx\n and 5xx are overridden in these updated packages.\n\n - mod_proxy did not correctly handle percent-encoded\n characters (ie %20) when configured as a reverse proxy.\n\n - invalid HTTP status codes could be logged if output\n filters returned errors.\n\n - the 'ProxyTimeout' directive was not inherited across\n virtual host definitions.\n\n - in some cases the Content-Length header was dropped from\n HEAD responses. This resulted in certain sites not\n working correctly with mod_proxy, such as\n www.windowsupdate.com.\n\nThis update adds the following enhancements :\n\n - a new configuration option has been added, 'ServerTokens\n Full-Release', which adds the package release to the\n server version string, which is returned in the 'Server'\n response header.\n\n - a new module has been added, mod_version, which allows\n configuration files to be written containing sections,\n which are evaluated only if the version of httpd used\n matches a specified condition.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : httpd on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3847"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20071115_HTTPD_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60302);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3847\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n - the default '/etc/logrotate.d/httpd' script incorrectly\n invoked the kill command, instead of using the\n '/sbin/service httpd restart' command. If you configured\n the httpd PID to be in a location other than\n '/var/run/httpd.pid', the httpd logs failed to be\n rotated. This has been resolved in these updated\n packages.\n\n - Set-Cookie headers with a status code of 3xx are not\n forwarded to clients when the 'ProxyErrorOverride'\n directive is enabled. These responses are overridden at\n the proxy. Only the responses with status codes of 4xx\n and 5xx are overridden in these updated packages.\n\n - mod_proxy did not correctly handle percent-encoded\n characters (ie %20) when configured as a reverse proxy.\n\n - invalid HTTP status codes could be logged if output\n filters returned errors.\n\n - the 'ProxyTimeout' directive was not inherited across\n virtual host definitions.\n\n - in some cases the Content-Length header was dropped from\n HEAD responses. This resulted in certain sites not\n working correctly with mod_proxy, such as\n www.windowsupdate.com.\n\nThis update adds the following enhancements :\n\n - a new configuration option has been added, 'ServerTokens\n Full-Release', which adds the package release to the\n server version string, which is returned in the 'Server'\n response header.\n\n - a new module has been added, mod_version, which allows\n configuration files to be written containing sections,\n which are evaluated only if the version of httpd used\n matches a specified condition.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=3848\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa95ae92\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"httpd-2.0.52-38.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-devel-2.0.52-38.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-manual-2.0.52-38.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"httpd-suexec-2.0.52-38.sl4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"mod_ssl-2.0.52-38.sl4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:43:47", "description": "Problem description :\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n - Set-Cookie headers with a status code of 3xx are not\n forwarded to clients when the 'ProxyErrorOverride'\n directive is enabled. These responses are overridden at\n the proxy. Only the responses with status codes of 4xx\n and 5xx are overridden in these updated packages.\n\n - the default '/etc/logrotate.d/httpd' script incorrectly\n invoked the kill command, instead of using the\n '/sbin/service httpd restart' command. If you configured\n the httpd PID to be in a location other than\n '/var/run/httpd.pid', the httpd logs failed to be\n rotated. This has been resolved in these updated\n packages.\n\n - the 'ProxyTimeout' directive was not inherited across\n virtual host definitions.\n\n - the logresolve utility was unable to read lines longer\n the 1024 bytes.\n\nThis update adds the following enhancements :\n\n - a new configuration option has been added, 'ServerTokens\n Full-Release', which adds the package release to the\n server version string, which is returned in the 'Server'\n response header.\n\n - a new module has been added, mod_version, which allows\n configuration files to be written containing sections,\n which are evaluated only if the version of httpd used\n matches a specified condition.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : httpd on SL5.x", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3847"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20071109_HTTPD_ON_SL5.NASL", "href": "https://www.tenable.com/plugins/nessus/60295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60295);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3847\");\n\n script_name(english:\"Scientific Linux Security Update : httpd on SL5.x\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Problem description :\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n - Set-Cookie headers with a status code of 3xx are not\n forwarded to clients when the 'ProxyErrorOverride'\n directive is enabled. These responses are overridden at\n the proxy. Only the responses with status codes of 4xx\n and 5xx are overridden in these updated packages.\n\n - the default '/etc/logrotate.d/httpd' script incorrectly\n invoked the kill command, instead of using the\n '/sbin/service httpd restart' command. If you configured\n the httpd PID to be in a location other than\n '/var/run/httpd.pid', the httpd logs failed to be\n rotated. This has been resolved in these updated\n packages.\n\n - the 'ProxyTimeout' directive was not inherited across\n virtual host definitions.\n\n - the logresolve utility was unable to read lines longer\n the 1024 bytes.\n\nThis update adds the following enhancements :\n\n - a new configuration option has been added, 'ServerTokens\n Full-Release', which adds the package release to the\n server version string, which is returned in the 'Server'\n response header.\n\n - a new module has been added, mod_version, which allows\n configuration files to be written containing sections,\n which are evaluated only if the version of httpd used\n matches a specified condition.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=1086\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d71bea5c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"httpd-2.2.3-11.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"x86_64\", reference:\"httpd-devel-2.2.3-11.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"httpd-manual-2.2.3-11.sl5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"mod_ssl-2.2.3-11.sl5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:52", "description": "Updated httpd packages that fix a security issue, fix various bugs,\nand add enhancements, are now available for Red Hat Enterprise Linux\n5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n* Set-Cookie headers with a status code of 3xx are not forwarded to\nclients when the 'ProxyErrorOverride' directive is enabled. These\nresponses are overridden at the proxy. Only the responses with status\ncodes of 4xx and 5xx are overridden in these updated packages.\n\n* the default '/etc/logrotate.d/httpd' script incorrectly invoked the\nkill command, instead of using the '/sbin/service httpd restart'\ncommand. If you configured the httpd PID to be in a location other\nthan '/var/run/httpd.pid', the httpd logs failed to be rotated. This\nhas been resolved in these updated packages.\n\n* the 'ProxyTimeout' directive was not inherited across virtual host\ndefinitions.\n\n* the logresolve utility was unable to read lines longer the 1024\nbytes.\n\nThis update adds the following enhancements :\n\n* a new configuration option has been added, 'ServerTokens\nFull-Release', which adds the package release to the server version\nstring, which is returned in the 'Server' response header.\n\n* a new module has been added, mod_version, which allows configuration\nfiles to be written containing sections, which are evaluated only if\nthe version of httpd used matches a specified condition.\n\nUsers of httpd are advised to upgrade to these updated packages, which\nresolve these issues and add these enhancements.", "edition": 29, "published": "2007-11-08T00:00:00", "title": "RHEL 5 : httpd (RHSA-2007:0746)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3847"], "modified": "2007-11-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:mod_ssl", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-manual", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2007-0746.NASL", "href": "https://www.tenable.com/plugins/nessus/27834", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0746. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27834);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3847\");\n script_bugtraq_id(25489);\n script_xref(name:\"RHSA\", value:\"2007:0746\");\n\n script_name(english:\"RHEL 5 : httpd (RHSA-2007:0746)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated httpd packages that fix a security issue, fix various bugs,\nand add enhancements, are now available for Red Hat Enterprise Linux\n5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular and freely-available Web server.\n\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites\nwhere a reverse proxy is configured, a remote attacker could send a\ncarefully crafted request that would cause the Apache child process\nhandling that request to crash. On sites where a forward proxy is\nconfigured, an attacker could cause a similar crash if a user could be\npersuaded to visit a malicious site using the proxy. This could lead\nto a denial of service if using a threaded Multi-Processing Module.\n(CVE-2007-3847)\n\nAs well, these updated packages fix the following bugs :\n\n* Set-Cookie headers with a status code of 3xx are not forwarded to\nclients when the 'ProxyErrorOverride' directive is enabled. These\nresponses are overridden at the proxy. Only the responses with status\ncodes of 4xx and 5xx are overridden in these updated packages.\n\n* the default '/etc/logrotate.d/httpd' script incorrectly invoked the\nkill command, instead of using the '/sbin/service httpd restart'\ncommand. If you configured the httpd PID to be in a location other\nthan '/var/run/httpd.pid', the httpd logs failed to be rotated. This\nhas been resolved in these updated packages.\n\n* the 'ProxyTimeout' directive was not inherited across virtual host\ndefinitions.\n\n* the logresolve utility was unable to read lines longer the 1024\nbytes.\n\nThis update adds the following enhancements :\n\n* a new configuration option has been added, 'ServerTokens\nFull-Release', which adds the package release to the server version\nstring, which is returned in the 'Server' response header.\n\n* a new module has been added, mod_version, which allows configuration\nfiles to be written containing sections, which are evaluated only if\nthe version of httpd used matches a specified condition.\n\nUsers of httpd are advised to upgrade to these updated packages, which\nresolve these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0746\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0746\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-2.2.3-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-2.2.3-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-2.2.3-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"httpd-devel-2.2.3-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"httpd-manual-2.2.3-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"httpd-manual-2.2.3-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"httpd-manual-2.2.3-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"mod_ssl-2.2.3-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"mod_ssl-2.2.3-11.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"mod_ssl-2.2.3-11.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / mod_ssl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:51:48", "description": "A flaw in the Apache mod_proxy module was found that could potentially\nlead to a denial of service is using a threaded Multi-Processing\nModule. On sites where a reverse proxy is configured, a remote\nattacker could send a special reequest that would cause the Apache\nchild process handling the request to crash. Likewise, a similar crash\ncould occur on sites with a forward proxy configured if a user could\nbe persuaded to visit a malicious site using the proxy\n(CVE-2007-3847).\n\nA flaw in the Apache mod_autoindex module was found. On sites where\ndirectory listings are used and the AddDefaultCharset directive was\nremoved from the configuration, a cross-site-scripting attack could be\npossible against browsers that to not correctly derive the response\ncharacter set according to the rules in RGC 2616 (CVE-2007-4465).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2007-12-04T00:00:00", "title": "Mandrake Linux Security Advisory : apache (MDKSA-2007:235)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4465", "CVE-2007-3847"], "modified": "2007-12-04T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:apache-mpm-worker", "p-cpe:/a:mandriva:linux:apache-mod_ssl", "p-cpe:/a:mandriva:linux:apache-mod_ldap", "p-cpe:/a:mandriva:linux:apache-mpm-event", "p-cpe:/a:mandriva:linux:apache-modules", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:apache-htcacheclean", "p-cpe:/a:mandriva:linux:apache-devel", "p-cpe:/a:mandriva:linux:apache-mod_dav", "p-cpe:/a:mandriva:linux:apache-mod_dbd", "p-cpe:/a:mandriva:linux:apache-mod_mem_cache", "p-cpe:/a:mandriva:linux:apache-mod_proxy", "p-cpe:/a:mandriva:linux:apache-mod_file_cache", "p-cpe:/a:mandriva:linux:apache-mod_authn_dbd", "p-cpe:/a:mandriva:linux:apache-source", "p-cpe:/a:mandriva:linux:apache-base", "p-cpe:/a:mandriva:linux:apache-mod_deflate", "p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp", "p-cpe:/a:mandriva:linux:apache-mod_disk_cache", "p-cpe:/a:mandriva:linux:apache-mpm-itk", "p-cpe:/a:mandriva:linux:apache-mpm-prefork", "p-cpe:/a:mandriva:linux:apache-mod_cache", "p-cpe:/a:mandriva:linux:apache-mod_userdir"], "id": "MANDRAKE_MDKSA-2007-235.NASL", "href": "https://www.tenable.com/plugins/nessus/29202", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:235. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29202);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_xref(name:\"MDKSA\", value:\"2007:235\");\n\n script_name(english:\"Mandrake Linux Security Advisory : apache (MDKSA-2007:235)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw in the Apache mod_proxy module was found that could potentially\nlead to a denial of service is using a threaded Multi-Processing\nModule. On sites where a reverse proxy is configured, a remote\nattacker could send a special reequest that would cause the Apache\nchild process handling the request to crash. Likewise, a similar crash\ncould occur on sites with a forward proxy configured if a user could\nbe persuaded to visit a malicious site using the proxy\n(CVE-2007-3847).\n\nA flaw in the Apache mod_autoindex module was found. On sites where\ndirectory listings are used and the AddDefaultCharset directive was\nremoved from the configuration, a cross-site-scripting attack could be\npossible against browsers that to not correctly derive the response\ncharacter set according to the rules in RGC 2616 (CVE-2007-4465).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-base-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-devel-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-htcacheclean-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_authn_dbd-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_cache-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_dav-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_dbd-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_deflate-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_disk_cache-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_file_cache-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_ldap-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_mem_cache-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_proxy-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_ssl-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mod_userdir-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-modules-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mpm-prefork-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-mpm-worker-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"apache-source-2.2.3-1.2mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-base-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-devel-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-htcacheclean-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_authn_dbd-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_cache-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_dav-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_dbd-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_deflate-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_disk_cache-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_file_cache-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_ldap-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_mem_cache-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_proxy-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_ssl-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mod_userdir-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-modules-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mpm-event-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mpm-itk-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mpm-prefork-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-mpm-worker-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"apache-source-2.2.4-6.3mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:16", "description": "This update includes the latest release of httpd, fixing two security\nissues.\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the AddDefaultCharset directive has been\nremoved from the configuration, a cross-site-scripting attack may be\npossible against browsers which do not correctly derive the response\ncharacter set following the rules in RFC 2616. (CVE-2007-4465)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-09-25T00:00:00", "title": "Fedora Core 6 : httpd-2.2.6-1.fc6 (2007-707)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4465", "CVE-2007-3847"], "modified": "2007-09-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:httpd", "p-cpe:/a:fedoraproject:fedora:httpd-devel", "cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:httpd-manual", "p-cpe:/a:fedoraproject:fedora:httpd-debuginfo", "p-cpe:/a:fedoraproject:fedora:mod_ssl"], "id": "FEDORA_2007-707.NASL", "href": "https://www.tenable.com/plugins/nessus/26114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-707.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26114);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_xref(name:\"FEDORA\", value:\"2007-707\");\n\n script_name(english:\"Fedora Core 6 : httpd-2.2.6-1.fc6 (2007-707)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest release of httpd, fixing two security\nissues.\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the AddDefaultCharset directive has been\nremoved from the configuration, a cross-site-scripting attack may be\npossible against browsers which do not correctly derive the response\ncharacter set following the rules in RFC 2616. (CVE-2007-4465)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-September/003878.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b4b4767\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"httpd-2.2.6-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"httpd-debuginfo-2.2.6-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"httpd-devel-2.2.6-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"httpd-manual-2.2.6-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"mod_ssl-2.2.6-1.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-debuginfo / httpd-devel / httpd-manual / mod_ssl\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T09:10:21", "description": "New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, 10.1, 10.2, and 11.0 to fix security issues. A new matching\nmod_ssl package is also provided.", "edition": 25, "published": "2008-02-18T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : apache (SSA:2008-045-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000"], "modified": "2008-02-18T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:10.2", "p-cpe:/a:slackware:slackware_linux:apache", "p-cpe:/a:slackware:slackware_linux:mod_ssl"], "id": "SLACKWARE_SSA_2008-045-02.NASL", "href": "https://www.tenable.com/plugins/nessus/31100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-045-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31100);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-5000\", \"CVE-2007-6388\");\n script_bugtraq_id(25489, 26838, 27237);\n script_xref(name:\"SSA\", value:\"2008-045-02\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : apache (SSA:2008-045-02)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, 10.1, 10.2, and 11.0 to fix security issues. A new matching\nmod_ssl package is also provided.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da8aba8e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"apache\", pkgver:\"1.3.41\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\nif (slackware_check(osver:\"8.1\", pkgname:\"mod_ssl\", pkgver:\"2.8.31_1.3.41\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"apache\", pkgver:\"1.3.41\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\nif (slackware_check(osver:\"9.0\", pkgname:\"mod_ssl\", pkgver:\"2.8.31_1.3.41\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"apache\", pkgver:\"1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\nif (slackware_check(osver:\"9.1\", pkgname:\"mod_ssl\", pkgver:\"2.8.31_1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"apache\", pkgver:\"1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\nif (slackware_check(osver:\"10.0\", pkgname:\"mod_ssl\", pkgver:\"2.8.31_1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"apache\", pkgver:\"1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"mod_ssl\", pkgver:\"2.8.31_1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"apache\", pkgver:\"1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"mod_ssl\", pkgver:\"2.8.31_1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"apache\", pkgver:\"1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\nif (slackware_check(osver:\"11.0\", pkgname:\"mod_ssl\", pkgver:\"2.8.31_1.3.41\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T01:22:56", "description": "According to its banner, the version of Apache 1.3.x running on the\nremote host is prior to 1.3.41. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service issue in mod_proxy when parsing\n date-related headers. (CVE-2007-3847)\n\n - A cross-site scripting issue involving mod_imap.\n (CVE-2007-5000).\n\n - A cross-site scripting issue in mod_status involving \n the refresh parameter. (CVE-2007-6388)\n\n - A cross-site scripting issue using UTF-7 encoding\n in mod_proxy_ftp exists because it does not \n define a charset. (CVE-2008-0005)\n\nNote that the remote web server may not actually be affected by these\nvulnerabilities. Nessus did not try to determine whether the affected\nmodules are in use or to check for the issues themselves.", "edition": 29, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2008-03-07T00:00:00", "title": "Apache 1.3.x < 1.3.41 Multiple Vulnerabilities (DoS, XSS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0005", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:apache:http_server"], "id": "APACHE_1_3_41.NASL", "href": "https://www.tenable.com/plugins/nessus/31408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31408);\n script_version(\"1.30\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2007-3847\",\"CVE-2007-5000\",\"CVE-2007-6388\",\"CVE-2008-0005\");\n script_bugtraq_id(25489, 26838, 27234, 27237);\n\n script_name(english:\"Apache 1.3.x < 1.3.41 Multiple Vulnerabilities (DoS, XSS)\");\n script_summary(english:\"Checks version in Server response header.\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server may be affected by several issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apache 1.3.x running on the\nremote host is prior to 1.3.41. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A denial of service issue in mod_proxy when parsing\n date-related headers. (CVE-2007-3847)\n\n - A cross-site scripting issue involving mod_imap.\n (CVE-2007-5000).\n\n - A cross-site scripting issue in mod_status involving \n the refresh parameter. (CVE-2007-6388)\n\n - A cross-site scripting issue using UTF-7 encoding\n in mod_proxy_ftp exists because it does not \n define a charset. (CVE-2008-0005)\n\nNote that the remote web server may not actually be affected by these\nvulnerabilities. Nessus did not try to determine whether the affected\nmodules are in use or to check for the issues themselves.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/archive/1/486167/100/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://archive.apache.org/dist/httpd/CHANGES_1.3.41\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache version 1.3.41 or later. Alternatively, ensure that\nthe affected modules are not in use.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:http_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\n# Check if we could get a version first, then check if it was\n# backported\nversion = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\n\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\nsource = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);\n\nif (report_paranoia < 2)\n{\n if (!empty_or_null(install[\"modules\"]) && \"mod_status\" >!< install[\"modules\"] &&\n \"mod_proxy\" >!< install[\"modules\"] && \"mod_proxy_ftp\" >!< install[\"modules\"] &&\n \"mod_imap\" >!< install[\"modules\"])\n {\n exit(0, \"The affected modules do not appear to be installed on the Apache server on port \"+port+\".\");\n }\n}\n\n# Check if the version looks like either ServerTokesn Major/Minor\n# was used\nif (version =~ '^1(\\\\.3)?$') exit(1, \"The banner from the Apache server listening on port \"+port+\" - \"+source+\" - is not granular enough to make a determination.\");\n\nif (version !~ \"^\\d+(\\.\\d+)*$\") exit(1, \"The version of Apache listening on port \" + port + \" - \" + version + \" - is non-numeric and, therefore, cannot be used to make a determination.\");\nif (version =~ '^1\\\\.3' && ver_compare(ver:version, fix:'1.3.40') == -1)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n if (report_verbosity > 0)\n {\n report = \n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 1.3.40\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"Apache\", port, install[\"version\"]);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:57", "description": "Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which\ndid not correctly derive the response character set following the\nrules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.", "edition": 28, "published": "2008-01-15T00:00:00", "title": "RHEL 3 : httpd (RHSA-2008:0005)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4465", "CVE-2008-0005", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000"], "modified": "2008-01-15T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:mod_ssl", "p-cpe:/a:redhat:enterprise_linux:httpd", "p-cpe:/a:redhat:enterprise_linux:httpd-devel"], "id": "REDHAT-RHSA-2008-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/29975", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0005. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29975);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_bugtraq_id(25489, 25653, 26838, 27234, 27237);\n script_xref(name:\"RHSA\", value:\"2008:0005\");\n\n script_name(english:\"RHEL 3 : httpd (RHSA-2008:0005)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated Apache httpd packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server.\n\nA flaw was found in the mod_imap module. On sites where mod_imap was\nenabled and an imagemap file was publicly available, a cross-site\nscripting attack was possible. (CVE-2007-5000)\n\nA flaw was found in the mod_autoindex module. On sites where directory\nlistings are used, and the 'AddDefaultCharset' directive has been\nremoved from the configuration, a cross-site scripting attack was\npossible against Web browsers which did not correctly derive the\nresponse character set following the rules in RFC 2616.\n(CVE-2007-4465)\n\nA flaw was found in the mod_proxy module. On sites where a reverse\nproxy is configured, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that\nrequest to crash. On sites where a forward proxy is configured, an\nattacker could cause a similar crash if a user could be persuaded to\nvisit a malicious site using the proxy. This could lead to a denial of\nservice if using a threaded Multi-Processing Module. (CVE-2007-3847)\n\nA flaw was found in the mod_status module. On sites where mod_status\nwas enabled and the status pages were publicly available, a cross-site\nscripting attack was possible. (CVE-2007-6388)\n\nA flaw was found in the mod_proxy_ftp module. On sites where\nmod_proxy_ftp was enabled and a forward proxy was configured, a\ncross-site scripting attack was possible against Web browsers which\ndid not correctly derive the response character set following the\nrules in RFC 2616. (CVE-2008-0005)\n\nUsers of Apache httpd should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Users should\nrestart httpd after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0005\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd, httpd-devel and / or mod_ssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0005\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-2.0.46-70.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"httpd-devel-2.0.46-70.ent\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"mod_ssl-2.0.46-70.ent\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / mod_ssl\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3847"], "description": "Oracle Linux Local Security Checks ELSA-2007-0746", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122642", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0746", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0746.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122642\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:50:00 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0746\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0746 - httpd security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0746\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0746.html\");\n script_cve_id(\"CVE-2007-3847\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.3~11.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.2.3~11.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"httpd-manual\", rpm:\"httpd-manual~2.2.3~11.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.2.3~11.el5.0.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:57:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3304", "CVE-2007-3847"], "description": "Check for the Version of Apache", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835080", "href": "http://plugins.openvas.org/nasl.php?oid=835080", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX02273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX02273\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote unauthorized Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX Apache \n v2.0.59.00. The vulnerability could be exploited remotely to create an \n unauthorized Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01182588-5\");\n script_id(835080);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02273\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-3304\");\n script_name( \"HP-UX Update for Apache HPSBUX02273\");\n\n script_summary(\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00.0\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00.0\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.59.00.0\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00.0\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4465", "CVE-2007-3847"], "description": "Check for the Version of httpd", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861345", "href": "http://plugins.openvas.org/nasl.php?oid=861345", "type": "openvas", "title": "Fedora Update for httpd FEDORA-2007-707", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for httpd FEDORA-2007-707\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"httpd on Fedora Core 6\";\ntag_insight = \"The Apache HTTP Server is a powerful, efficient, and extensible\n web server.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html\");\n script_id(861345);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-707\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_name( \"Fedora Update for httpd FEDORA-2007-707\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/httpd-debuginfo\", rpm:\"x86_64/debug/httpd-debuginfo~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/httpd-manual\", rpm:\"x86_64/httpd-manual~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/httpd-devel\", rpm:\"x86_64/httpd-devel~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/mod_ssl\", rpm:\"x86_64/mod_ssl~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/httpd\", rpm:\"x86_64/httpd~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/httpd-manual\", rpm:\"i386/httpd-manual~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/httpd-debuginfo\", rpm:\"i386/debug/httpd-debuginfo~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/httpd-devel\", rpm:\"i386/httpd-devel~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/mod_ssl\", rpm:\"i386/mod_ssl~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/httpd\", rpm:\"i386/httpd~2.2.6~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3304", "CVE-2007-3847"], "description": "Check for the Version of Apache", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835080", "type": "openvas", "title": "HP-UX Update for Apache HPSBUX02273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Apache HPSBUX02273\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote unauthorized Denial of Service (DoS)\";\ntag_affected = \"Apache on\n HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00\";\ntag_insight = \"A potential security vulnerability has been identified with HP-UX Apache \n v2.0.59.00. The vulnerability could be exploited remotely to create an \n unauthorized Denial of Service (DoS).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01182588-5\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835080\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"HPSBUX\", value: \"02273\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-3304\");\n script_name( \"HP-UX Update for Apache HPSBUX02273\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00.0\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00.0\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"A.2.0.59.00.0\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"hpuxwsAPACHE\", revision:\"B.2.0.59.00.0\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4465", "CVE-2007-3847"], "description": "Check for the Version of apache", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830196", "type": "openvas", "title": "Mandriva Update for apache MDKSA-2007:235 (apache)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDKSA-2007:235 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in the Apache mod_proxy module was found that could potentially\n lead to a denial of service is using a threaded Multi-Processing\n Module. On sites where a reverse proxy is configured, a remote\n attacker could send a special reequest that would cause the Apache\n child process handling the request to crash. Likewise, a similar crash\n could occur on sites with a forward proxy configured if a user could\n be persuaded to visit a malicious site using the proxy (CVE-2007-3847).\n\n A flaw in the Apache mod_autoindex module was found. On sites where\n directory listings are used and the AddDefaultCharset directive was\n removed from the configuration, a cross-site-scripting attack could\n be possible against browsers that to not correctly derive the response\n character set according to the rules in RGC 2616 (CVE-2007-4465).\n \n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"apache on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00002.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830196\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:235\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_name( \"Mandriva Update for apache MDKSA-2007:235 (apache)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4465", "CVE-2007-3847"], "description": "Check for the Version of apache", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830196", "href": "http://plugins.openvas.org/nasl.php?oid=830196", "type": "openvas", "title": "Mandriva Update for apache MDKSA-2007:235 (apache)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for apache MDKSA-2007:235 (apache)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A flaw in the Apache mod_proxy module was found that could potentially\n lead to a denial of service is using a threaded Multi-Processing\n Module. On sites where a reverse proxy is configured, a remote\n attacker could send a special reequest that would cause the Apache\n child process handling the request to crash. Likewise, a similar crash\n could occur on sites with a forward proxy configured if a user could\n be persuaded to visit a malicious site using the proxy (CVE-2007-3847).\n\n A flaw in the Apache mod_autoindex module was found. On sites where\n directory listings are used and the AddDefaultCharset directive was\n removed from the configuration, a cross-site-scripting attack could\n be possible against browsers that to not correctly derive the response\n character set according to the rules in RGC 2616 (CVE-2007-4465).\n \n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"apache on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-12/msg00002.php\");\n script_id(830196);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:00:25 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDKSA\", value: \"2007:235\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\");\n script_name( \"Mandriva Update for apache MDKSA-2007:235 (apache)\");\n\n script_summary(\"Check for the Version of apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-event\", rpm:\"apache-mpm-event~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-itk\", rpm:\"apache-mpm-itk~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.4~6.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-base\", rpm:\"apache-base~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-devel\", rpm:\"apache-devel~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-htcacheclean\", rpm:\"apache-htcacheclean~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_authn_dbd\", rpm:\"apache-mod_authn_dbd~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_cache\", rpm:\"apache-mod_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dav\", rpm:\"apache-mod_dav~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_dbd\", rpm:\"apache-mod_dbd~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_deflate\", rpm:\"apache-mod_deflate~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_disk_cache\", rpm:\"apache-mod_disk_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_file_cache\", rpm:\"apache-mod_file_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ldap\", rpm:\"apache-mod_ldap~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_mem_cache\", rpm:\"apache-mod_mem_cache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy\", rpm:\"apache-mod_proxy~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_proxy_ajp\", rpm:\"apache-mod_proxy_ajp~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_ssl\", rpm:\"apache-mod_ssl~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mod_userdir\", rpm:\"apache-mod_userdir~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-modules\", rpm:\"apache-modules~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-prefork\", rpm:\"apache-mpm-prefork~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-mpm-worker\", rpm:\"apache-mpm-worker~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache-source\", rpm:\"apache-source~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"apache\", rpm:\"apache~2.2.3~1.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-045-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:60387", "href": "http://plugins.openvas.org/nasl.php?oid=60387", "type": "openvas", "title": "Slackware Advisory SSA:2008-045-02 apache", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_045_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, 10.1, 10.2, and 11.0 to fix security issues.\n\nA new matching mod_ssl package is also provided.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-045-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-045-02\";\n \nif(description)\n{\n script_id(60387);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2007-6388\", \"CVE-2007-5000\", \"CVE-2007-3847\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2008-045-02 apache \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-045-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231060387", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231060387", "type": "openvas", "title": "Slackware Advisory SSA:2008-045-02 apache", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_045_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.60387\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2007-6388\", \"CVE-2007-5000\", \"CVE-2007-3847\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2008-045-02 apache\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-045-02\");\n\n script_tag(name:\"insight\", value:\"New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, 10.1, 10.2, and 11.0 to fix security issues.\n\nA new matching mod_ssl package is also provided.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2008-045-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"apache\", ver:\"1.3.41-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mod_ssl\", ver:\"2.8.31_1.3.41-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3304", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-1863"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-15T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58804", "href": "http://plugins.openvas.org/nasl.php?oid=58804", "type": "openvas", "title": "FreeBSD Ports: apache", "sourceData": "#\n#VID c115271d-602b-11dc-898c-001921ab2fa4\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: apache\n\n=====\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(58804);\n script_version(\"$Revision: 4075 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-15 15:13:05 +0200 (Thu, 15 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-1863\", \"CVE-2006-5752\", \"CVE-2007-3304\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: apache\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"apache\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.2.0\")>0 && revcomp(a:bver, b:\"2.2.6\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.0\")>0 && revcomp(a:bver, b:\"2.0.61\")<0) {\n txt += 'Package apache version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4465", "CVE-2008-0005", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000"], "description": "Check for the Version of httpd", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870081", "href": "http://plugins.openvas.org/nasl.php?oid=870081", "type": "openvas", "title": "RedHat Update for httpd RHSA-2008:0005-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for httpd RHSA-2008:0005-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Apache HTTP Server is a popular Web server.\n\n A flaw was found in the mod_imap module. On sites where mod_imap was\n enabled and an imagemap file was publicly available, a cross-site scripting\n attack was possible. (CVE-2007-5000)\n \n A flaw was found in the mod_autoindex module. On sites where directory\n listings are used, and the &quot;AddDefaultCharset&quot; directive has been removed\n from the configuration, a cross-site scripting attack was possible against\n Web browsers which did not correctly derive the response character set\n following the rules in RFC 2616. (CVE-2007-4465)\n \n A flaw was found in the mod_proxy module. On sites where a reverse proxy is\n configured, a remote attacker could send a carefully crafted request that\n would cause the Apache child process handling that request to crash. On\n sites where a forward proxy is configured, an attacker could cause a\n similar crash if a user could be persuaded to visit a malicious site using\n the proxy. This could lead to a denial of service if using a threaded\n Multi-Processing Module. (CVE-2007-3847) \n \n A flaw was found in the mod_status module. On sites where mod_status was\n enabled and the status pages were publicly available, a cross-site\n scripting attack was possible. (CVE-2007-6388)\n \n A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\n was enabled and a forward proxy was configured, a cross-site scripting\n attack was possible against Web browsers which did not correctly derive the\n response character set following the rules in RFC 2616. (CVE-2008-0005)\n \n Users of Apache httpd should upgrade to these updated packages, which\n contain backported patches to resolve these issues. Users should restart\n httpd after installing this update.\";\n\ntag_affected = \"httpd on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-January/msg00006.html\");\n script_id(870081);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0005-01\");\n script_cve_id(\"CVE-2007-3847\", \"CVE-2007-4465\", \"CVE-2007-5000\", \"CVE-2007-6388\", \"CVE-2008-0005\");\n script_name( \"RedHat Update for httpd RHSA-2008:0005-01\");\n\n script_summary(\"Check for the Version of httpd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"httpd\", rpm:\"httpd~2.0.46~70.ent\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-debuginfo\", rpm:\"httpd-debuginfo~2.0.46~70.ent\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"httpd-devel\", rpm:\"httpd-devel~2.0.46~70.ent\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_ssl\", rpm:\"mod_ssl~2.0.46~70.ent\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3847"], "description": "The Apache HTTP Server is a popular and freely-available Web server.\r\n\r\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites where\r\na reverse proxy is configured, a remote attacker could send a carefully\r\ncrafted request that would cause the Apache child process handling that\r\nrequest to crash. On sites where a forward proxy is configured, an attacker\r\ncould cause a similar crash if a user could be persuaded to visit a\r\nmalicious site using the proxy. This could lead to a denial of service if\r\nusing a threaded Multi-Processing Module. (CVE-2007-3847)\r\n\r\nAs well, these updated packages fix the following bugs:\r\n\r\n* the default \"/etc/logrotate.d/httpd\" script incorrectly invoked the kill\r\ncommand, instead of using the \"/sbin/service httpd restart\" command. If you\r\nconfigured the httpd PID to be in a location other than\r\n\"/var/run/httpd.pid\", the httpd logs failed to be rotated. This has been\r\nresolved in these updated packages.\r\n\r\n* Set-Cookie headers with a status code of 3xx are not forwarded to\r\nclients when the \"ProxyErrorOverride\" directive is enabled. These\r\nresponses are overridden at the proxy. Only the responses with status\r\ncodes of 4xx and 5xx are overridden in these updated packages.\r\n\r\n* mod_proxy did not correctly handle percent-encoded characters (ie %20)\r\nwhen configured as a reverse proxy.\r\n\r\n* invalid HTTP status codes could be logged if output filters returned\r\nerrors.\r\n\r\n* the \"ProxyTimeout\" directive was not inherited across virtual host\r\ndefinitions.\r\n\r\n* in some cases the Content-Length header was dropped from HEAD responses.\r\nThis resulted in certain sites not working correctly with mod_proxy, such\r\nas www.windowsupdate.com.\r\n\r\nThis update adds the following enhancements:\r\n\r\n* a new configuration option has been added, \"ServerTokens Full-Release\",\r\nwhich adds the package release to the server version string, which is\r\nreturned in the \"Server\" response header.\r\n\r\n* a new module has been added, mod_version, which allows configuration\r\nfiles to be written containing sections, which are evaluated only if the\r\nversion of httpd used matches a specified condition.\r\n\r\nUsers of httpd are advised to upgrade to these updated packages, which\r\nresolve these issues and add these enhancements.", "modified": "2017-09-08T11:50:18", "published": "2007-11-15T05:00:00", "id": "RHSA-2007:0747", "href": "https://access.redhat.com/errata/RHSA-2007:0747", "type": "redhat", "title": "(RHSA-2007:0747) Moderate: httpd security, bug fix, and enhancement update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:55", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3847", "CVE-2007-4465"], "description": "The Apache HTTP Server is a popular and freely-available Web server.\r\n\r\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites where\r\na reverse proxy is configured, a remote attacker could send a carefully\r\ncrafted request that would cause the Apache child process handling that\r\nrequest to crash. On sites where a forward proxy is configured, an attacker\r\ncould cause a similar crash if a user could be persuaded to visit a\r\nmalicious site using the proxy. This could lead to a denial of service if\r\nusing a threaded Multi-Processing Module. (CVE-2007-3847)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the AddDefaultCharset directive has been removed\r\nfrom the configuration, a cross-site-scripting attack may be possible\r\nagainst browsers which do not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nUsers of httpd should upgrade to these updated packages which contain\r\nbackported patches to correct these issues.", "modified": "2019-03-22T23:44:11", "published": "2007-10-25T04:00:00", "id": "RHSA-2007:0911", "href": "https://access.redhat.com/errata/RHSA-2007:0911", "type": "redhat", "title": "(RHSA-2007:0911) Moderate: httpd security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:31", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3847", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-6388", "CVE-2008-0005"], "description": "The Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imap module. On sites where mod_imap was\r\nenabled and an imagemap file was publicly available, a cross-site scripting\r\nattack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack was possible against\r\nWeb browsers which did not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_proxy module. On sites where a reverse proxy is\r\nconfigured, a remote attacker could send a carefully crafted request that\r\nwould cause the Apache child process handling that request to crash. On\r\nsites where a forward proxy is configured, an attacker could cause a\r\nsimilar crash if a user could be persuaded to visit a malicious site using\r\nthe proxy. This could lead to a denial of service if using a threaded\r\nMulti-Processing Module. (CVE-2007-3847) \r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which did not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache httpd should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues. Users should restart\r\nhttpd after installing this update.", "modified": "2017-07-28T18:43:24", "published": "2008-01-15T05:00:00", "id": "RHSA-2008:0005", "href": "https://access.redhat.com/errata/RHSA-2008:0005", "type": "redhat", "title": "(RHSA-2008:0005) Moderate: httpd security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-3847"], "description": "Buffer overread on server ersponse parsing.", "edition": 1, "modified": "2007-09-14T00:00:00", "published": "2007-09-14T00:00:00", "id": "SECURITYVULNS:VULN:8155", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8155", "title": "Apache mod_proxy denial of service", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:23", "bulletinFamily": "software", "cvelist": ["CVE-2007-3304", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-1863"], "description": "rPath Security Advisory: 2007-0182-1\r\nPublished: 2007-09-14\r\nProducts: rPath Linux 1\r\nRating: Severe\r\nExposure Level Classification:\r\n Remote System User Deterministic Denial of Service\r\nUpdated Versions:\r\n httpd=/conary.rpath.com@rpl:devel//1-devel/2.0.61-0.1-1\r\n mod_ssl=/conary.rpath.com@rpl:devel//1-devel/2.0.61-0.1-1\r\n\r\nReferences:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\r\n https://issues.rpath.com/browse/RPL-1710\r\n\r\nDescription:\r\n Previous versions of the httpd package are vulnerable to multiple\r\n Denial of Service attacks, one of which allows a remote attacker\r\n to crash mod_proxy using a maliciously crafted HTTP request.\r\n \r\n In its default configuration, rPath Linux 1 is not vulnerable to\r\n these attacks.\r\n \r\n Note that two additional vulnerabilities fixed in httpd 2.0.61,\r\n CVE-2007-1863 and CVE-2006-5752, were already fixed in a previous\r\n update to rPath Linux.\r\n\r\nCopyright 2007 rPath, Inc.\r\nThis file is distributed under the terms of the MIT License.\r\nA copy is available at http://www.rpath.com/permanent/mit-license.html\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "modified": "2007-09-14T00:00:00", "published": "2007-09-14T00:00:00", "id": "SECURITYVULNS:DOC:18002", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18002", "title": "[Full-disclosure] rPSA-2007-0182-1 httpd mod_ssl", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "description": " About the security content of Security Update 2008-003 / Mac OS X 10.5.3\r\n\r\n * Last Modified: May 28, 2008\r\n * Article: HT1897\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2008-003 / Mac OS X 10.5.3, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see &quot;How to use the Apple Product Security PGP Key.&quot;\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see &quot;Apple Security Updates.&quot;\r\nProducts Affected\r\n\r\nSecurity\r\nSecurity Update 2008-003 / Mac OS X v10.5.3\r\n\r\n * AFP Server\r\n\r\n CVE-ID: CVE-2008-1027\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Files that are not designated for sharing may be accessed remotely\r\n\r\n Description: AFP Server did not check that a file or directory to be served was inside a folder designated for sharing. A connected user or guest may access any files or folders for which they have permission, even if not contained in folders designated for sharing. This update addresses the issue by denying access to files and folders that are not inside a folder designated for sharing. Credit to Alex deVries and Robert Rich for reporting this issue.\r\n\r\n * Apache\r\n\r\n CVE-ID: CVE-2005-3352, CVE-2005-3357, CVE-2006-3747, CVE-2007-1863, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388\r\n\r\n Available for: Mac OS X Server v10.4.11\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.0.55\r\n\r\n Description: Apache is updated to version 2.0.63 to address several vulnerabilities, the most serious of which may lead to cross-site scripting. Further information is available via the Apache web site at http://httpd.apache.org. Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x. The issues that affected Apache 2.2.x were addressed in Security Update 2008-002 for Mac OS X v10.5.2 and Mac OS X Server v10.5.2.\r\n\r\n * AppKit\r\n\r\n CVE-ID: CVE-2008-1028\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Opening a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An implementation issue exists in AppKit&#39;s processing of document files. Opening a maliciously crafted file in an editor that uses AppKit, such as TextEdit, may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of document files. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Rosyna of Unsanity for reporting this issue.\r\n\r\n * Apple Pixlet Video\r\n\r\n CVE-ID: CVE-2008-1577\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the handling of files using the Pixlet codec. Opening a maliciously crafted movie file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n * ATS\r\n\r\n CVE-ID: CVE-2008-1575\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Printing a PDF document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the Apple Type Services server&#39;s handling of embedded fonts in PDF files. Printing a PDF document containing a maliciously crafted font may lead to arbitrary code execution. This update addresses the issue by performing additional validation of embedded fonts. This issue does not affect systems prior to Mac OS X v10.5. Credit to Melissa O&#39;Neill of Harvey Mudd College for reporting this issue.\r\n\r\n * CFNetwork\r\n\r\n CVE-ID: CVE-2008-1580\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information\r\n\r\n Description: An information disclosure issue exists in Safari&#39;s SSL client certificate handling. When a web server issues a client certificate request, the first client certificate found in the keychain is automatically sent, which may lead to the disclosure of the information contained in the certificate. This update addresses the issue by prompting the user before sending the certificate.\r\n\r\n * CoreFoundation\r\n\r\n CVE-ID: CVE-2008-1030\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Applications&#39; use of the CFData API in certain ways may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow in CoreFoundation&#39;s handling of CFData objects may result in a heap buffer overflow. An application calling CFDataReplaceBytes with an with invalid length argument may unexpectedly terminate or lead to arbitrary code execution. This update addresses the issue by performing additional validation of length parameters.\r\n\r\n * CoreGraphics\r\n\r\n CVE-ID: CVE-2008-1031\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized variable issue exists in CoreGraphics&#39; handling of PDF files. Opening a maliciously crafted PDF file may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through proper initialization of pointers.\r\n\r\n * CoreTypes\r\n\r\n CVE-ID: CVE-2008-1032\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Users are not warned before opening certain potentially unsafe content types\r\n\r\n Description: This update extends the system&#39;s list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system&#39;s ability to notify users before handling content types used by Automator, Help, Safari, and Terminal. On Mac OS X v10.4 this functionality is provided by the Download Validation feature. On Mac OS X v10.5 this functionality is provided by the Quarantine feature. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n * CUPS\r\n\r\n CVE-ID: CVE-2008-1033\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information\r\n\r\n Description: An issue exists in the CUPS scheduler&#39;s check of the authentication environment variables when debug logging is enabled. This may lead to the disclosure of the username, domain, and password when printing to a password-protected printer. This update addresses the issue by properly validating environment variables. This issue does not affect systems prior to Mac OS X v10.5 with Security Update 2008-002 installed.\r\n\r\n * Flash Player Plug-in\r\n\r\n CVE-ID: CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening maliciously crafted Flash content may lead to arbitrary code execution\r\n\r\n Description: Multiple issues exist in Adobe Flash Player Plug-in, the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 9.0.124.0. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb08-11.html\r\n\r\n * Help Viewer\r\n\r\n CVE-ID: CVE-2008-1034\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: A malicious help:topic URL may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in Help Viewer&#39;s handling of help:topic URLs may result in a buffer overflow. Accessing a malicious help:topic URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems running Mac OS X 10.5 or later. Credit to Paul Haddad of PTH Consulting for reporting this issue.\r\n\r\n * iCal\r\n\r\n CVE-ID: CVE-2008-1035\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A use-after-free issue exists in the iCal application&#39;s handling of iCalendar &#40;usually &quot;.ics&quot;&#41; files. Opening a maliciously crafted iCalendar file in iCal may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by improving reference counting in the affected code. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rodrigo Carvalho of Core Security Technologies for reporting this issue.\r\n\r\n * International Components for Unicode\r\n\r\n CVE-ID: CVE-2008-1036\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Visiting certain web sites may result in the disclosure of sensitive information\r\n\r\n Description: A conversion issue exists in ICU&#39;s handling of certain character encodings. Particular invalid character sequences may not appear in the converted output, and this can affect content filters. Visiting a maliciously crafted web site may lead to cross site scripting and the disclosure of sensitive information. This update addresses the issue by replacing invalid character sequences with a fallback character.\r\n\r\n * Image Capture\r\n\r\n CVE-ID: CVE-2008-1571\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Accessing a maliciously crafted URL may lead to information disclosure\r\n\r\n Description: A path traversal issue exists in Image Capture&#39;s embedded web server. This may lead to the disclosure of local files on the server system. This update addresses the issue through improved URL handling. This issue does not affect systems running Mac OS X v10.5 or later.\r\n\r\n * Image Capture\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1572\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: A local user may manipulate files with the privileges of another user running Image Capture\r\n\r\n Description: An insecure file operation exists in Image Capture&#39;s handling of temporary files. This could allow a local user to overwrite files with the privileges of another user running Image Capture, or to access the contents of images being resized. This update addresses the issue through improved handling of temporary files. This issue does not affect systems running Mac OS X v10.5 or later.\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1573\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Viewing a maliciously crafted BMP or GIF image may lead to information disclosure\r\n\r\n Description: An out-of-bounds memory read may occur in the BMP and GIF image decoding engine, which may lead to the disclosure of content in memory. This update addresses the issue by performing additional validation of BMP and GIF images. Credit to Gynvael Coldwind of Hispasec for reporting this issue.\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-5266, CVE-2007-5268, CVE-2007-5269\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.18\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.18, the most serious of which may lead to a remote denial of service. This update addresses the issue by updating to version 1.2.24. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n * ImageIO\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1574\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow in the handling of JPEG2000 image files may result in a heap buffer overflow. Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through additional validation of JPEG2000 images.\r\n\r\n * Kernel\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-0177\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may be able to cause to an unexpected system shutdown\r\n\r\n Description: An undetected failure condition exists in the handling of packets with an IPComp header. By sending a maliciously crafted packet to a system configured to use IPSec or IPv6, an attacker may cause an unexpected system shutdown. This update addresses the issue by properly detecting the failure condition.\r\n\r\n * Kernel\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-6359\r\n\r\n Available for: Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A local user may be able to cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference exists in the kernel&#39;s handling of code signatures in the cs_validate_page function. This may allow a local user to cause an unexpected system shutdown. This update addresses the issue by performing additional validation of code signatures. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n * LoginWindow\r\n\r\n \r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Managed Client preferences may not be applied\r\n\r\n Description: This update addresses a non-security issue introduced in Security Update 2007-004. Due to a race condition, LoginWindow may fail to apply certain preferences to fail on systems managed by Managed Client for Mac OS X &#40;MCX&#41;. This update addresses the issue by eliminating the race condition in the handling of managed preferences. This issue does not affect systems running Mac OS X v10.5.\r\n\r\n * Mail\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1576\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Sending mail through an SMTP server over IPv6 may lead to an unexpected application termination, information disclosure, or arbitrary code execution\r\n\r\n Description: An uninitialized buffer issue exists in Mail. When sending mail through an SMTP server over IPv6, Mail may use a buffer containing partially uninitialized memory, which could result in the disclosure of sensitive information to message recipients and mail server administrators. This could also potentially lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by properly initializing the variable. This issue does not affect systems running Mac OS X v10.5 or later. Credit to Derek Morr of The Pennsylvania State University for reporting this issue.\r\n\r\n * ruby\r\n\r\n \r\n\r\n CVE-ID: CVE-2007-6612\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may be able to read arbitrary files\r\n\r\n Description: Mongrel is updated to version 1.1.4 to address a directory traversal issue in DirHandler which may lead to the disclosure of sensitive information. Further information is available via the Mongrel web site at http://mongrel.rubyforge.org\r\n\r\n * Single Sign-On\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1578\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: Passwords supplied to sso_util are exposed to other local users\r\n\r\n Description: The sso_util command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users, administrators, and the KDC administration password. This update makes the password parameter optional, and sso_util will prompt for the password if needed. Credit to Geoff Franks of Hauptman Woodward Institute for reporting this issue.\r\n\r\n * Wiki Server\r\n\r\n \r\n\r\n CVE-ID: CVE-2008-1579\r\n\r\n Available for: Mac OS X Server v10.5 through v10.5.2\r\n\r\n Impact: A remote attacker may determine valid user names on servers with the Wiki Server enabled\r\n\r\n Description: An information disclosure issue exists in Wiki Server when a nonexistent blog is accessed. Using the information in the error message, an attacker may deduce the existence of local user names. This update addresses the issue through improved handling of error messages. This issue does not affect systems prior to Mac OS X v10.5. Credit to Don Rainwater of the University of Cincinnati for reporting this issue.\r\n\r\n \r\n\r\nImportant: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.", "edition": 1, "modified": "2008-05-30T00:00:00", "published": "2008-05-30T00:00:00", "id": "SECURITYVULNS:DOC:19937", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19937", "title": " About the security content of Security Update 2008-003 / Mac OS X 10.5.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-3769", "CVE-2013-3824", "CVE-2013-3774", "CVE-2013-3749", "CVE-2013-3819", "CVE-2013-3778", "CVE-2013-3788", "CVE-2013-3809", "CVE-2013-3818", "CVE-2013-3799", "CVE-2010-0434", "CVE-2010-0425", "CVE-2013-3783", "CVE-2013-3791", "CVE-2013-3768", "CVE-2013-3807", "CVE-2013-3823", "CVE-2013-3755", "CVE-2013-3753", "CVE-2011-0419", "CVE-2013-3786", "CVE-2008-2364", "CVE-2013-3771", "CVE-2013-3782", "CVE-2013-3760", "CVE-2012-2687", "CVE-2013-3756", "CVE-2013-3789", "CVE-2013-3767", "CVE-2013-3811", "CVE-2013-3776", "CVE-2013-3746", "CVE-2013-3777", "CVE-2013-3750", "CVE-2013-3770", "CVE-2013-3772", "CVE-2013-3757", "CVE-2013-3787", "CVE-2013-3808", "CVE-2013-1861", "CVE-2013-3813", "CVE-2013-3775", "CVE-2013-3800", "CVE-2013-3765", "CVE-2013-3784", "CVE-2013-3759", "CVE-2013-3803", "CVE-2013-2461", "CVE-2013-3806", "CVE-2013-3745", "CVE-2013-3780", "CVE-2006-5752", "CVE-2013-3794", "CVE-2013-3758", "CVE-2010-2068", "CVE-2013-3816", "CVE-2013-3763", "CVE-2013-3810", "CVE-2013-3754", "CVE-2007-3847", "CVE-2013-3748", "CVE-2013-0398", "CVE-2013-3751", "CVE-2007-6388", "CVE-2013-3752", "CVE-2013-3764", "CVE-2013-3773", "CVE-2013-3812", "CVE-2007-5000", "CVE-2013-3781", "CVE-2013-3805", "CVE-2005-3352", "CVE-2013-3795", "CVE-2013-3820", "CVE-2013-3821", "CVE-2013-3822", "CVE-2013-3761", "CVE-2013-3804", "CVE-2011-3348", "CVE-2013-3779", "CVE-2013-3825", "CVE-2013-3797", "CVE-2013-3802", "CVE-2013-3790", "CVE-2013-3796", "CVE-2013-3793", "CVE-2013-3747", "CVE-2013-3798", "CVE-2013-3801"], "description": "Quarterly CPU fixes 89 dufferent vulnerabilities.", "edition": 1, "modified": "2013-08-12T00:00:00", "published": "2013-08-12T00:00:00", "id": "SECURITYVULNS:VULN:13214", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13214", "title": "Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:27:25", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3847"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0747\n\n\nThe Apache HTTP Server is a popular and freely-available Web server.\r\n\r\nA flaw was found in the Apache HTTP Server mod_proxy module. On sites where\r\na reverse proxy is configured, a remote attacker could send a carefully\r\ncrafted request that would cause the Apache child process handling that\r\nrequest to crash. On sites where a forward proxy is configured, an attacker\r\ncould cause a similar crash if a user could be persuaded to visit a\r\nmalicious site using the proxy. This could lead to a denial of service if\r\nusing a threaded Multi-Processing Module. (CVE-2007-3847)\r\n\r\nAs well, these updated packages fix the following bugs:\r\n\r\n* the default \"/etc/logrotate.d/httpd\" script incorrectly invoked the kill\r\ncommand, instead of using the \"/sbin/service httpd restart\" command. If you\r\nconfigured the httpd PID to be in a location other than\r\n\"/var/run/httpd.pid\", the httpd logs failed to be rotated. This has been\r\nresolved in these updated packages.\r\n\r\n* Set-Cookie headers with a status code of 3xx are not forwarded to\r\nclients when the \"ProxyErrorOverride\" directive is enabled. These\r\nresponses are overridden at the proxy. Only the responses with status\r\ncodes of 4xx and 5xx are overridden in these updated packages.\r\n\r\n* mod_proxy did not correctly handle percent-encoded characters (ie %20)\r\nwhen configured as a reverse proxy.\r\n\r\n* invalid HTTP status codes could be logged if output filters returned\r\nerrors.\r\n\r\n* the \"ProxyTimeout\" directive was not inherited across virtual host\r\ndefinitions.\r\n\r\n* in some cases the Content-Length header was dropped from HEAD responses.\r\nThis resulted in certain sites not working correctly with mod_proxy, such\r\nas www.windowsupdate.com.\r\n\r\nThis update adds the following enhancements:\r\n\r\n* a new configuration option has been added, \"ServerTokens Full-Release\",\r\nwhich adds the package release to the server version string, which is\r\nreturned in the \"Server\" response header.\r\n\r\n* a new module has been added, mod_version, which allows configuration\r\nfiles to be written containing sections, which are evaluated only if the\r\nversion of httpd used matches a specified condition.\r\n\r\nUsers of httpd are advised to upgrade to these updated packages, which\r\nresolve these issues and add these enhancements.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026494.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/026495.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-suexec\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0747.html", "edition": 4, "modified": "2007-11-25T11:57:49", "published": "2007-11-25T11:09:37", "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/026494.html", "id": "CESA-2007:0747", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:26:29", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4465", "CVE-2008-0005", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0005\n\n\nThe Apache HTTP Server is a popular Web server.\r\n\r\nA flaw was found in the mod_imap module. On sites where mod_imap was\r\nenabled and an imagemap file was publicly available, a cross-site scripting\r\nattack was possible. (CVE-2007-5000)\r\n\r\nA flaw was found in the mod_autoindex module. On sites where directory\r\nlistings are used, and the \"AddDefaultCharset\" directive has been removed\r\nfrom the configuration, a cross-site scripting attack was possible against\r\nWeb browsers which did not correctly derive the response character set\r\nfollowing the rules in RFC 2616. (CVE-2007-4465)\r\n\r\nA flaw was found in the mod_proxy module. On sites where a reverse proxy is\r\nconfigured, a remote attacker could send a carefully crafted request that\r\nwould cause the Apache child process handling that request to crash. On\r\nsites where a forward proxy is configured, an attacker could cause a\r\nsimilar crash if a user could be persuaded to visit a malicious site using\r\nthe proxy. This could lead to a denial of service if using a threaded\r\nMulti-Processing Module. (CVE-2007-3847) \r\n\r\nA flaw was found in the mod_status module. On sites where mod_status was\r\nenabled and the status pages were publicly available, a cross-site\r\nscripting attack was possible. (CVE-2007-6388)\r\n\r\nA flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp\r\nwas enabled and a forward proxy was configured, a cross-site scripting\r\nattack was possible against Web browsers which did not correctly derive the\r\nresponse character set following the rules in RFC 2616. (CVE-2008-0005)\r\n\r\nUsers of Apache httpd should upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues. Users should restart\r\nhttpd after installing this update.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026643.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026644.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026647.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026650.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0005.html", "edition": 4, "modified": "2008-01-16T05:02:46", "published": "2008-01-15T12:48:29", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/026643.html", "id": "CESA-2008:0005", "title": "httpd, mod_ssl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-3847"], "description": "## Solution Description\nUpgrade to version 2.0.61, 2.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific News/Changelog Entry: http://httpd.apache.org/security/vulnerabilities_20.html\nVendor Specific News/Changelog Entry: http://httpd.apache.org/security/vulnerabilities_22.html\nSecurity Tracker: 1018633\n[Secunia Advisory ID:26952](https://secuniaresearch.flexerasoftware.com/advisories/26952/)\n[Secunia Advisory ID:28467](https://secuniaresearch.flexerasoftware.com/advisories/28467/)\n[Secunia Advisory ID:26636](https://secuniaresearch.flexerasoftware.com/advisories/26636/)\n[Secunia Advisory ID:26790](https://secuniaresearch.flexerasoftware.com/advisories/26790/)\n[Secunia Advisory ID:27209](https://secuniaresearch.flexerasoftware.com/advisories/27209/)\n[Secunia Advisory ID:26842](https://secuniaresearch.flexerasoftware.com/advisories/26842/)\n[Secunia Advisory ID:27882](https://secuniaresearch.flexerasoftware.com/advisories/27882/)\n[Secunia Advisory ID:26722](https://secuniaresearch.flexerasoftware.com/advisories/26722/)\n[Secunia Advisory ID:27593](https://secuniaresearch.flexerasoftware.com/advisories/27593/)\n[Secunia Advisory ID:27563](https://secuniaresearch.flexerasoftware.com/advisories/27563/)\n[Secunia Advisory ID:27732](https://secuniaresearch.flexerasoftware.com/advisories/27732/)\n[Secunia Advisory ID:27971](https://secuniaresearch.flexerasoftware.com/advisories/27971/)\nRedHat RHSA: RHSA-2007:0746\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-September/000241.html\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html\nOther Advisory URL: HPSBUX02273 SSRT071476:\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html\nOther Advisory URL: http://httpd.apache.org/security/vulnerabilities_20.html\nOther Advisory URL: http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:235\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-500.htm\nOther Advisory URL: http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200711-06.xml\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-11/msg00002.html\nMail List Post: http://marc.info/?l=apache-cvs&m=118592992309395&w=2\nMail List Post: http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2\nMail List Post: http://marc.info/?l=apache-httpd-dev&m=118595953217856&w=2\nFrSIRT Advisory: ADV-2007-3494\nFrSIRT Advisory: ADV-2007-3095\nFrSIRT Advisory: ADV-2007-3283\nFrSIRT Advisory: ADV-2007-3020\n[CVE-2007-3847](https://vulners.com/cve/CVE-2007-3847)\nBugtraq ID: 25489\n", "edition": 1, "modified": "2007-08-01T11:21:21", "published": "2007-08-01T11:21:21", "href": "https://vulners.com/osvdb/OSVDB:37051", "id": "OSVDB:37051", "title": "Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3847", "CVE-2007-4465"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "modified": "2007-09-24T20:29:48", "published": "2007-09-24T20:29:48", "id": "FEDORA:L8OKTM4T022913", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: httpd-2.2.6-1.fc6", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5752", "CVE-2007-1862", "CVE-2007-1863", "CVE-2007-3304", "CVE-2007-3847", "CVE-2007-4465"], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. ", "modified": "2007-09-19T02:53:28", "published": "2007-09-19T02:53:28", "id": "FEDORA:L8J2ROS5020550", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: httpd-2.2.6-1.fc7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:16", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3847", "CVE-2007-5000", "CVE-2007-6388"], "description": "New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1,\n10.0, 10.1, 10.2, and 11.0 to fix security issues.\n\nA new matching mod_ssl package is also provided.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n\n\nHere are the details from the Slackware 11.0 ChangeLog:\n\npatches/packages/apache-1.3.41-i486-1_slack11.0.tgz:\n Upgraded to apache-1.3.41, the last regular release of the\n Apache 1.3.x series, and a security bugfix-only release.\n For more information about the security issues fixed, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n (* Security fix *)\npatches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz:\n Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.41-i386-1_slack8.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.31_1.3.41-i386-1_slack8.1.tgz\n\nUpdated packages for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.41-i386-1_slack9.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.31_1.3.41-i386-1_slack9.0.tgz\n\nUpdated packages for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.41-i486-1_slack9.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack9.1.tgz\n\nUpdated packages for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/apache-1.3.41-i486-1_slack10.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.0.tgz\n\nUpdated packages for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/apache-1.3.41-i486-1_slack10.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.1.tgz\n\nUpdated packages for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/apache-1.3.41-i486-1_slack10.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.2.tgz\n\nUpdated packages for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apache-1.3.41-i486-1_slack11.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 packages:\n6cc8d3c128d52a3d27ca37b7456ff1fe apache-1.3.41-i386-1_slack8.1.tgz\n9ae1dcb8bb7b9bc88fde88d16212e734 mod_ssl-2.8.31_1.3.41-i386-1_slack8.1.tgz\n\nSlackware 9.0 packages:\nc26a86befaa00c1111b49c22d9e85cd8 apache-1.3.41-i386-1_slack9.0.tgz\n774d1613a29bba8b96c0b446d63ddc39 mod_ssl-2.8.31_1.3.41-i386-1_slack9.0.tgz\n\nSlackware 9.1 packages:\n5f80ea085bbca07a22b1110e7e292d8a apache-1.3.41-i486-1_slack9.1.tgz\n7f4979e63af16c53557700f4df7b86d1 mod_ssl-2.8.31_1.3.41-i486-1_slack9.1.tgz\n\nSlackware 10.0 packages:\n5147add3bc234f7615db078ce2a8cab1 apache-1.3.41-i486-1_slack10.0.tgz\n329cc9a783d7dd7d31bdec5f4c8a4a23 mod_ssl-2.8.31_1.3.41-i486-1_slack10.0.tgz\n\nSlackware 10.1 packages:\n4ee6b38b92e8c8ccf6b31f7361d78b71 apache-1.3.41-i486-1_slack10.1.tgz\na3f9efb14872870944e641376adadbff mod_ssl-2.8.31_1.3.41-i486-1_slack10.1.tgz\n\nSlackware 10.2 packages:\n4c797d094998917086c3b5930e5a5c02 apache-1.3.41-i486-1_slack10.2.tgz\n283b72160550a9fc3edd628f4efa460f mod_ssl-2.8.31_1.3.41-i486-1_slack10.2.tgz\n\nSlackware 11.0 packages:\n7698a1518b7d0d423c807e76e2714e87 apache-1.3.41-i486-1_slack11.0.tgz\n3a18465e0e2bc2dfe1d1be2c94c38a90 mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz\n\n\nInstallation instructions:\n\nFirst, stop apache:\n\n > apachectl stop\n\nThen, upgrade the packages:\n\n > upgradepkg apache-1.3.41-i486-1_slack11.0.tgz mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz\n\nFinally, restart apache:\n\n > apachectl start\n\nOr, if you use mod_ssl:\n\n > apachectl startssl", "modified": "2008-02-15T01:23:13", "published": "2008-02-15T01:23:13", "id": "SSA-2008-045-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748", "type": "slackware", "title": "[slackware-security] apache", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:56", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4465", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000"], "description": " [2.0.46-70.ent.0.1]\n - use oracle index page oracle_index.html and logo removal\n - add apr-configure.patch\n \n [2.0.46-70.ent]\n - add security fix for CVE-2007-6388 (#427235)\n - add security fix for mod_proxy_ftp UTF-7 XSS (#427742)\n \n [2.0.46-69.ent]\n - add security fix for CVE-2007-3847 (#250759)\n - add security fixes for CVE-2007-4465, CVE-2007-5000 (#421601) ", "edition": 4, "modified": "2008-01-15T00:00:00", "published": "2008-01-15T00:00:00", "id": "ELSA-2008-0005", "href": "http://linux.oracle.com/errata/ELSA-2008-0005.html", "title": "Moderate: httpd security update ", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:26", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3304", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-1863"], "description": "[2.2.3-11.el5.0.1]\n- use oracle index page oracle_index.html, update vstring and distro\n[2.2.3-11.el5]\n- mark httpd.conf config(noreplace) (#247881)\n[2.2.3-10.el5]\n- add security fix for CVE-2007-3847 (#250761)\n[2.2.3-9.el5]\n- load mod_version by default (#247881)\n[2.2.3-8.el5]\n- add 'ServerTokens Full-Release' config option (#240857)\n- use init script in logrotate postrotate (#241680)\n- fix mod_proxy option inheritance (#245719)\n- fix ProxyErrorOverride to only affect 4xx, 5xx responses (#240024)\n- bump logresolve line buffer length to 10K (#245763)\n- add security fixes for CVE-2007-1863, CVE-2007-3304,\n and CVE-2006-5752 (#244666)", "edition": 4, "modified": "2007-11-19T00:00:00", "published": "2007-11-19T00:00:00", "id": "ELSA-2007-0746", "href": "http://linux.oracle.com/errata/ELSA-2007-0746.html", "title": "httpd security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3304", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-1863"], "description": "[2.0.52-38.ent.0.1]\n- use oracle index page oracle_index.html\n- updated string and distro in specfile\n[2.0.52-38.ent]\n- fix server version string (#236419)\n[2.0.52-37.ent]\n- add security fix for CVE-2007-3847 (#250760)\n[2.0.52-36.ent]\n- add mod_version, load in default httpd.conf (#248696)\n[2.0.52-35.ent]\n- add 'ServerTokens Full-Release' config option (#236419)\n- add security fix for CVE-2007-3304 (#246182)\n- add security fixes for CVE-2007-1863 and CVE-2006-5752 (#244664)\n[2.0.52-34.ent]\n- use init script in logrotate postrotate (#241407)\n- mod_proxy: fix handling of percent chars (#233254)\n- fix {default,cgi}_handler returning bogus errors (#197915)\n- fix unnecessary loss of C-L in HEAD responses (#173467)\n[2.0.52-33.ent]\n- fix ProxyErrorOverride to only affect 4xx, 5xx responses (#240022)\n- fix mod_proxy option inheritance (#242920)", "edition": 4, "modified": "2007-11-27T00:00:00", "published": "2007-11-27T00:00:00", "id": "ELSA-2007-0747", "href": "http://linux.oracle.com/errata/ELSA-2007-0747.html", "title": "httpd security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:33", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3304", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-1863"], "description": "\nApache HTTP server project reports:\n\nThe following potential security flaws are addressed:\n\nCVE-2007-3847: mod_proxy: Prevent reading past the end of a\n\t buffer when parsing date-related headers.\nCVE-2007-1863: mod_cache: Prevent a segmentation fault if\n\t attributes are listed in a Cache-Control header without any\n\t value.\nCVE-2007-3304: prefork, worker, event MPMs: Ensure that the\n\t parent process cannot be forced to kill processes outside its\n\t process group.\nCVE-2006-5752: mod_status: Fix a possible XSS attack against\n\t a site with a public server-status page and ExtendedStatus\n\t enabled, for browsers which perform charset \"detection\".\n\t Reported by Stefan Esser.\nCVE-2006-1862: mod_mem_cache: Copy headers into longer lived\n\t storage; header names and values could previously point to\n\t cleaned up storage.\n\n\n", "edition": 4, "modified": "2007-09-07T00:00:00", "published": "2007-09-07T00:00:00", "id": "C115271D-602B-11DC-898C-001921AB2FA4", "href": "https://vuxml.freebsd.org/freebsd/c115271d-602b-11dc-898c-001921ab2fa4.html", "title": "apache -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:46:33", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4465", "CVE-2007-3304", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-1863"], "description": "Several bugs were fixed in the Apache2 web server.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2007-11-19T15:20:20", "published": "2007-11-19T15:20:20", "id": "SUSE-SA:2007:061", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-11/msg00002.html", "title": "remote denial of service in apache2", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4465", "CVE-2007-3304", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-1862", "CVE-2007-1863"], "description": "### Background\n\nThe Apache HTTP server is one of the most popular web servers on the Internet. \n\n### Description\n\nMultiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847). \n\n### Impact\n\nA remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Apache users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/apache-2.0.59-r5\"", "edition": 1, "modified": "2007-11-07T00:00:00", "published": "2007-11-07T00:00:00", "id": "GLSA-200711-06", "href": "https://security.gentoo.org/glsa/200711-06", "type": "gentoo", "title": "Apache: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:31:57", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3918", "CVE-2007-4465", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "description": "It was discovered that Apache did not sanitize the Expect header from \nan HTTP request when it is reflected back in an error message, which \ncould result in browsers becoming vulnerable to cross-site scripting \nattacks when processing the output. With cross-site scripting \nvulnerabilities, if a user were tricked into viewing server output \nduring a crafted server request, a remote attacker could exploit this \nto modify the contents, or steal confidential data (such as passwords), \nwithin the same domain. This was only vulnerable in Ubuntu 6.06. \n(CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a \nthreaded MPM, Apache did not properly sanitize its input. A remote \nattacker could send Apache crafted date headers and cause a denial of \nservice via application crash. By default, mod_proxy is disabled in \nUbuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set, \nwhich could result in browsers becoming vulnerable to cross-site \nscripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a \ncharacter set, which could result in browsers becoming vulnerable \nto cross-site scripting attacks when processing the output. By \ndefault, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available, \nallowed for cross-site scripting attacks. By default, mod_status is \ndisabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input, \nwhich could result in browsers becoming vulnerable to cross-site \nscripting attacks when processing the output. By default, \nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable \nin Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to \ndereference a NULL pointer. A remote attacker could send a crafted \nrequest and cause a denial of service via application crash. By \ndefault, mod_proxy_balancer is disabled in Ubuntu. This was only \nvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set, \nwhich could result in browsers becoming vulnerable to cross-site \nscripting attacks when processing the output. By default, \nmod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)", "edition": 5, "modified": "2008-02-04T00:00:00", "published": "2008-02-04T00:00:00", "id": "USN-575-1", "href": "https://ubuntu.com/security/notices/USN-575-1", "title": "Apache vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "vmware": [{"lastseen": "2019-11-06T16:05:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0040", "CVE-2008-0005", "CVE-2007-3304", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-1863"], "description": "a. Third Party Library libpng Updated to 1.2.35 \n \nSeveral flaws were discovered in the way third party library libpng \nhandled uninitialized pointers. An attacker could create a PNG image \nfile in such a way, that when loaded by an application linked to \nlibpng, it could cause the application to crash or execute arbitrary \ncode at the privilege level of the user that runs the application. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CVE-2009-0040 to this issue. \nThe following table lists what action remediates the vulnerability \n(column 4) if a solution is available. \n\n", "edition": 4, "modified": "2010-11-08T00:00:00", "published": "2009-08-20T00:00:00", "id": "VMSA-2009-0010", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0010.html", "title": "VMware Hosted products update libpng and Apache HTTP Server", "type": "vmware", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2019-05-29T18:20:57", "bulletinFamily": "software", "cvelist": ["CVE-2013-3769", "CVE-2013-1571", "CVE-2013-3824", "CVE-2013-3774", "CVE-2013-3749", "CVE-2013-2407", "CVE-2013-3819", "CVE-2013-3778", "CVE-2013-3788", "CVE-2013-3809", "CVE-2013-3818", "CVE-2013-3799", "CVE-2010-0434", "CVE-2010-0425", "CVE-2013-3783", "CVE-2013-3791", "CVE-2013-3768", "CVE-2013-3807", "CVE-2013-3823", "CVE-2013-3755", "CVE-2013-3753", "CVE-2011-0419", "CVE-2013-3786", "CVE-2008-2364", "CVE-2013-2451", "CVE-2013-3771", "CVE-2013-3782", "CVE-2013-3760", "CVE-2012-2687", "CVE-2013-3756", "CVE-2013-3789", "CVE-2013-3767", "CVE-2013-3811", "CVE-2013-3776", "CVE-2013-3746", "CVE-2013-3777", "CVE-2013-3750", "CVE-2013-3770", "CVE-2013-3772", "CVE-2013-3757", "CVE-2013-3787", "CVE-2013-3808", "CVE-2013-1861", "CVE-2013-3813", "CVE-2013-3775", "CVE-2013-3800", "CVE-2013-3765", "CVE-2013-3784", "CVE-2013-3759", "CVE-2013-3803", "CVE-2013-2461", "CVE-2013-3806", "CVE-2013-3745", "CVE-2013-3780", "CVE-2006-5752", "CVE-2013-3794", "CVE-2013-3758", "CVE-2010-2068", "CVE-2013-3816", "CVE-2013-3763", "CVE-2013-3810", "CVE-2013-3754", "CVE-2007-3847", "CVE-2013-3748", "CVE-2013-0398", "CVE-2013-3751", "CVE-2007-6388", "CVE-2013-3752", "CVE-2013-3764", "CVE-2013-3773", "CVE-2013-3812", "CVE-2007-5000", "CVE-2013-3781", "CVE-2013-3805", "CVE-2005-3352", "CVE-2013-3795", "CVE-2013-3820", "CVE-2013-2457", "CVE-2013-3821", "CVE-2013-3822", "CVE-2013-3761", "CVE-2013-3804", "CVE-2011-3348", "CVE-2013-3779", "CVE-2013-3825", "CVE-2013-3797", "CVE-2013-3802", "CVE-2013-3790", "CVE-2013-3796", "CVE-2013-3793", "CVE-2013-3747", "CVE-2013-3798", "CVE-2013-3801"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 89 new security fixes across the product families listed below.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "modified": "2013-09-11T00:00:00", "published": "2013-07-16T00:00:00", "id": "ORACLE:CPUJULY2013-1899826", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2013", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}